Posts

Security Software & Tools Tips – September 2019

In this monthly post, we try to make you aware of five different security-related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
* CipherCloud
* CodeDiaper
* N-Stalker
* Passhunt
* SonarTS

CipherCloud

Information from the CipherCloud website:

The CipherCloud CASB+ platform provides deep visibility, end-to-end data protection, advanced threat protection, and comprehensive compliance capabilities for enterprise embracing cloud-based applications.

Website:

https://www.ciphercloud.com/ciphercloud-overview/

CodeDiaper

Information from the CodeDiaper website:

You can search for a specific string from all the source code on GitHub and check if it has been posted illegally.

Website:

https://github.com/future-architect/code-diaper

N-Stalker

Information from the N-Stalker website:

N-Stalker Web Application Security Scanner X Free Edition provides a restricted set of free Web Security Assessment checks to enhance the overall security of your web server infrastructure, using the most complete web attack signature database available in the market – “N-Stealth Web Attack Signature Database”.

Website:

https://www.nstalker.com/products/editions/free/

Passhunt

Information from the Passhunt website:

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

Website:

https://github.com/Viralmaniar/Passhunt

SonarTS

Information from the SonarTS website:

Static code analyzer for TypeScript detecting bugs and suspicious patterns in your code.

Website:

https://github.com/SonarSource/SonarTS

Image by Pete Linforth from Pixabay

Security Software & Tools Tips – August 2019

In this monthly post, we try to make you aware of five different security-related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
* Vuls
* Dirhunt
* InsightIDR
* SubDomainizer
* Atomic Red Team

Vuls

Information from the Vuls website:

Vuls is open-source, agent-less vulnerability scanner for Linux, FreeBSD, Container Image, Running Container, WordPress, Programming language libraries and Network devices based on information from NVD, OVAL, etc.

Website:

https://vuls.io/

Dirhunt

Information from the Dirhunt website:

Dirhunt is a web crawler optimize for search and analyze directories. This tool can find interesting things if the server has the “index of” mode enabled. Dirhunt is also useful if the directory listing is not enabled. It detects directories with false 404 errors, directories where an empty index file has been created to hide things and much more.

Website:

https://github.com/Nekmo/dirhunt

InsightIDR

Information from the InsightIDR website:

Rapid7 InsightIDR is an intruder analytics solution that gives you the confidence to detect and investigate security incidents faster, a Cloud SIEM for your modern network.

Website:

https://www.rapid7.com/products/insightidr/

SubDomainizer

Information from the SubDomainizer website:

SubDomainizer is a tool designed to find hidden subdomains and secrets present is either webpage, Github, and external javascripts present in the given URL. This tool also finds S3 buckets, cloudfront URL’s and more from those JS files which could be interesting like S3 bucket is open to read/write, or subdomain takeover and similar case for cloudfront. It also scans inside given folder which contains your files.

Website:

https://github.com/nsonaniya2010/SubDomainizer

Atomic Red Team

Information from the Atomic Red Team website:

Atomic Red Team is a library of simple tests that every security team can execute to test their defenses. Tests are focused, have few dependencies, and are defined in a structured format that can be used by automation frameworks.

Website:

https://atomicredteam.io/

Image by vishnu vijayan from Pixabay

Security Software & Tools Tips – July 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
* anevicon
* OpenVPN
* HoneyPy
* sqreen
* Dshell

anevicon

Information from the anevicon website:

A high-performant traffic generator, designed to be as convenient and reliable as it is possible. It sends numerous UDP packets to a server, thereby simulating an activity that can be produced by your end users or a group of hackers.

Website:

https://github.com/Gymmasssorla/anevicon

OpenVPN

Information from the OpenVPN website:

OpenVPN provides flexible VPN solutions to secure your data communications, whether it’s for Internet privacy, remote access for employees, securing IoT, or for networking Cloud data centers.

Website:

https://openvpn.net

HoneyPy

Information from the HoneyPy website:

A low interaction honeypot with the capability to be more of a medium interaction honeypot.

Website:

https://github.com/foospidy/HoneyPy

sqreen

Information from the sqreen website:

Unified security monitoring and protection for modern cloud environments. Easily enable protections tailored to your stack, get unprecedented visibility into your security and scale it in production.

Website:

https://www.sqreen.com

Dshell

Information from the Dshell website:

An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures.

Website:

https://github.com/USArmyResearchLab/Dshell

Photo by Markus Spiske on Unsplash

Security Software & Tools Tips – June 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
* Attack Surface Analyzer
* Bandit
* Infection Monkey
* NetSpot
* Splunk

Attack Surface Analyzer

Information from the Attack Surface Analyzer website:

Attack Surface Analyzer is a Microsoft-developed open source security tool that analyzes the attack surface of a target system and reports on potential security vulnerabilities introduced during the installation of software or system misconfiguration.

Website:

https://github.com/microsoft/AttackSurfaceAnalyzer

Bandit

Information from the Bandit website:

Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report.

Website:

https://github.com/PyCQA/bandit

Infection Monkey

Information from the Infection Monkey website:

The Infection Monkey is an open source Breach and Attack Simulation (BAS) tool that assesses the resiliency of private and public cloud environments to post-breach attacks and lateral movement.

Website:

https://www.guardicore.com/infectionmonkey/

NetSpot

Information from the NetSpot website:

Use NetSpot to visualize, manage, troubleshoot, audit, plan, and deploy your wireless networks.

Website:

https://www.netspotapp.com/

Splunk

Information from the Splunk website:

Splunk turns machine data into answers with the leading platform to tackle the toughest IT, IoT and security challenges. Use Splunk to search, monitor, analyze and visualize machine data.

Website:

https://www.splunk.com/

Image by Pete Linforth from Pixabay

Security Software & Tools Tips – May 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
*
angr
* Brakeman
* Moloch
* OSXCollector
* Zeek

angr

Information from the angr website:

angr is a python framework for analyzing binaries. It combines both static and dynamic symbolic (“concolic”) analysis, making it applicable to a variety of tasks.

Website:

https://angr.io/

Brakeman

Information from the Brakeman website:

Brakeman is a security scanner for Ruby on Rails applications. Unlike many web security scanners, Brakeman looks at the source code of your application. This means you do not need to set up your whole application stack to use it. Once Brakeman scans the application code, it produces a report of all security issues it has found.

Website:

https://brakemanscanner.org/

Moloch

Information from the Moloch website:

Moloch augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP browsing, searching, and exporting. Moloch exposes APIs which allow for PCAP data and JSON formatted session data to be downloaded and consumed directly. Moloch stores and exports all packets in standard PCAP format, allowing you to also use your favorite PCAP ingesting tools, such as wireshark, during your analysis workflow.

Website:

https://molo.ch/

OSXCollector

Information from the OSXCollector website:

OSXCollector is a forensic evidence collection & analysis toolkit for OSX.

Website:

https://yelp.github.io/osxcollector/

Zeek

Information from the Zeek website:

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally by both major companies and numerous many educational and scientific institutions for securing their cyberinfrastructure.

Website:

https://www.zeek.org/

Image by methodshop from Pixabay

Security Software & Tools Tips – April 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
*
Ghidra
* Angry IP Scanner
* Maltego
* Detectify
* Autopsy

Ghidra

Information from the Ghidra website:

Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux.

Website:

https://github.com/NationalSecurityAgency/ghidra

Angry IP Scanner

Information from the Angry IP Scanner website:

Angry IP Scanner (or simply ipscan) is an open-source and cross-platform network scanner designed to be fast and simple to use. It scans IP addresses and ports as well as has many other features.

Website:

https://angryip.org/

Maltego

Information from the Maltego website:

Maltego is an interactive data mining tool that renders directed graphs for link analysis. The tool is used in online investigations for finding relationships between pieces of information from various sources located on the Internet.

Website:

https://www.paterva.com/web7/buy/maltego-clients/maltego-ce.php

Detectify

Information from the Detectify website:

Detectify performs automated security tests on your web application and databases and scans your assets for vulnerabilities including OWASP Top 10, CORS, Amazon S3 Bucket and DNS misconfiguration.

Website:

https://detectify.com

Autopsy

Information from the Autopsy website:

Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera’s memory card.

Website:

https://www.sleuthkit.org/autopsy/

Photo by chris panas on Unsplash

Security Software & Tools Tips – March 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
*
Venom
* Nishang
* Kautilya
* Burp Suite
* MISP

Venom

Information from the Venom website:

Venom is a multi-hop proxy tool developed for penetration testers using Go. You can use venom to easily proxy network traffic to a multi-layer intranet, and easily manage intranet nodes.

Website:

https://github.com/Dliv3/Venom

Nishang

Information from the Nishang website:

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing,

Website:

https://github.com/samratashok/nishang

Kautilya

Information from the Kautilya website:

Kautilya is a toolkit which provides various payloads for a Human Interface Device which may help in breaking in a computer during penetration tests.

Website:

https://github.com/samratashok/Kautilya

Burp Suite

Information from the Burp Suite website:

Burp Suite is the leading software for web security testing_
Thousands of organizations use Burp Suite to find security exposures before it’s too late. By using cutting-edge scanning technology, you can identify the very latest vulnerabilities. Our researchers frequently uncover brand new vulnerability classes that Burp is the first to report. Burp Suite constantly raises the bar of what security testing is able to achieve.

Website:

https://portswigger.net/

MISP

Information from the MISP website:

MISP – Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing.

Website:

https://www.misp-project.org/

Photo by Jordan Harrison on Unsplash

Security Software & Tools Tips – February 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth.

This month we have chosen for the following:
* IBM QRadar
* Snyk
* Haven
* HashiCorp Vault
* Nikto

IBM QRadar

Information from the IBM Qradar website:

QRadar Community Edition is a free version of QRadar that is based off of our core enterprise SIEM. Users, students, security professionals, and app developers are encouraged to download QRadar Community Edition to learn and become familiar with QRadar.

Website:

https://developer.ibm.com/qradar/ce/

Snyk

Information from the Snyk website:

A developer-first solution that automates finding & fixing vulnerabilities in your dependencies.

Website:

https://snyk.io/

Haven

Information from the Haven website:

Haven is for people who need a way to protect their personal spaces and possessions without compromising their own privacy. It is an Android application that leverages on-device sensors to provide monitoring and protection of physical spaces. Haven turns any Android phone into a motion, sound, vibration and light detector, watching for unexpected guests and unwanted intruders. We designed Haven for investigative journalists, human rights defenders, and people at risk of forced disappearance to create a new kind of herd immunity. By combining the array of sensors found in any smartphone, with the world’s most secure communications technologies, like Signal and Tor, Haven prevents the worst kind of people from silencing citizens without getting caught in the act.

Website:

https://guardianproject.github.io/haven/

HashiCorp Vault

Information from the HasiCorp Vault website:

Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.

Website:

https://www.vaultproject.io/

Nikto

Information from the Nikto website:

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

Website:

https://cirt.net/Nikto2

Photo by MILKOVÍ on Unsplash

Security Software & Tools Tips – January 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth.

This month we have chosen for the following:
* Elastic Stack
* Security Onion
* Wireshark
* Cuckoo
* BeEF

Elastic Stack

Information from the Elastic Stack website:

Threats don’t follow templates. Neither should you. The Elastic Stack gives you the edge you need to keep pace with the attack vectors of today and tomorrow.

Website:

https://www.elastic.co/

Security Onion

Information from the Security Onion website:

Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, Wazuh, Sguil, Squert, CyberChef, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!.

Website:

https://securityonion.net/

Wireshark

Information from the Wireshark website:

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.

Website:

https://www.wireshark.org/

Cuckoo

Information from the Cuckoo website:

Cuckoo Sandbox is the leading open source automated malware analysis system. What does that mean? It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment.

Website:

https://cuckoosandbox.org/

BeEF

Information from the BeEF website:

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

Website:

https://beefproject.com/

Photo by Markus Spiske on Unsplash

Security Software & Tools Tips – December 2018

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaothroducts.

This month we have choosen for the following:
* ModSecurity
* Snort
* OSSIM
* Nmap
* Osquery

ModSecurity


ModSecurity is a WAF module that can be used for various webservers such as Nginx, Apache and IIS.

Information from the ModSecurity website:

ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the “Swiss Army Knife” of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections.

Website:

https://www.modsecurity.org/

Snort

Information from the Snort website:

Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

Website:

https://www.snort.org/

OSSIM

Information from the OSSIM website:

AlienVault® OSSIM™, Open Source Security Information and Event Management (SIEM), provides you with a feature-rich open source SIEM complete with event collection, normalization, and correlation. Launched by security engineers because of the lack of available open source products, AlienVault OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.

Website:

https://www.alienvault.com/products/ossim

Nmap

Information from the Nmap website:

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).

Website:

https://nmap.org/

Osquery

Information from the Osquery website:

osquery exposes an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.

Website:

https://osquery.io/

Photo by Collin Armstrong on Unsplash