Minion is a security testing framework built by Mozilla to bridge the gap between developers and security testers. To do so, it enables developers to scan with a wide variety of security tools, using a simple HTML-based interface.
It consists of three umbrella projects:
- Minion Frontend, a Python, angular.js, and Bootstrap-based website that provides a HTML interface to authenticate and authorize users, manage sites, initiate scans, and report issues
- Minion Backend, a Python, Flask, and Twisted-based backend that provides an API for the Minion Frontend, and acts as a middleman between the frontend and external security tools
- Minion VM, a repository of recipes to allow quick installations of Minion either via Vagrant or Docker
Minion has limited scanning functionality built into itself. Instead, it relies on the large variety of pre-existing open source and commercial scanning tools. These plugins include:
- Minion ZAP, which utilizes the OWASP Zed Attack Proxy
- Minion Nmap, utilizing the Nmap network scanner
- Minion Skipfish, utilizing the Skipfish reconnaissance tool
- Minion SSLyze, utilizing the SSLyze TLS scanner
- Minion SSL, which uses the sslscan TLS scanner
You can download Minion here:
Or read more here.
HexorBase is a database application designed to administer and to audit multiple database servers simultaneously from a centralised location, it is capable of performing SQL queries and brute-force attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL).
It allows packet routing through proxies or even Metasploit pivoting antics to communicate with remotely inaccessible servers which are hidden within local subnets.
You can download HexorBase here:
Or read more here.
The latest news out of my homeland is not good, the UK encryption backdoor law passed via Investigatory Powers Act or the IPA Bill as it’s commonly known. And itself was passed through a kind of backdoor route, which avoided the scorn of the public.
Which was good for the lawmakers, but not for the citizens as with the case of the Burr-Feinstein Bill proposed in the US which was turned around by a huge backlash.
Among the many unpleasant things in the Investigatory Powers Act that was officially signed into law this week, one that has not gained as much attention is the apparent ability for the UK government to undermine encryption and demand surveillance backdoors.
As the bill was passing through Parliament, several organizations noted their alarm at section 217 which obliged ISPs, telcos and other communications providers to let the government know in advance of any new products and services being deployed and allow the government to demand “technical” changes to software and systems.
As per the final wording of the law, comms providers on the receiving end of a “technical capacity notice” will be obliged to do various things on demand for government snoops – such as disclosing details of any system upgrades and removing “electronic protection” on encrypted communications.
There is no point at which forcing companies or service providers to develop or utilise less secure products is a good idea. That’s the problem when policy makers have no real depth in their understanding of the subject and how dangerous the decisions they are making really are.
So now browsing logs are available to the UK government and any form of encryption will be backdoored to allow the government to decrypt it if they feel like it. Great.
Thus, by “technical capability,” the government really means backdoors and deliberate security weaknesses so citizens’ encrypted online activities can be intercepted, deciphered and monitored.
In effect, the UK government has written into law a version of the much-derided Burr-Feinstein Bill proposed in the US, which would have undermined encryption in America. A backlash derailed that draft law.
No such backlash happened in the UK over the Investigatory Powers Bill, though, and so here we are. Web browser histories logged by ISPs 24/7, and the looming possibility of crippled cryptography. There may be not much point using a VPN to conceal your web activities if it can be blown open by a technical capability notice.
To be fair, there were some fears that Blighty’s law would effectively kill off the UK software industry as well as undermine Brits’ privacy, and expose them to surveillance and hacking by criminals exploiting these mandatory backdoors. This mild panic did bring about some changes to the UK’s Investigatory Powers Bill before it was passed.
Next UK will finally be introducing a mandatory ID system scheme, seen as though soon enough everyone will be linked to every transaction they conduct online, on their smart phone or on their TV.
It’s really turning into a draconian state.
Source: The Register
The name was chosen because simply speaking, it Pulls the rules. Using a regular crontab you can keep your Snort or Suricata rules up to date automatically.
Features and Capabilities
Pulledpork 0.7.2 has been tested and works with Snort 22.214.171.124/Suricata 3.1.3 and the Snort Registered rules/ETOpen/ETPro rulesets.
- Automated downloading, parsing, state modification and rule modification for all of your snort rulesets.
- Checksum verification for all major rule downloads
- Automatic generation of updated sid-msg.map file
- Capability to include your local.rules in sid-msg.map file
- Capability to pull rules tarballs from custom urls
- Complete Shared Object support
- Complete IP Reputation List support
- Capability to download multiple disparate rulesets at once
- Maintains accurate changelog
- Capability to HUP processes after rules download and process
- Aids in tuning of rulesets
- Verbose output so that you know EXACTLY what is happening
- Minimal Perl Module dependencies
- Support for Suricata, and ETOpen/ETPro rulesets
Usage: ./pulledpork.pl [-dEgHklnRTPVvv? -help] -c <config filename> -o <rule output path>
-O <oinkcode> -s <so_rule output directory> -D <Distro> -S <SnortVer>
-p <path to your snort binary> -C <path to your snort.conf> -t <sostub output path>
-h <changelog path> -I (security|connectivity|balanced) -i <path to disablesid.conf>
-b <path to dropsid.conf> -e <path to enablesid.conf> -M <path to modifysid.conf>
-r <path to docs folder> -K <directory for separate rules files>
-help/? Print this help info.
-b Where the dropsid config file lives.
-C Path to your snort.conf
-c Where the pulledpork config file lives.
-d Do not verify signature of rules tarball, i.e. downloading fron non VRT or ET locations.
-D What Distro are you running on, for the so_rules
Valid Distro Types:
Debian-6-0, Ubuntu-10-4, Ubuntu-12-04, Centos-5-4
FC-12, FC-14, RHEL-5-5, RHEL-6-0
FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0, OpenBSD-5-2, OpenBSD-5-3
OpenSUSE-11-4, OpenSUSE-12-1, Slackware-13-1
-e Where the enablesid config file lives.
-E Write ONLY the enabled rules to the output files.
-g grabonly (download tarball rule file(s) and do NOT process)
-h path to the sid_changelog if you want to keep one?
-H Send a SIGHUP to the pids listed in the config file
-I Specify a base ruleset( -I security,connectivity,or balanced, see README.RULESET)
-i Where the disablesid config file lives.
-k Keep the rules in separate files (using same file names as found when reading)
-K Where (what directory) do you want me to put the separate rules files?
-l Log Important Info to Syslog (Errors, Successful run etc, all items logged as WARN or higher)
-L Where do you want me to read your local.rules for inclusion in sid-msg.map
-m where do you want me to put the sid-msg.map file?
-M where the modifysid config file lives.
-n Do everything other than download of new files (disablesid, etc)
-o Where do you want me to put generic rules file?
-p Path to your Snort binary
-P Process rules even if no new rules were downloaded
-R When processing enablesid, return the rules to their ORIGINAL state
-r Where do you want me to put the reference docs (xxxx.txt)
-S What version of snort are you using
-s Where do you want me to put the so_rules?
-T Process text based rules files only, i.e. DO NOT process so_rules
-u Where do you want me to pull the rules tarball from
** E.g., ET, Snort.org. See pulledpork config rule_url option for value ideas
-V Print Version and exit
-v Verbose mode, you know.. for troubleshooting and such nonsense.
-vv EXTRA Verbose mode, you know.. for in-depth troubleshooting and other such nonsense.
-w Skip the SSL verification (if there are issues pulling down rule files)
-W Where you want to work around the issue where some implementations of LWP do not work with pulledpork's proxy configuration.
You can download Pulled Pork here:
Or read more here.
Acunetix Web Vulnerability Scanner v11 has just been released with lots of exciting new features and tools. The biggest change is that v11 is now integrated with Vulnerability Management features to enable your organization to comprehensively manage, prioritise and control vulnerability threats – ordered by business criticality. There are other changes too including the web […]
PyExfil started as a Proof of Concept (PoC) and has ended up turning into a Python Data Exfiltration toolkit, which can execute various techniques based around commonly allowed protocols (HTTP, ICMP, DNS etc). The package is very early stage (alpha release) so is not fully tested, any feedback and commits are welcomed by the author. […]
Androguard is a toolkit built in Python which provides reverse engineering and malware analysis for Android. It’s buyilt to examine * Dex/Odex (Dalvik virtual machine) (.dex) (disassemble, decompilation), * APK (Android application) (.apk), * Android’s binary xml (.xml) and * Android Resources (.arsc). Androguard is available for Linux/OSX/Windows (Python powered). Features Map and manipulate DEX/ODEX/APK/AXML/ARSC […]
So unsurprisingly a security researcher found some cheap Android devices phoning home to China when buying a phone to travel with. One of the phones seems to be Blu R1 HD, which is ‘Currently unavailable’ on Amazon.com and customers that bought it have received security update e-mails. Security researchers have uncovered a secret backdoor in […]
Netdiscover is a network address discovery tool that was developed mainly for those wireless networks without DHCP servers, though it also works on wired networks. It sends ARP requests and sniffs for replies. Built on top of libnet and libpcap, it can passively detect on-line hosts, or search for them, by actively sending ARP requests, […]
I’ve recommended Signal Messaging App quite a few times and I do use it myself, I know there are some privacy concerns with the fact it requires Google App Store – but that’s the developers choice. It’s a pretty solid app, clean, sleek and works well across both Android and iOS and the latest news […]