Archive | November, 2015

Zarp – Network Attack Tool

The New Acunetix V12 Engine


Zarp is a network attack tool centred around the exploitation of local networks. This does not include system exploitation, but rather abusing networking protocols and stacks to take over, infiltrate, and knock out. Sessions can be managed to quickly poison and sniff multiple systems at once, dumping sensitive information automatically or to the attacker directly.

Zarp - Network Attack Tool

Various sniffers are included to automatically parse usernames and passwords from various protocols, as well as view HTTP traffic and more. DoS attacks are included to knock out various systems and applications. These tools open up the possibility for very complex attack scenarios on live networks quickly, cleanly, and quietly.

Features

zarp has around 30+ modules grouped into categories of attack and has multiple functionalities under each group:

  • Poisoners
  • Denial of Service
  • Sniffers
  • Scanners
  • Services
  • Parameter
  • Attacks

Installation

zarp is intended to be as dependency-free as possible. When available, zarp has opted to use pure or native Python implementations over requiring or importing huge libraries. Even as such, zarp requires the following to run:


  • Linux
  • Python 2.7.x
  • Scapy (packaged with zarp)

It is also recommended that user’s have the following installed for access to specific modules:

  • airmon-ng suite (for all your wireless cracking needs)
  • tcpdump
  • libmproxy (packaged with zarp)
  • paramiko (SSH service)
  • nfqueue-bindings (packet modifier)

Usage

The Future

The long-term goal of this network attack tool zarp is to become the master command center of a network; to provide a modular, well-defined framework that provides a powerful overview and in-depth analysis of an entire network. This will come to light with the future inclusion of a web application front-end, which acts as the television screen, whereas the CLI interface will be the remote. This will provide network topology reports, host relationships, and more. zarp aims to be your window into the potential exploitability of a network and its hosts, not an exploitation platform itself; it is the manipulation of relationships and trust felt within local intranets.

You can download zarp here:

zarp-0.1.8.zip

Or read more here.

Posted in: Hacking Tools, Networking Hacking

Topic: Hacking Tools, Networking Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Dell Backdoor Root Cert – What You Need To Know

Use Netsparker


So a few days ago the Internet exploded with chatter about a Dell backdoor root cert AKA a rogue root CA, almost exactly like what happened with Lenovo and Superfish.

It started with this Reddit thread – Dell ships laptops with rogue root CA, exactly like what happened with Lenovo and Superfish in the Technology sub and got a lot of traction from there.

Dell Backdoor Root Cert - There's TWO

It’s pretty ironic they made the above statement on their website..and then did exactly what they promised not to do. Twice.

And yes, it’s not a useless cert – it can be used to sign server certificates and therefore perform man in the middle attacks. Plus you can drop in signed malware posting as Chrome/Firefox/whatever updates and have the machine accept then as trusted by the rogue root. And yes, there’s proof you can sign code with it here.

New models from the XPS, Precision and Inspiron families include a powerful root CA certificate called eDellRoot, which puts the machines’ owners at risk of identity theft and banking fraud.

The self-signed certificate is bundled with its private key, which is a boon for man-in-the-middle attackers: for example, if an affected Dell connects to a malicious Wi-Fi hotspot, whoever runs that hotspot can use Dell’s cert and key to silently decrypt the victims’ web traffic. This would reveal their usernames, passwords, session cookies and other sensitive details, when shopping or banking online, or connecting to any other HTTPS-protected website.

Stunningly, the certificate cannot be simply removed: a .DLL plugin included with the root certificate reinstalls the file if it is deleted. One has to delete the .DLL – Dell.Foundation.Agent.Plugins.eDell.dll – as well as the eDellRoot certificate.

– Source: The Register.

So removing the cert and rebooting doesn’t even help as there’s a .DLL file which will reinstate the certificate on logon. It’s probably for support software, and self signed certificates aren’t uncommon, the problem comes into play when the private key is also available on the laptop – which it is. Which means you can sign whatever you want (including server certs and software) with this certificate (which then any Dell laptop with the cert installed, will automatically trust).

If you have a Dell laptop you can try and load this site, if it works you have the cert installed – https://bogus.lessonslearned.org/

Dell have made an official statement regarding this here: Response to Concerns Regarding eDellroot Certificate


Today we became aware that a certificate (eDellRoot), installed by our Dell Foundation Services application on our PCs, unintentionally introduced a security vulnerability. The certificate was implemented as part of a support tool and intended to make it faster and easier for our customers to service their system. Customer security and privacy is a top concern and priority for Dell; we deeply regret that this has happened and are taking steps to address it.

The certificate is not malware or adware. Rather, it was intended to provide the system service tag to Dell online support allowing us to quickly identify the computer model, making it easier and faster to service our customers. This certificate is not being used to collect personal customer information. It’s also important to note that the certificate will not reinstall itself once it is properly removed using the recommended Dell process.

And provided removal instructions here: eDellRootCertRemovalInstructions.docx [DOCX]

Then not long later, someone else pointed out there was another equally problematic cert which also had an available private key – DSDTestProvider

A second root certificate has been found in new Dell laptops days after the first backdoor was revealed.

The DSDTestProvider certificate was first discovered by Laptopmag. It is installed through Dell System Detect into the Trusted Root Certificate Store on new Windows laptops along with the private key.

Dell has been contacted for comment. The Texas tech titan has called the first certificate gaffe an “unintended security vulnerability” in boilerplate media statements. Carnegie Mellon University CERT says it allows attackers to create trusted certificates and impersonate sites, launch man-in-the-middle attacks, and passive decryption.

“An attacker can generate certificates signed by the DSDTestProvider CA (Certificate Authority),” CERT bod Brian Gardiner says. “Systems that trusts the DSDTestProvider CA will trust any certificate issued by the CA.

– Source: The Register

So yah, not once – but twice. Dell finally issued full instructions (not in a Word document) to remove both certs for good.

Information on the eDellRoot and DSDTestProvider certificates and how to remove them from your Dell PC

At the time of writing, a bunch of images in the document are broken – but it should be enough to remove the certs.

It’s surprising Dell would do this after the backlack over Superfish, which included a statement by the US-CERT: Lenovo Superfish Adware Vulnerable to HTTPS Spoofing

The best advice I’ve seen to avoid these types of issue is:

– Install Linux
– Use a Mac
– Buy a clean one from Microsoft directly (Surface being the best of course)
– Can’t get one direct from the MS? look for a model with “Microsoft Signature Edition”

So yah, Dell screwed up pretty badly this time and I’m guessing lost a lot of trust from consumers. It’s hard to know who to choose nowadays with Lenovo out the pictures (and they bought Thinkpad) and now Dell being dodgy.

I’ve had a good experience with Asus personally, but I always reinstall fresh Vanilla windows on any laptop I have to use so YMMV.

Posted in: Cryptography, Privacy

Topic: Cryptography, Privacy


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Rekall – Memory Forensic Framework

The New Acunetix V12 Engine


Rekall is a memory forensic framework that provides an end-to-end solution to incident responders and forensic analysts. From state of the art acquisition tools, to the most advanced open source memory analysis framework.

Rekall - Memory Forensic Framework

It strives to be a complete end-to-end memory forensic framework, encapsulating acquisition, analysis, and reporting. In particular Rekall is the only memory analysis platform specifically designed to run on the same platform it is analyzing: Live analysis allows us to corroborate memory artifacts with results obtained through system APIs, as well as quickly triage a system without having to write out and manage large memory images (This becomes very important for large servers where the time of acquisition leads to too much smear).

The team also ensures the memory analysis tools are stable and work on all supported platforms (For example Rekall features the only memory imaging tool available for recent versions of OSX, that we know of – and it is open source and free as well!).

Rekall is the only open source memory analysis tool that can work with the windows page file and mapped files. Rekall also includes a full acquisition solution (in the aff4acquire plugin) which allows the acquisition of the pagefile and all relevant mapped files (Rekall does this by executing a triaging routine during acquisition).

Support

Rekall should run on any platform that supports Python.

Rekall supports investigations of the following 32bit and 64bit memory images:

  • Microsoft Windows XP Service Pack 2 and 3
  • Microsoft Windows 7 Service Pack 0 and 1
  • Microsoft Windows 8 and 8.1
  • Linux Kernels 2.6.24 to 3.10.
  • OSX 10.7-10.10.x.

Rekall also provides a complete memory sample acquisition capability for all major operating systems (see the tools directory).

Additionally Rekall now features a complete GUI for writing reports, and driving analysis, try it out with:


Rekall GUI

History

In December 2011, a new branch within the Volatility project was created to explore how to make the code base more modular, improve performance, and increase usability. The modularity allowed Volatility to be used in GRR, making memory analysis a core part of a strategy to enable remote live forensics. As a result, both GRR and Volatility would be able to use each others’ strengths.

Over time this branch has become known as the “scudette” branch or the “Technology Preview” branch. It was always a goal to try to get these changes into the main Volatility code base. But, after two years of ongoing development, the “Technology Preview” was never accepted into the Volatility trunk version.

Since it seemed unlikely these changes would be incorporated in the future, it made sense to develop the Technology Preview branch as a separate project. On December 13, 2013, the former branch was forked to create a new stand-alone project named “Rekall.” This new project incorporates changes made to streamline the codebase so that Rekall can be used as a library. Methods for memory acquisition and other outside contributions have also been included that were not in the Volatility codebase.

Rekall strives to advance the state of the art in memory analysis, implementing the best algorithms currently available and a complete memory acquisition and analysis solution for at least Windows, OSX and Linux.

You can download Rekall here:

– Apple OS X – Rekall_1.4.1_Etzel_OSX.zip
– Windows 64-bit – Rekall_1.4.1_Etzel_x64.exe
– Windows 32-bit – Rekall_1.4.1_Etzel_x86.exe

Or read more here.

Posted in: Forensics

Topic: Forensics


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


american fuzzy lop – Security Oriented Fuzzing Tool

The New Acunetix V12 Engine


American fuzzy lop is a security-oriented fuzzing tool that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage for the fuzzed code. The compact synthesized corpora produced by the tool are also useful for seeding other, more labour or resource-intensive testing regimes down the road.

american fuzzy lop - Security Oriented Fuzzing Tool

Compared to other instrumented fuzzers, afl-fuzz is designed to be practical: it has modest performance overhead, uses a variety of highly effective fuzzing strategies and effort minimization tricks, requires essentially no configuration, and seamlessly handles complex, real-world use cases – say, common image parsing or file compression libraries.

So, What’s Good?

In a hurry? There are several fairly decent reasons to give afl-fuzz a try:

  • It is pretty sophisticated. It’s an instrumentation-guided genetic fuzzer capable of synthesizing complex file semantics in a wide range of non-trivial targets, lessening the need for purpose-built, syntax-aware tools. It also comes with a unique crash explorer and a test case minimizer to make it dead simple to analyze and evaluate the impact of crashing bugs.
  • It has street smarts. It is built around a range of carefully researched, high-gain test case preprocessing and fuzzing strategies rarely employed with comparable rigor in other fuzzing frameworks. As a result, it finds real bugs.
  • It is fast. Thanks to its low-level compile-time or binary-only instrumentation and other optimizations, the tool offers near-native or better-than-native fuzzing speeds against common real-world targets. The newly-added persistent mode allows for exceptionally fast fuzzing of many programs with the help of minimal code modifications, too.
  • It’s rock solid. Compared to other instrumentation- or solver-based fuzzers, it has remarkably few gotchas and failure modes. It also comes with robust, user-friendly problem detection that guides you through any potential hiccups.
  • No tinkering required. In contrast to most other fuzzers, the tool requires essentially no guesswork or fine-tuning. Even if you wanted to, you will find virtually no knobs to fiddle with and no “fuzzing ratios” to dial in.
  • It’s chainable to other tools. The fuzzer generates superior, compact test corpora that can serve as a seed for more specialized, slower, or labor-intensive processes and testing frameworks.
  • It sports a hip, retro-style UI. Just scroll back to the top of the page. Enough said.

You can dowload afl here:

afl-latest.tgz

Or read more here.

Posted in: Hacking Tools, Secure Coding

Topic: Hacking Tools, Secure Coding


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


ISIS Running 24-Hour Terrorist Crypto Help-desk

The New Acunetix V12 Engine


There have been multiple mentioned of ISIS using encryption and ‘encrypted messaging systems’ in the news reports since the Paris incident, it turns out they mostly mean Telegram. Which we’ve only mentioned once before, when they got pounded by an epic DDoS attack.

ISIS Running Terrorist Crypto Helpdesk

Now it turns out, ISIS has a whole help desk infrastructure set-up with what basically maps to tiers of support for cryptography usage in your day to day terrorist communications. When you graduate through the basic levels of encryption your comms, you get moved up to Tier 2 support – wow.

Radical group ISIS is running a help desk to assist jihadists to use encrypted communications, NBC reports.

US Army Combating Terrorism Center (CTC) analyst Aaron F. Brantly says the help desk is a new development which has increased in capacity over the last year.

It is manned with six operatives who train recruits on the use of select messaging platforms to evade intelligence operatives.

“They’ve developed a series of different platforms in which they can train one another on digital security to avoid intelligence and law enforcement agencies for the explicit purpose of recruitment, propaganda and operational planning,” Brantly told NBC.

“They answer questions from the technically mundane to the technically savvy.”

The deranged sys admins are located around the world who hold a minimum university education in tech. Other members help keep the desk as a follow-the-sun operation, Brantly says.

The CTC holds some 300 pages on instances of the help desk providing operational security pointers to recruits.


Seems like they’re adopting start-up culture in some ways on an operational level in ISIS, which is both impressive and scary at the same time.

And with Anonymous announcing Jihad on the Jihadis – things are definitely going get interesting in cyberspace.

Once the would-be jihadis are security savvy, they are connected to more senior operatives to engage in more formal training, Brantly says.

Help desk admins are also warning of the current wave of attacks in retaliation for the Paris attacks from the Anonymous collective, organised through the @opparisofficial Twitter handle.

Reports suggest advice is circulating to jihadis warning against opening suspicious links and suggesting regular IP address shuffles.

The collective has so far focused on taking down Daesh Twitter accounts and claims to have scalped more than 5000 by reporting them to the social network.

Encryption is once again coming under mis-directed fire in the wake of the Paris attacks as news emerges that intelligence services had wind of possible attacks in the French capital but were foiled as jihadis moved to crypto communications platforms.

As always, naysayers will point at Apple, Google and anyone other platform or technology that utilises strong encryption algorithms and say they are supporting terrorist activities.

That’s happening again here, as expected.

Source: The Register

Posted in: Cryptography

Topic: Cryptography


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


KeeFarce – Extract KeePass Passwords (2.x) From Database

Use Netsparker


KeeFarce allows you to extract KeePass passwords (2.x) by using DLL injection to execute code and retrieve the database information from memory. The cleartext information, including usernames, passwords, notes and url’s are dumped into a CSV file in %AppData%.

KeeFarce - Extract KeePass 2.x Passwords From Database

KeeFarce uses DLL injection to execute code within the context of a running KeePass process. C# code execution is achieved by first injecting an architecture-appropriate bootstrap DLL. This spawns an instance of the dot net runtime within the appropriate app domain, subsequently executing KeeFarceDLL.dll (the main C# payload).

The KeeFarceDLL uses CLRMD to find the necessary object in the KeePass processes heap, locates the pointers to some required sub-objects (using offsets), and uses reflection to call an export method.

Executing

In order to execute on the target host, the following files need to be in the same folder:

  • BootstrapDLL.dll
  • KeeFarce.exe
  • KeeFarceDLL.dll
  • Microsoft.Diagnostic.Runtime.dll

Copy these files across to the target and execute KeeFarce.exe

You can download KeeFarce here (which contains prebuilt 32-bit and 64-bit executables):

KeeFarce-master.zip (Your AV may flag this malicious)

Or read more here.

Posted in: Cryptography, Hacking Tools

Topic: Cryptography, Hacking Tools


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.