FreshRSS

๐Ÿ”’
โŒ Secure Planet Training Courses Updated For 2019 - Click Here
โ˜ท
โ–ณ ๐Ÿ”ƒ
There are new available articles, click to refresh the page.
โ˜ โ˜† โœ‡ The Hacker News

New Glibc Flaw Grants Attackers Root Access on Major Linux Distros

By: Newsroom โ€” January 31st 2024 at 05:44
Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc). Tracked as CVE-2023-6246 (CVSS score: 7.8), the heap-based buffer overflow vulnerability is rooted in glibc's __vsyslog_internal() function, which is used by syslog() and vsyslog() for system logging purposes. It's said to have
โ˜ โ˜† โœ‡ KitPloit - PenTest Tools!

TrafficWatch - TrafficWatch, A Packet Sniffer Tool, Allows You To Monitor And Analyze Network Traffic From PCAP Files

By: Zion3R โ€” November 2nd 2023 at 11:30


TrafficWatch, a packet sniffer tool, allows you to monitor and analyze network traffic from PCAP files. It provides insights into various network protocols and can help with network troubleshooting, security analysis, and more.

  • Protocol-specific packet analysis for ARP, ICMP, TCP, UDP, DNS, DHCP, HTTP, SNMP, LLMNR, and NetBIOS.
  • Packet filtering based on protocol, source IP, destination IP, source port, destination port, and more.
  • Summary statistics on captured packets.
  • Interactive mode for in-depth packet inspection.
  • Timestamps for each captured packet.
  • User-friendly colored output for improved readability.
  • Python 3.x
  • scapy
  • argparse
  • pyshark
  • colorama

  1. Clone the repository:

    git clone https://github.com/HalilDeniz/TrafficWatch.git

  2. Navigate to the project directory:

    cd TrafficWatch

  3. Install the required dependencies:

    pip install -r requirements.txt

python3 trafficwatch.py --help
usage: trafficwatch.py [-h] -f FILE [-p {ARP,ICMP,TCP,UDP,DNS,DHCP,HTTP,SNMP,LLMNR,NetBIOS}] [-c COUNT]

Packet Sniffer Tool

options:
-h, --help            show this help message and exit
-f FILE, --file FILE  Path to the .pcap file to analyze
-p {ARP,ICMP,TCP,UDP,DNS,DHCP,HTTP,SNMP,LLMNR,NetBIOS}, --protocol {ARP,ICMP,TCP,UDP,DNS,DHCP,HTTP,SNMP,LLMNR,NetBIOS}
                     Filter by specific protocol
-c COUNT, --count COUNT
                     Number of packets to display

To analyze packets from a PCAP file, use the following command:

python trafficwatch.py -f path/to/your.pcap

To specify a protocol filter (e.g., HTTP) and limit the number of displayed packets (e.g., 10), use:

python trafficwatch.py -f path/to/your.pcap -p HTTP -c 10

  • -f or --file: Path to the PCAP file for analysis.
  • -p or --protocol: Filter packets by protocol (ARP, ICMP, TCP, UDP, DNS, DHCP, HTTP, SNMP, LLMNR, NetBIOS).
  • -c or --count: Limit the number of displayed packets.

Contributions are welcome! If you want to contribute to TrafficWatch, please follow our contribution guidelines.

If you have any questions, comments, or suggestions about Dosinator, please feel free to contact me:

This project is licensed under the MIT License.

Thank you for considering supporting me! Your support enables me to dedicate more time and effort to creating useful tools like DNSWatch and developing new projects. By contributing, you're not only helping me improve existing tools but also inspiring new ideas and innovations. Your support plays a vital role in the growth of this project and future endeavors. Together, let's continue building and learning. Thank you!"ย 



โ˜ โ˜† โœ‡ KitPloit - PenTest Tools!

Caracal - Static Analyzer For Starknet Smart Contracts

By: Zion3R โ€” October 6th 2023 at 11:30


Caracal is a static analyzer tool over the SIERRA representation for Starknet smart contracts.

Features

  • Detectors to detect vulnerable Cairo code
  • Printers to report information
  • Taint analysis
  • Data flow analysis framework
  • Easy to run in Scarb projects

Installation

Precompiled binaries

Precompiled binaries are available on our releases page. If you are using Cairo compiler 1.x.x uses the binary v0.1.x otherwise if you are using the Cairo compiler 2.x.x uses v0.2.x.

Building from source

You need the Rust compiler and Cargo. Building from git:

cargo install --git https://github.com/crytic/caracal --profile release --force

Building from a local copy:

git clone https://github.com/crytic/caracal
cd caracal
cargo install --path . --profile release --force

Usage

List detectors:

caracal detectors

List printers:

caracal printers

Standalone

To use with a standalone cairo file you need to pass the path to the corelib library either with the --corelib cli option or by setting the CORELIB_PATH environment variable. Run detectors:

caracal detect path/file/to/analyze --corelib path/to/corelib/src

Run printers:

caracal print path/file/to/analyze --printer printer_to_use --corelib path/to/corelib/src

Scarb

If you have a project that uses Scarb you need to add the following in Scarb.toml:

[[target.starknet-contract]]
sierra = true

[cairo]
sierra-replace-ids = true

Then pass the path to the directory where Scarb.toml resides. Run detectors:

caracal detect path/to/dir

Run printers:

caracal print path/to/dir --printer printer_to_use

Detectors

Num Detector What it Detects Impact Confidence Cairo
1 controlled-library-call Library calls with a user controlled class hash High Medium 1 & 2
2 unchecked-l1-handler-from Detect L1 handlers without from address check High Medium 1 & 2
3 felt252-overflow Detect user controlled operations with felt252 type, which is not overflow safe High Medium 1 & 2
4 reentrancy Detect when a storage variable is read before an external call and written after Medium Medium 1 & 2
5 read-only-reentrancy Detect when a view function read a storage variable written after an external call Medium Medium 1 & 2
6 unused-events Events defined but not emitted Medium Medium 1 & 2
7 unused-return Unused return values Medium Medium 1 & 2
8 unenforced-view Function has view decorator but modifies state Medium Medium 1
9 unused-arguments Unused arguments Low Medium 1 & 2
10 reentrancy-benign Detect when a storage variable is written after an external call but not read before Low Medium 1 & 2
11 reentrancy-events Detect when an event is emitted after an external call leading to out-of-order events Low Medium 1 & 2
12 dead-code Private functions never used Low Medium 1 & 2

The Cairo column represent the compiler version(s) for which the detector is valid.

Printers

  • cfg: Export the CFG of each function to a .dot file
  • callgraph: Export function call graph to a .dot file

How to contribute

Check the wiki on the following topics:

Limitations

  • Inlined functions are not handled correctly.
  • Since it's working over the SIERRA representation it's not possible to report where an error is in the source code but we can only report SIERRA instructions/what's available in a SIERRA program.


โ˜ โ˜† โœ‡ KitPloit - PenTest Tools!

DNSWatch - DNS Traffic Sniffer and Analyzer

By: Zion3R โ€” August 29th 2023 at 12:30


DNSWatch is a Python-based tool that allows you to sniff and analyze DNS (Domain Name System) traffic on your network. It listens to DNS requests and responses and provides insights into the DNS activity.ย 

Features

  • Sniff and analyze DNS requests and responses.
  • Display DNS requests with their corresponding source and destination IP addresses.
  • Optional verbose mode for detailed packet inspection.
  • Save the results to a specified output file.
  • Filter DNS traffic by specifying a target IP address.
  • Save DNS requests in a database for further analysis(optional)
  • Analyze DNS types (optional).
  • Support for DNS over HTTPS (DoH) (optional).

Requirements

  • Python 3.7+
  • scapy 2.4.5 or higher
  • colorama 0.4.4 or higher

Installation

  1. Clone this repository:
git clone https://github.com/HalilDeniz/DNSWatch.git
  1. Install the required dependencies:
pip install -r requirements.txt

Usage

python dnswatch.py -i <interface> [-v] [-o <output_file>] [-k <target_ip>] [--analyze-dns-types] [--doh]
  • -i, --interface: Specify the network interface (e.g., eth0).
  • -v, --verbose: Use this flag for more verbose output.
  • -o, --output: Specify the filename to save results.
  • -t, --target-ip: Specify a specific target IP address to monitor.
  • -adt, --analyze-dns-types: Analyze DNS types.
  • --doh: Use DNS over HTTPS (DoH) for resolving DNS requests.
  • -fd, --target-domains: Filter DNS requests by specified domains.
  • -d, --database: Enable database storage for DNS requests.

Press Ctrl+C to stop the sniffing process.

Examples

  • Sniff DNS traffic on interface "eth0":
python dnswatch.py -i eth0
  • Sniff DNS traffic on interface "eth0" and save the results to a file:
python dnswatch.py -i eth0 -o dns_results.txt
  • Sniff DNS traffic on interface "eth0" and filter requests/responses involving a specific target IP:
python dnswatch.py -i eth0 -k 192.168.1.100
  • Sniff DNS traffic on interface "eth0" and enable DNS type analysis:
python dnswatch.py -i eth0 --analyze-dns-types
  • Sniff DNS traffic on interface "eth0" using DNS over HTTPS (DoH):
python dnswatch.py -i eth0 --doh
  • Sniff DNS traffic on interface "wlan0" and Enable database storage
python3 dnswatch.py -i wlan0 --database

License

DNSWatch is licensed under the MIT License. See the LICENSE file for details.

Disclaimer

This tool is intended for educational and testing purposes only. It should not be used for any malicious activities.

Contact



โŒ