Burp Suite Free Edition and NTLM authentication in ASP.net applications
As you know, Burp Suit is a #scanner for advanced Web Application Security researchers. However, the free version of Burp is more like #Firebug analogue, but much more functional.
Let’s see how to install it and use for website analysis. This analysis may be necessary to find vulnerabilities or somehow automate the work with the site. Let’s take, for example, ASP.net applications with NTLM-authorization, which is rather unpleasant to analyze.
Go to the site https://portswigger.net/burp/freedownload and download burp installer as a #bash script:
#WAS #proxy #PortSwigger #NTLM #Firefox #Firebug #curl #BurpSuite #VulnerabilityManagement #API
Read more: https://avleonov.com/2017/08/29/burp-suite-free-edition-and-ntlm-authentication-in-asp-net-applications/
As you know, Burp Suit is a #scanner for advanced Web Application Security researchers. However, the free version of Burp is more like #Firebug analogue, but much more functional.
Let’s see how to install it and use for website analysis. This analysis may be necessary to find vulnerabilities or somehow automate the work with the site. Let’s take, for example, ASP.net applications with NTLM-authorization, which is rather unpleasant to analyze.
Go to the site https://portswigger.net/burp/freedownload and download burp installer as a #bash script:
#WAS #proxy #PortSwigger #NTLM #Firefox #Firebug #curl #BurpSuite #VulnerabilityManagement #API
Read more: https://avleonov.com/2017/08/29/burp-suite-free-edition-and-ntlm-authentication-in-asp-net-applications/
Burp Suite Free Edition and NTLM authentication in ASP.net applications
Great OpenVAS news: delay in plugin feed will be dropped, new GVM-Tools for remote management released
Jan Oliver Wagner, CEO of #Greenbone and #OpenVAS Community leader sent recently several messages to community #email list with the great news.
First of all, #Greenbone decided to drop two weeks delay in a free plugin feed, that was implemented in June 2017 and made some #OpenVAS users pretty nervous.
I wrote about it in “GSM Community Edition and lagging #OpenVAS Plugin Feed“. The good thing is that, it has increased interest in #NASL scripting among #OpenVAS users. I also made some steps in this way in “Adding third party nasl plugins to OpenVAS“. I don’t now why #Greenbone finally decided to drop this delay, but I am very glad for this decision. Wise move!
The feed will stay delayed until September 4th, 2017. To demonstrate the current state I used some data from Vulners.com collections. Let’s see the nasl #vulnerability detection plugins for #CentOS in #Nessus and #OpenVAS. I know that #Windows would be much more clear, but #Microsoft released latest MS17-023 bulletin in March, so now there is no much difference there.
As you can see, no #OpenVAS plugins since 2017-08-16, literally two weeks. And I hope this will change very soon.
Don’t forget that NVT will be called now #GCF (Greenbone Community Feed) and some advanced enterprise-level checks will be now released only in paid feed.
Another good news is the recent release of open source #GVMTools for controlling #OpenVAS remotelly. It will replace old console client openvas-cli (omp). Let’s try to download and install it on #Debian host with installed #OpenVAS (see “Installing #OpenVAS 9 from the sources“).
#vulnerscom #OpenVAS #Nessus #NASL #GVMTools #Greenbone #GCF #Debian #CentOS #VulnerabilityManagement
Read more: https://avleonov.com/2017/09/01/great-openvas-news-delay-in-plugin-feed-will-be-dropped-new-gvm-tools-for-remote-management-released/
Jan Oliver Wagner, CEO of #Greenbone and #OpenVAS Community leader sent recently several messages to community #email list with the great news.
First of all, #Greenbone decided to drop two weeks delay in a free plugin feed, that was implemented in June 2017 and made some #OpenVAS users pretty nervous.
I wrote about it in “GSM Community Edition and lagging #OpenVAS Plugin Feed“. The good thing is that, it has increased interest in #NASL scripting among #OpenVAS users. I also made some steps in this way in “Adding third party nasl plugins to OpenVAS“. I don’t now why #Greenbone finally decided to drop this delay, but I am very glad for this decision. Wise move!
The feed will stay delayed until September 4th, 2017. To demonstrate the current state I used some data from Vulners.com collections. Let’s see the nasl #vulnerability detection plugins for #CentOS in #Nessus and #OpenVAS. I know that #Windows would be much more clear, but #Microsoft released latest MS17-023 bulletin in March, so now there is no much difference there.
As you can see, no #OpenVAS plugins since 2017-08-16, literally two weeks. And I hope this will change very soon.
Don’t forget that NVT will be called now #GCF (Greenbone Community Feed) and some advanced enterprise-level checks will be now released only in paid feed.
Another good news is the recent release of open source #GVMTools for controlling #OpenVAS remotelly. It will replace old console client openvas-cli (omp). Let’s try to download and install it on #Debian host with installed #OpenVAS (see “Installing #OpenVAS 9 from the sources“).
#vulnerscom #OpenVAS #Nessus #NASL #GVMTools #Greenbone #GCF #Debian #CentOS #VulnerabilityManagement
Read more: https://avleonov.com/2017/09/01/great-openvas-news-delay-in-plugin-feed-will-be-dropped-new-gvm-tools-for-remote-management-released/
Problems of Vulnerability Prioritization and Detection
It’s the third part of our talk with Daniil Svetlov at his radio show “Safe Environment” recorded 29.03.2017. In this part we talk about Vulnerability Prioritization and Detection:
* Common Vulnerability Scoring System (CVSS)
* Environmental factor
* Manual and automated #vulnerability detection
* Unauthenticated and authenticated scanning
* Why #vulnerability scanners are so expensive and why the can’t detect everything
#Video with manually transcribed Russian/English subtitles.
### Prioritization
– Here also the question how to prioritize vulnerabilities properly. Because if you have, as you said, two #Linux servers and 20 workstations running #Windows, then in principle, you may not need to do prioritization. But if you have fifteen hundred servers: some of them are on perimeter, some are in your DMZ, some are in the internal network. It is still necessary, probably, to understand correctly which vulnerabilities and where should be patched in in the first place.
Yes, this is absolutely true and it’s a very good question. How to prioritize?
#### Common Vulnerability Scoring System
A natural way. If we look at vulnerabilities with a #CVE identifier, for them in the US National Vulnerability Database we can find #CVSS Base Score. It is an assessment of #vulnerability criticality level.
How is it calculated?
Some person fills the questionnaire: can it be remotely exploited – no, is there public exploit – no, etc.
The result is a #CVSS vector – this is a line in which you can see the main characteristics of this #vulnerability and #CVSS Base score is the score from 0 to 10 depending on criticality.
This is a natural way of prioritization. But sometimes this method does not give very good results.
#Windows #vulnerscom #Qualys #OpenVAS #NVD #Nessus #Metasploit #Linux #CVSS #CVE #CESA #CentOS #VulnerabilityManagement #Video
Read more: https://avleonov.com/2017/09/02/problems-of-vulnerability-prioritization-and-detection/
It’s the third part of our talk with Daniil Svetlov at his radio show “Safe Environment” recorded 29.03.2017. In this part we talk about Vulnerability Prioritization and Detection:
* Common Vulnerability Scoring System (CVSS)
* Environmental factor
* Manual and automated #vulnerability detection
* Unauthenticated and authenticated scanning
* Why #vulnerability scanners are so expensive and why the can’t detect everything
#Video with manually transcribed Russian/English subtitles.
### Prioritization
– Here also the question how to prioritize vulnerabilities properly. Because if you have, as you said, two #Linux servers and 20 workstations running #Windows, then in principle, you may not need to do prioritization. But if you have fifteen hundred servers: some of them are on perimeter, some are in your DMZ, some are in the internal network. It is still necessary, probably, to understand correctly which vulnerabilities and where should be patched in in the first place.
Yes, this is absolutely true and it’s a very good question. How to prioritize?
#### Common Vulnerability Scoring System
A natural way. If we look at vulnerabilities with a #CVE identifier, for them in the US National Vulnerability Database we can find #CVSS Base Score. It is an assessment of #vulnerability criticality level.
How is it calculated?
Some person fills the questionnaire: can it be remotely exploited – no, is there public exploit – no, etc.
The result is a #CVSS vector – this is a line in which you can see the main characteristics of this #vulnerability and #CVSS Base score is the score from 0 to 10 depending on criticality.
This is a natural way of prioritization. But sometimes this method does not give very good results.
#Windows #vulnerscom #Qualys #OpenVAS #NVD #Nessus #Metasploit #Linux #CVSS #CVE #CESA #CentOS #VulnerabilityManagement #Video
Read more: https://avleonov.com/2017/09/02/problems-of-vulnerability-prioritization-and-detection/
Alexander V. Leonov
Problems of Vulnerability Prioritization and Detection
It’s the third part of our talk with Daniil Svetlov at his radio show “Safe Environment” recorded 29.03.2017. In this part we talk about Vulnerability Prioritization and Detection: Common Vulnerability Scoring System (CVSS) Environmental factor Manual and…
SSH, SFTP, public key authentication and python
SFTP is a simple and fairly reliable way to share the information within the organization. Let’s look at the situation when you need to pick up some files from a remote host with authorization by public key. And after that, let’s see how to use it with in #python.
Moreover, let’s see how to work with #SSH using #python and execute any commands on the remote host. For example. if we need it to collect versions of installed packages and a version #Linux distribution for further #vulnerability analysis (see “Vulnerability Assessment without Vulnerability Scanner“). 😉
#sshkeygen #SSH #SFTP #python #pysftp #OpenSSH #Concept #API
Read more: https://avleonov.com/2017/09/05/ssh-sftp-public-key-authentication-and-python/
SFTP is a simple and fairly reliable way to share the information within the organization. Let’s look at the situation when you need to pick up some files from a remote host with authorization by public key. And after that, let’s see how to use it with in #python.
Moreover, let’s see how to work with #SSH using #python and execute any commands on the remote host. For example. if we need it to collect versions of installed packages and a version #Linux distribution for further #vulnerability analysis (see “Vulnerability Assessment without Vulnerability Scanner“). 😉
#sshkeygen #SSH #SFTP #python #pysftp #OpenSSH #Concept #API
Read more: https://avleonov.com/2017/09/05/ssh-sftp-public-key-authentication-and-python/
Scaner-VS: Vulnerability Management solution for Russian Military
Scaner-VS is a Vulnerability Assessment system developed by Moscow-based #NPOEchelon. It’s pretty popular in Russian government organizations, especially in Russian Army, because it comply all government requirements, has all necessary certificates and is relatively cheap.
As for requirements and certificates, #NPOEchelon itself is an important certification authority, so they know how to do the things right. It’s not a secret product or something. You can request trial version freely at https://scaner-vs.ru/version-for-testing/. But note, that it is only available in Russian. I am also sorry, but screenshots in this post will be also in Russian. I will try to do my best to describe them properly.
When you fill the form on Echelon website, you will soon get a link to 3.3 gb .iso file by #email. Run it in #VirtualBox virtual machine (choose #Debian 64 or #Debian 32).
Here is a boot menu. Choose first default option.
Some seconds later you will see #Linux desktop environment with Scaner-VS web-GUI opened in #Firefox.
#Windows #VirtualBox #ScanerVS #OpenVAS #NPOEchelon #NMap #Nessus #Kali #ITGrundschutz #Greenbone #CESA #CentOS #AstraLinux #VulnerabilityManagement #ComplianceManagement
Read more: https://avleonov.com/2017/09/07/scaner-vs-vulnerability-management-solution-for-russian-military/
Scaner-VS is a Vulnerability Assessment system developed by Moscow-based #NPOEchelon. It’s pretty popular in Russian government organizations, especially in Russian Army, because it comply all government requirements, has all necessary certificates and is relatively cheap.
As for requirements and certificates, #NPOEchelon itself is an important certification authority, so they know how to do the things right. It’s not a secret product or something. You can request trial version freely at https://scaner-vs.ru/version-for-testing/. But note, that it is only available in Russian. I am also sorry, but screenshots in this post will be also in Russian. I will try to do my best to describe them properly.
When you fill the form on Echelon website, you will soon get a link to 3.3 gb .iso file by #email. Run it in #VirtualBox virtual machine (choose #Debian 64 or #Debian 32).
Here is a boot menu. Choose first default option.
Some seconds later you will see #Linux desktop environment with Scaner-VS web-GUI opened in #Firefox.
#Windows #VirtualBox #ScanerVS #OpenVAS #NPOEchelon #NMap #Nessus #Kali #ITGrundschutz #Greenbone #CESA #CentOS #AstraLinux #VulnerabilityManagement #ComplianceManagement
Read more: https://avleonov.com/2017/09/07/scaner-vs-vulnerability-management-solution-for-russian-military/
Sending and receiving emails automatically in Python
There are different situations, when you may want to process #email messages automatically. I will give some examples related to Vulnerability Management:
* Send a message to your colleagues that you are going to start a network #vulnerability #scan or #WAS #scan. It is much better than investigating performance problems in a hurry.
* Send the results of #vulnerability scanning to colleagues or a responsible employee. Many patch management and configuration issues can be delegated to the end user directly without bothering IT department.
* Process the response (if any) on your message. If it is not, you can send another message or escalate the problem.
* Send a report with the current security status in the organization to your colleagues and boss.
* Some systems you can integrate by #email only. They will send messages to some #email address and you will process them automatically.
* Maybe you do not like existing #email clients and you want to write your own? 😉
In any case, the ability to send e-mails can be very useful. How to do this in python? Let’s assume that your IT team has granted you access to #smtp and #imap servers.
#WAS #smtplib #smtp #imap #Google #gmail #easyimap #API
Read more: https://avleonov.com/2017/09/14/sending-and-receiving-emails-automatically-in-python/
There are different situations, when you may want to process #email messages automatically. I will give some examples related to Vulnerability Management:
* Send a message to your colleagues that you are going to start a network #vulnerability #scan or #WAS #scan. It is much better than investigating performance problems in a hurry.
* Send the results of #vulnerability scanning to colleagues or a responsible employee. Many patch management and configuration issues can be delegated to the end user directly without bothering IT department.
* Process the response (if any) on your message. If it is not, you can send another message or escalate the problem.
* Send a report with the current security status in the organization to your colleagues and boss.
* Some systems you can integrate by #email only. They will send messages to some #email address and you will process them automatically.
* Maybe you do not like existing #email clients and you want to write your own? 😉
In any case, the ability to send e-mails can be very useful. How to do this in python? Let’s assume that your IT team has granted you access to #smtp and #imap servers.
#WAS #smtplib #smtp #imap #Google #gmail #easyimap #API
Read more: https://avleonov.com/2017/09/14/sending-and-receiving-emails-automatically-in-python/
Automating Opera browser with Selenium WebDriver and Python
The right way to automate a web application is, certainly, to understand how this application works, by using burp (see “Burp Suite Free Edition and #NTLM authentication in ASP.net applications“) for example, retrieve all necessary requests and learn how to use them.
However, this is sometimes so difficult and confusing, especially when the site owners are actively fighting with automation attempts. In this case, you may want to automate somehow the work on the highest level, with the graphical elements of the site. You can view them as some pictures, as #SikuliX does (“SikuliX: the last chance for automation“, or as some elements of code, as #Selenium IDE does (“Selenium, #SikuliX and #Facebook posting“).
But it would much better to control the browser itself from the Python scripts. And this can be done with #Selenium #WebDriver.
Guys from Guru99 have wrote me a letter about their free course about #Selenium.
This course looks pretty good. In the first part you can find a detailed description of #Selenium components and the project history. After reading this, I finally decided that the #Selenium #WebDriver suited me best. Examples of #WebDriver usage are written in Java, and I wanted to use Python. But since the calls are the same, lessons of this course are still more than useful.
And despite the fact that #Selenium is usually used with #Firefox, I tried to use it with Chromium-based #Opera. This browser is very popular in Russia because of some unique features. 😉
#WebDriver #Selenium #python #Opera #Chromium #BeautifulSoup #Concept #API
Read more: https://avleonov.com/2017/09/17/automating-opera-browser-with-selenium-webdriver-and-python/
The right way to automate a web application is, certainly, to understand how this application works, by using burp (see “Burp Suite Free Edition and #NTLM authentication in ASP.net applications“) for example, retrieve all necessary requests and learn how to use them.
However, this is sometimes so difficult and confusing, especially when the site owners are actively fighting with automation attempts. In this case, you may want to automate somehow the work on the highest level, with the graphical elements of the site. You can view them as some pictures, as #SikuliX does (“SikuliX: the last chance for automation“, or as some elements of code, as #Selenium IDE does (“Selenium, #SikuliX and #Facebook posting“).
But it would much better to control the browser itself from the Python scripts. And this can be done with #Selenium #WebDriver.
Guys from Guru99 have wrote me a letter about their free course about #Selenium.
This course looks pretty good. In the first part you can find a detailed description of #Selenium components and the project history. After reading this, I finally decided that the #Selenium #WebDriver suited me best. Examples of #WebDriver usage are written in Java, and I wanted to use Python. But since the calls are the same, lessons of this course are still more than useful.
And despite the fact that #Selenium is usually used with #Firefox, I tried to use it with Chromium-based #Opera. This browser is very popular in Russia because of some unique features. 😉
#WebDriver #Selenium #python #Opera #Chromium #BeautifulSoup #Concept #API
Read more: https://avleonov.com/2017/09/17/automating-opera-browser-with-selenium-webdriver-and-python/
New National Vulnerability Database visualizations and feeds
Recently, the National Institute of Standards and Technology (NIST) introduced a new version of National Vulnerability Database (NVD) website.
I will not say that I liked this redesign. IMHO, old website with US flag was much prettier and useful. But the very fact that the site is developing, I really like very much. Let’s see what’s new there.
#SCAP #OVAL #NVD #NIST #NCP #json #CWE #CVSS #CVE #CPE #CIS #VulnerabilityDatabases
Read more: https://avleonov.com/2017/09/24/new-national-vulnerability-database-visualizations-and-feeds/
Recently, the National Institute of Standards and Technology (NIST) introduced a new version of National Vulnerability Database (NVD) website.
I will not say that I liked this redesign. IMHO, old website with US flag was much prettier and useful. But the very fact that the site is developing, I really like very much. Let’s see what’s new there.
#SCAP #OVAL #NVD #NIST #NCP #json #CWE #CVSS #CVE #CPE #CIS #VulnerabilityDatabases
Read more: https://avleonov.com/2017/09/24/new-national-vulnerability-database-visualizations-and-feeds/
Alexander V. Leonov
New National Vulnerability Database visualizations and feeds
Recently, the National Institute of Standards and Technology (NIST) introduced a new version of National Vulnerability Database (NVD) website.  I will not say that I liked this redesign: IMHO, old website with US flag was much prettier and useful: But the…
Downloading and analyzing NVD CVE feed
In previous post “New National Vulnerability Database visualizations and feeds” I mentioned JSON #NVD feed.
Let’s see what data it contains, how to download and analyse it.
#python #NVD #json #CVSS #CVE #CPE #VulnerabilityDatabases
Read more: https://avleonov.com/2017/10/03/downloading-and-analyzing-nvd-cve-feed/
In previous post “New National Vulnerability Database visualizations and feeds” I mentioned JSON #NVD feed.
Let’s see what data it contains, how to download and analyse it.
#python #NVD #json #CVSS #CVE #CPE #VulnerabilityDatabases
Read more: https://avleonov.com/2017/10/03/downloading-and-analyzing-nvd-cve-feed/
VirtualBox GuestAdditions for Linux Guest OS
I often work with #VirtualBox virtual machines and need to install GuestAdditions to use GUI applications comfortably. So, I decided to collect here some configuration scripts.
### #CentOS 7
In the configuration a new #VirtualBox machine I add 2 network adapters:
* Host Only Network
* NAT
Installing clean #CentOS (CentOS-7-x86_64-DVD-1611)
#VirtualBoxGuestAdditions #VirtualBox #CentOS #Concept
Read more: https://avleonov.com/2017/10/04/virtualbox-guestadditions-for-linux-guest-os/
I often work with #VirtualBox virtual machines and need to install GuestAdditions to use GUI applications comfortably. So, I decided to collect here some configuration scripts.
### #CentOS 7
In the configuration a new #VirtualBox machine I add 2 network adapters:
* Host Only Network
* NAT
Installing clean #CentOS (CentOS-7-x86_64-DVD-1611)
#VirtualBoxGuestAdditions #VirtualBox #CentOS #Concept
Read more: https://avleonov.com/2017/10/04/virtualbox-guestadditions-for-linux-guest-os/
Vulners NASL Plugin Feeds for OpenVAS 9
As I already wrote earlier, you can easily add third party nasl plugins to #OpenVAS. So, my friends from Vulners.com realised generation of #NASL plugins for #OpenVAS using own security content. I’ve tested it for scanning #CentOS 7 host. And it works =)
Let’s see the whole process.
#vulnerscom #OpenVAS #NASL #CESA #CentOS #VulnerabilityManagement #VulnerabilityDatabases
Read more: https://avleonov.com/2017/10/04/vulners-nasl-plugin-feeds-for-openvas-9/
As I already wrote earlier, you can easily add third party nasl plugins to #OpenVAS. So, my friends from Vulners.com realised generation of #NASL plugins for #OpenVAS using own security content. I’ve tested it for scanning #CentOS 7 host. And it works =)
Let’s see the whole process.
#vulnerscom #OpenVAS #NASL #CESA #CentOS #VulnerabilityManagement #VulnerabilityDatabases
Read more: https://avleonov.com/2017/10/04/vulners-nasl-plugin-feeds-for-openvas-9/