JuxhinDB / Oob Server
Licence: apache-2.0
A Bind9 server for pentesters to use for Out-of-Band vulnerabilities
Stars: β 125
Programming Languages
shell
77523 projects
Projects that are alternatives of or similar to Oob Server
Sbt Dependency Check
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). π
Stars: β 187 (+49.6%)
Mutual labels: infosec, appsec
Kurukshetra
Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.
Stars: β 131 (+4.8%)
Mutual labels: infosec, appsec
Resources-for-Application-Security
Some good resources for getting started with application security
Stars: β 97 (-22.4%)
Mutual labels: infosec, appsec
Application Security Engineer Interview Questions
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Stars: β 267 (+113.6%)
Mutual labels: infosec, appsec
tutorials
Additional Resources For Securing The Stack Tutorials
Stars: β 36 (-71.2%)
Mutual labels: infosec, appsec
Race The Web
Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
Stars: β 385 (+208%)
Mutual labels: infosec, appsec
Purify
All-in-one tool for managing vulnerability reports from AppSec pipelines
Stars: β 72 (-42.4%)
Mutual labels: infosec, appsec
Securityrat
OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development
Stars: β 115 (-8%)
Mutual labels: appsec
Security Txt
A proposed standard that allows websites to define security policies.
Stars: β 1,393 (+1014.4%)
Mutual labels: infosec
Mitmap
π‘ A python program to create a fake AP and sniff data.
Stars: β 1,526 (+1120.8%)
Mutual labels: infosec
Hacker Container
Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters
Stars: β 105 (-16%)
Mutual labels: infosec
Spaces Finder
A tool to hunt for publicly accessible DigitalOcean Spaces
Stars: β 122 (-2.4%)
Mutual labels: infosec
Subtake
Automatic finder for subdomains vulnerable to takeover. Written in Go, based on @haccer's subjack.
Stars: β 104 (-16.8%)
Mutual labels: infosec
M4ngl3m3
Common password pattern generator using strings list
Stars: β 103 (-17.6%)
Mutual labels: infosec
Pidrila
Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
Stars: β 125 (+0%)
Mutual labels: appsec
Defaultcreds Cheat Sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password π‘οΈ
Stars: β 1,949 (+1459.2%)
Mutual labels: infosec
Out-of-Band DNS Bind Server
A simple Bind9 server that acts as an open DNS resolver.
Noteβfor this to work without specifying nameservers
(i.e. dig A +short foo.bar @ns1.foo.bar), you would need your domain provider
to have the domain point to your custom domain for example:
- ns1.foo.bar =>
127.127.127.127 - ns2.foo.bar =>
127.127.127.127
Usage
Usage: setup DOMAIN_NAME IP
setup foo.bar 1.1.1.1
setup -h
setup --help
Options:
-h, --help Print this help message
You can then monitor your Bind9 traffic like so:
[email protected]:~$ sudo tail -f /var/log/named/named.log
25-Oct-2018 13:22:18.015 queries: info: client @0x7f25082bef80 255.255.255.255.16360047 (foo.bar): query: foo.bar IN A -E(0) (127.127.127.127)
25-Oct-2018 13:22:20.352 queries: info: client @0x7f25082bef80 255.255.255.255.88#61503 (foo.bar): query: foo.bar IN A -E(0) (127.127.127.127)
25-Oct-2018 13:22:20.654 queries: info: client @0x7f25082bef80 255.255.255.255.60#18303 (foo.bar): query: foo.bar IN A -E(0) (127.127.127.127)
25-Oct-2018 13:22:20.903 queries: info: client @0x7f25082bef80 255.255.255.255.60#36200 (foo.bar): query: foo.bar IN A -E(0) (127.127.127.127)
25-Oct-2018 13:22:21.371 queries: info: client @0x7f25082bef80 255.255.255.255.60#18303 (foo.bar): query: foo.bar IN A -E(0) (127.127.127.127)
25-Oct-2018 13:22:21.617 queries: info: client @0x7f25082bef80 255.255.255.255.60#60065 (foo.bar): query: foo.bar IN A -E(0) (127.127.127.127)
25-Oct-2018 13:22:22.080 queries: info: client @0x7f25082bef80 255.255.255.255.60#51886 (foo.bar): query: foo.bar IN A -E(0) (127.127.127.127)
25-Oct-2018 13:22:22.335 queries: info: client @0x7f25082bef80 255.255.255.255.60#51410 (foo.bar): query: foo.bar IN A -E(0) (127.127.127.127)
25-Oct-2018 13:22:22.778 queries: info: client @0x7f25082bef80 255.255.255.255.60#61740 (foo.bar): query: foo.bar IN A -E(0) (127.127.127.127)
25-Oct-2018 13:22:23.030 queries: info: client @0x7f25082bef80 255.255.255.255.60#20153 (foo.bar): query: foo.bar IN A -E(0) (127.127.127.127)
Or for something more specific:
Client
dig 12321931-xxe.gbejna.bid
Server
25-Oct-2018 14:43:28.202 queries: info: client @0x7f24f8001250 195.158.104.28#58760 (12321931-xxe.foo.bar): query: 12321931-xxe.foo.bar IN A -E(0) (127.127.127.127)
25-Oct-2018 14:43:28.297 queries: info: client @0x7f24f8001250 195.158.104.28#58760 (12321931-xxe.foo.bar): query: 12321931-xxe.foo.bar IN A -E(0) (127.127.127.127)
25-Oct-2018 14:43:28.390 queries: info: client @0x7f24f8001250 195.158.104.28#58760 (12321931-xxe.foo.bar): query: 12321931-xxe.foo.bar IN A -E(0) (127.127.127.127)
Why
This is very useful when wanting to test for some very hairy vulnerabilities
such as XXE, SSRF and so on. You can inject payloads with random IDs and
subdomains like 8273781123-xxe.foo.bar and grep for it in your logs to
see if the payload ever executed.
This is also nice to do with Bind9 because:
- It's super fast, can handle being an open DNS resolver
- DNS outbound traffic is rarely filtered, even if HTTP is
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].