Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Interactive network scanner with autocomplete:
Suitable for everyday and professional tasks,
Capable of host discovery, port scans and service enumeration (integrates many tools such as: EyeWitness, Hydra, nikto, etc.)
Scanning is performed in the background, in case of connection loss you can download the results asynchronously (no need to restart the process, data can be imported at different stages),
Supports all major stages of network enumeration,
and much more.
External Integrations Service Support
ARP: nmap
DNS: nmap, dnsrecon, dnsenum, host
FINGER: nmap, finger-user-enum
FTP: nmap, ftp-user-enum, hydra AGGRESIVE
HTTP: nmap, nikto, dirb, EyeWitness, SQLmap, fimap
RDP: nmap, EyeWitness
SMB: nmap, enum4linux, nbtscan, samrdump
SMTP: nmap, smtp-user-enum
SNMP: nmap, snmpcheck, onesixtyone, snmpwalk
SSH: hydra AGGRESIVE
SQL: nmap
VNC: EyeWitnes
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Β» Building from source
Clone the repo: If you want to create a multiplatform binary, run:
1) $ git clone https://github.com/marco-lancini/goscan.git
Change to the GoScan directory and build it:
2) $ cd goscan / goscan /
3) $ make setup
4) $ make build
If you want to create a multiplatform binary, run:
5) $ make cross
Β» Installing the binary
This is the recommended installation method.
3) $ sudo mv ./goscan / usr / local / bin / goscan
Β» Install via Docker
$ git clone https://github.com/marco-lancini/goscan.git
$ cd goscan /
$ docker-compose up --build
example usage take a look at video before this chat
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Interactive network scanner with autocomplete:
Suitable for everyday and professional tasks,
Capable of host discovery, port scans and service enumeration (integrates many tools such as: EyeWitness, Hydra, nikto, etc.)
Scanning is performed in the background, in case of connection loss you can download the results asynchronously (no need to restart the process, data can be imported at different stages),
Supports all major stages of network enumeration,
and much more.
External Integrations Service Support
ARP: nmap
DNS: nmap, dnsrecon, dnsenum, host
FINGER: nmap, finger-user-enum
FTP: nmap, ftp-user-enum, hydra AGGRESIVE
HTTP: nmap, nikto, dirb, EyeWitness, SQLmap, fimap
RDP: nmap, EyeWitness
SMB: nmap, enum4linux, nbtscan, samrdump
SMTP: nmap, smtp-user-enum
SNMP: nmap, snmpcheck, onesixtyone, snmpwalk
SSH: hydra AGGRESIVE
SQL: nmap
VNC: EyeWitnes
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Β» Building from source
Clone the repo: If you want to create a multiplatform binary, run:
1) $ git clone https://github.com/marco-lancini/goscan.git
Change to the GoScan directory and build it:
2) $ cd goscan / goscan /
3) $ make setup
4) $ make build
If you want to create a multiplatform binary, run:
5) $ make cross
Β» Installing the binary
This is the recommended installation method.
$ wget https://github.com/marcolancini/goscan/releases/download/v2.3/goscan_2.3_linux_amd64.zip $ unzip goscan_2.3_linux_amd64.zip2) $ chmod + x goscan
Then put the executable in PATH:
3) $ sudo mv ./goscan / usr / local / bin / goscan
Β» Install via Docker
$ git clone https://github.com/marco-lancini/goscan.git
$ cd goscan /
$ docker-compose up --build
example usage take a look at video before this chat
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
30 million TL fear! The hacker gang was smashed, the money was left behind ...
#CyberAttacks
#CyberAttacks
β β β Uππ»βΊπ«Δπ¬πβ β β β
SafeSQL is a static analysis tool for Go that protects against SQL injections :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½
1) $ go get github.com/stripe/safesql
2) $ safesql
Usage: safesql [-q] [-v] package1 [package2 ...]
-q=false: Only print on failure
-v=false: Verbose mode
3) $ safesql example.com/an/unsafe/package
Found 1 potentially unsafe SQL statements:
- /Users/alice/go/src/example.com/an/unsafe/package/db.go:14:19
4) Please ensure that all SQL queries you use are compile-time constants.
5) You should always use parameterized queries or prepared statements
instead of building queries from strings.
6) $ safesql example.com/a/safe/package
You're safe from SQL injection! Yay \o/
7) If SafeSQL passes, your application is free from SQL injections (modulo bugs in the tool), however there are a great many safe programs which SafeSQL will declare potentially unsafe. These false positives fall roughly into two buckets:
First, SafeSQL does not currently recursively trace functions through the call graph. If you have a function that looks like this:
func MyQuery(query string, args ...interface{}) (*sql.Rows, error) {
return globalDBObject.Query(query, args...)
}
and only call MyQuery with compile-time constants, your program is safe; however SafeSQL will report that (*database/sql.DB).
8) Query is called with a non-constant parameter (namely the parameter to MyQuery). This is by no means a fundamental limitation: SafeSQL could recursively trace the query argument through every intervening helper function to ensure that its argument is always constant, but this code has yet to be written.
9) The second sort of false positive is based on a limitation in the sort of analysis SafeSQL performs: there are many safe SQL statements which are not feasible (or not possible) to represent as compile-time constants. More advanced static analysis techniques (such as taint analysis).
In order to ignore false positives, add the following comment to the line before or the same line as the statement:
//nolint:safesql
β β β Uππ»βΊπ«Δπ¬πβ β β β
SafeSQL is a static analysis tool for Go that protects against SQL injections :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½
1) $ go get github.com/stripe/safesql
2) $ safesql
Usage: safesql [-q] [-v] package1 [package2 ...]
-q=false: Only print on failure
-v=false: Verbose mode
3) $ safesql example.com/an/unsafe/package
Found 1 potentially unsafe SQL statements:
- /Users/alice/go/src/example.com/an/unsafe/package/db.go:14:19
4) Please ensure that all SQL queries you use are compile-time constants.
5) You should always use parameterized queries or prepared statements
instead of building queries from strings.
6) $ safesql example.com/a/safe/package
You're safe from SQL injection! Yay \o/
7) If SafeSQL passes, your application is free from SQL injections (modulo bugs in the tool), however there are a great many safe programs which SafeSQL will declare potentially unsafe. These false positives fall roughly into two buckets:
First, SafeSQL does not currently recursively trace functions through the call graph. If you have a function that looks like this:
func MyQuery(query string, args ...interface{}) (*sql.Rows, error) {
return globalDBObject.Query(query, args...)
}
and only call MyQuery with compile-time constants, your program is safe; however SafeSQL will report that (*database/sql.DB).
8) Query is called with a non-constant parameter (namely the parameter to MyQuery). This is by no means a fundamental limitation: SafeSQL could recursively trace the query argument through every intervening helper function to ensure that its argument is always constant, but this code has yet to be written.
9) The second sort of false positive is based on a limitation in the sort of analysis SafeSQL performs: there are many safe SQL statements which are not feasible (or not possible) to represent as compile-time constants. More advanced static analysis techniques (such as taint analysis).
In order to ignore false positives, add the following comment to the line before or the same line as the statement:
//nolint:safesql
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - stripe-archive/safesql: Static analysis tool for Golang that protects against SQL injections
Static analysis tool for Golang that protects against SQL injections - GitHub - stripe-archive/safesql: Static analysis tool for Golang that protects against SQL injections
we start today a secure website & simple table for Cve news, cve codes,shells, and details :
https://DailyCve.com
Twitter.com/dailycve
t.me/dailycve
https://DailyCve.com
(please note: our team always triyng to fix bugs and share with you the best experiences 12/24)
for updates:Twitter.com/dailycve
t.me/dailycve
DailyCVE
Vulnerability Database & Alerts - DailyCVE
"DailyCVE.com β The advanced vulnerability database with modern testing, patching tutorials, and up-to-date security insights. Stay ahead of threats!"
Forwarded from DailyCVE
Forwarded from DailyCVE
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
It would be necessary for Russians to prevent the authorities from dealing on their data.
#International
#International
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Important utilities for any ruby coder:
cane(https://github.com/square/cane) > Code quality threshold checking as part of your build.
> Fasterer(https://github.com/DamirSvrtan/fasterer) > Common Ruby idioms checker.
> flay(https://ruby.sadi.st/Flay.html) > Flay analyzes code for structural similarities.
> flog(https://ruby.sadi.st/Flog.html) > Flog reports the most tortured code in an easy to read pain report. The higher the score, the more pain the code is in.
> laser(https://github.com/michaeledgar/laser) :warning: > Static analysis and style linter for Ruby code.
> pelusa(https://github.com/codegram/pelusa) > Static analysis Lint>type tool to improve your OO Ruby code.
> Querly(https://github.com/soutaro/querly) > Pattern Based Checking Tool for Ruby.
|> Railroader(https://railroader.org) > An open source static analysis security vulnerability scanner for Ruby on Rails applications.
> rails_best_practices(https://rails>bestpractices.com) > A code metric tool for Rails projects
> reek(https://github.com/troessner/reek) > Code smell detector for Ruby.
> RuboCop(https://docs.rubocop.org/rubocop) > A Ruby static code analyzer, based on the community Ruby style guide.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Important utilities for any ruby coder:
cane(https://github.com/square/cane) > Code quality threshold checking as part of your build.
> Fasterer(https://github.com/DamirSvrtan/fasterer) > Common Ruby idioms checker.
> flay(https://ruby.sadi.st/Flay.html) > Flay analyzes code for structural similarities.
> flog(https://ruby.sadi.st/Flog.html) > Flog reports the most tortured code in an easy to read pain report. The higher the score, the more pain the code is in.
> laser(https://github.com/michaeledgar/laser) :warning: > Static analysis and style linter for Ruby code.
> pelusa(https://github.com/codegram/pelusa) > Static analysis Lint>type tool to improve your OO Ruby code.
> Querly(https://github.com/soutaro/querly) > Pattern Based Checking Tool for Ruby.
|> Railroader(https://railroader.org) > An open source static analysis security vulnerability scanner for Ruby on Rails applications.
> rails_best_practices(https://rails>bestpractices.com) > A code metric tool for Rails projects
> reek(https://github.com/troessner/reek) > Code smell detector for Ruby.
> RuboCop(https://docs.rubocop.org/rubocop) > A Ruby static code analyzer, based on the community Ruby style guide.
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - square/cane: Code quality threshold checking as part of your build
Code quality threshold checking as part of your build - square/cane
Forwarded from DailyCVE
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Bitcoin is nearing the $30,000 level, and in one year it has skyrocketed 3 times. What's about 2021 ?
#Updates
#Updates
