31 May 2023

RenApp: The Ultimate File Renaming App



Are you tired of managing your tens of thousands of files like jpgs, pngs, or others and you want a way to manage them as quick as possible then RenApp is solution for all problem.
RenApp lets you change names of many files of a particular type to a common name with added numbering. So no more time wasting in file management just four clicks and your files will be ordered.

Beside that RenApp can clean your folders and subfolders from backup files of .bak or .*~ extension. Removing backup files in order to make space available manually is a tedious work and can take lots of time but why do it that we've got RenApp just locate the folder and click remove it'll remove them all from that folder and its subfolders. 

Some of the features of RenApp are as:
  •    Rename files to a common name.
  •    Rename files of different extensions to a common name in one shot
  •    Remove backup files from folder and subfolders.
R  RenApp is free and Opensource, written in Python with QT interface. Check out the source code at sourceforge.


More information


Posted by at No comments:

Ask And You Shall Receive



I get emails from readers asking for specific malware samples and thought I would make a mini post about it.

Yes, I often obtain samples from various sources for my own research.

 I am sometimes too lazy/busy to post them but don't mind sharing.
If you are looking for a particular sample, feel free to ask. I might have it.

Send MD5 (several or few samples). I cannot provide hundreds/thousands of samples or any kind of feeds. If you ask for a particular family, I might be able to help if I already have it.

Unfortunately, I do not have time to do homework for students and provide very specific sets for malware with specific features as well as guarantee the C2s are still active.  Send your MD5(s) or at least malware family and I check if I have it :) If i have it, I will either send you or will post on the blog where you can download.

If you emailed me in the past and never got an answer, please remind me. Sometimes emails are long with many questions and I flag them to reply to later, when I have time and they get buried or I forget. It does not happen very often but accept my apologies if it happened to you.

Before you ask, check if it is already available via Contagio or Contagio Mobile.
1. Search the blog using the search box on the right side
2. Search here https://www.mediafire.com/folder/b8xxm22zrrqm4/BADINFECT
3. Search here https://www.mediafire.com/folder/c2az029ch6cke/TRAFFIC_PATTERNS_COLLECTION
4. Search here https://www.mediafire.com/folder/78npy8h7h0g9y/MOBILEMALWARE

Cheers,  Mila

Related news

  1. Hack And Tools
  2. Hacking Tools For Kali Linux
  3. How To Hack
  4. Easy Hack Tools
  5. Pentest Reporting Tools
  6. Blackhat Hacker Tools
  7. Hacker Search Tools
  8. Hacking Tools Hardware
  9. Hacker Tools Free
  10. What Is Hacking Tools
  11. Pentest Tools
  12. Hacking Tools 2020
  13. Growth Hacker Tools
  14. Hacking Tools 2020
  15. World No 1 Hacker Software
  16. Hack Tools Mac
  17. What Are Hacking Tools
  18. Hacker Tools 2019
  19. Hacking Tools 2020
  20. Pentest Tools Android
  21. Hack Tools
  22. Hacker Tools For Pc
  23. Hacker Tools Linux
  24. Hacking Apps
  25. Pentest Tools Website Vulnerability
  26. Kik Hack Tools
  27. Hack App
  28. Hacker Tools Free Download
  29. Computer Hacker
  30. Blackhat Hacker Tools
  31. Hack Rom Tools
  32. Game Hacking
  33. Hack Apps
  34. Hacker
  35. Pentest Tools Github
  36. Pentest Tools Website Vulnerability
  37. Hacker Tools
  38. Hacker Tools 2020
  39. Pentest Reporting Tools
  40. Wifi Hacker Tools For Windows
  41. Hacking Tools For Beginners
  42. Hacker Tools For Pc
  43. Hacker Tools Free Download
  44. Hacking Tools Software
  45. Pentest Tools Free
  46. Hack Tools For Ubuntu
  47. How To Hack
  48. Nsa Hack Tools Download
  49. Hacker Tools For Pc
  50. Hack Tools For Games
  51. Hacking Tools Windows 10
  52. Hacking Tools Free Download
  53. Hak5 Tools
  54. Hacker Tools Hardware
  55. Hacking Apps
  56. Hacker Security Tools
  57. Hack App
  58. Pentest Tools Website Vulnerability
  59. Computer Hacker
  60. Hacking Tools Software
  61. Hacker Tools Mac
  62. Hack Tools For Mac
  63. Hacker Hardware Tools
  64. Hack Tools Pc
  65. Hacking Tools Hardware
  66. Pentest Tools For Ubuntu
  67. Hacking Tools Online
  68. Pentest Tools Find Subdomains
  69. Pentest Tools Linux
  70. Hacking Tools For Windows
  71. Best Pentesting Tools 2018
  72. Hack And Tools
  73. Hacking Tools Online
  74. Hacker Tools For Mac
  75. Hacking Tools Windows 10
  76. Hacker Security Tools
  77. Underground Hacker Sites
  78. Blackhat Hacker Tools
  79. Pentest Tools Kali Linux
  80. Hacking Tools Windows 10
  81. Hack Tools
  82. Easy Hack Tools
  83. Hack Tools For Games
  84. Hack Tools Github
  85. Hacking Tools And Software
  86. Pentest Tools Website
  87. Hacking Tools For Beginners
  88. Computer Hacker
  89. Hack And Tools
  90. Hack App
  91. Hack Tools
  92. Hacker Search Tools
  93. Hacking Tools Download
  94. Best Pentesting Tools 2018
  95. Kik Hack Tools
  96. Pentest Tools Framework
  97. Hack Tools For Ubuntu
  98. Hak5 Tools
  99. Hacker Tools Free Download
  100. Ethical Hacker Tools
  101. Pentest Tools Apk
  102. Pentest Tools Framework
  103. Hak5 Tools
  104. Hacking Tools Kit
  105. Hack Tools Pc
  106. Hack Tools
  107. How To Hack
  108. Hacking App
  109. Pentest Tools For Mac
  110. Hacker Tool Kit
  111. Hacker Tools Linux
  112. Hackrf Tools
  113. Hack Tools
  114. Blackhat Hacker Tools
  115. Underground Hacker Sites
  116. Hacking Tools For Games
  117. Pentest Tools For Mac
  118. How To Make Hacking Tools
  119. Install Pentest Tools Ubuntu
  120. Game Hacking
  121. Hacker Tools Apk
  122. New Hacker Tools
  123. Pentest Tools Android
  124. Hack Tool Apk
  125. Hack Rom Tools
  126. Android Hack Tools Github
  127. Hacker Tools 2019
  128. World No 1 Hacker Software
  129. Physical Pentest Tools
  130. Pentest Tools Kali Linux
  131. Tools For Hacker
  132. Hacker Tools For Pc
  133. Hacking Tools For Windows 7
  134. Hacking App
  135. Underground Hacker Sites
  136. Hacker Tools Hardware
  137. Hacker Tools Free
Posted by at No comments:

30 May 2023

ChopChop - ChopChop Is A CLI To Help Developers Scanning Endpoints And Identifying Exposition Of Sensitive Services/Files/Folders


ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT.

Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot. Checks/Signatures are declared in a config file (by default: chopchop.yml), fully configurable, and especially by developers.



"Chop chop" is a phrase rooted in Cantonese. "Chop chop" means "hurry" and suggests that something should be done now and without delay.


Building

We tried to make the build process painless and hopefully, it should be as easy as:

$ go mod download
$ go build .

There should be a resulting gochopchop binary in the folder.


Using Docker

Thanks to Github Container Registry, we are able to provide you some freshly-build Docker images!

docker run ghcr.io/michelin/gochopchop scan https://foobar.com -v debug

But if you prefer, you can also build it locally, see below:


Build locally
docker build -t gochopchop .

Usage

We are continuously trying to make goChopChop as easy as possible. Scanning a host with this utility is as simple as :

$ ./gochopchop scan https://foobar.com

Using Docker
docker run gochopchop scan https://foobar.com

Custom configuration file
docker run -v ./:/app chopchop scan -c /app/chopchop.yml https://foobar.com

What's next

The Golang rewrite took place a couple of months ago but there's so much to do, still. Here are some features we are planning to integrate : [x] Threading for better performance [x] Ability to specify the number of concurrent threads [x] Colors and better formatting [x] Ability to filter checks/signatures to search for [x] Mock and unit tests [x] Github CI And much more!


Testing

To quickly end-to-end test chopchop, we provided a web-server in tests/server.go. To try it, please run go run tests/server.go then run chopchop with the following command ./gochopchop scan http://localhost:8000 --verbosity Debug. ChopChop should print "no vulnerabilities found".

There are also unit test that you can launch with go test -v ./.... These tests are integrated in the github CI workflow.


Available flags

You can find the available flags available for the scan command :

Flag Full flag Description
-h --help Help wizard
-v --verbosity Verbose level of logging
-c --signature Path of custom signature file
-k --insecure Disable SSL Verification
-u --url-file Path to a specified file containing urls to test
-b --max-severity Block the CI pipeline if severity is over or equal specified flag
-e --export Export type of the output (csv and/or json)
--export-filename Specify the filename for the export file(s)
-t --timeout Timeout for the HTTP requests
--severity-filter Filter Plugins by severity
--plugin-filter Filter Plugins by name of plugin
--threads Number of concurrent threads

Advanced usage

Here is a list of advanced usage that you might be interested in. Note: Redirectors like > for post processing can be used.

  • Ability to scan and disable SSL verification
$ ./gochopchop scan https://foobar.com --insecure
  • Ability to scan with a custom configuration file (including custom plugins)
$ ./gochopchop scan https://foobar.com --insecure --signature test_config.yml
  • Ability to list all the plugins or by severity : plugins or plugins --severity High
$ ./gochopchop plugins --severity High
  • Ability to specify number of concurrent threads : --threads 4 for 4 workers
$ ./gochopchop plugins --threads 4
  • Ability to block the CI pipeline by severity level (equal or over specified severity) : --max-severity Medium
$ ./gochopchop scan https://foobar.com --max-severity Medium
  • Ability to specify specific signatures to be checked
./gochopchop scan https://foobar.com --timeout 1 --verbosity --export=csv,json --export-filename boo --plugin-filters=Git,Zimbra,Jenkins
  • Ability to list all the plugins
$ ./gochopchop plugins
  • List High severity plugins
$ ./gochopchop plugins --severity High
  • Set a list or URLs located in a file
$ ./gochopchop scan --url-file url_file.txt
  • Export GoChopChop results in CSV and JSON format
$ ./gochopchop scan https://foobar.com  --export=csv,json --export-filename results

Creating a new check

Writing a new check is as simple as :

  - endpoint: "/.git/config"
    checks:
      - name: Git exposed
        match:
          - "[branch"
        remediation: Do not deploy .git folder on production servers
        description: Verifies that the GIT repository is accessible from the site
        severity: "High"

An endpoint (eg. /.git/config) is mapped to multiple checks which avoids sending X requests for X checks. Multiple checks can be done through a single HTTP request. Each check needs those fields:

Attribute Type Description Optional ? Example
name string Name of the check No Git exposed
description string A small description for the check No Ensure .git repository is not accessible from the webroot
remediation string Give a remediation for this specific "issue" No Do not deploy .git folder on production servers
severity Enum("High", "Medium", "Low", "Informational") Rate the criticity if it triggers in your environment No High
status_code integer The HTTP status code that should be returned Yes 200
headers List of string List of headers there should be in the HTTP response Yes N/A
no_headers List of string List of headers there should NOT be in the HTTP response Yes N/A
match List of string List the strings there should be in the HTTP response Yes "[branch"
no_match List of string List the strings there should NOT be in the HTTP response Yes N/A
query_string GET parameters that have to be passed to the endpoint String Yes query_string: "id=FOO-chopchoptest"

External Libraries
Library Name Link License
Viper https://github.com/spf13/viper MIT License
Go-pretty https://github.com/jedib0t/go-pretty MIT License
Cobra https://github.com/spf13/cobra Apache License 2.0
strfmt https://github.com/go-openapi/strfmt Apache License 2.0
Go-homedir https://github.com/mitchellh/go-homedir MIT License
pkg-errors https://github.com/pkg/errors BSD 2 (Simplified License)
Go-runewidth https://github.com/mattn/go-runewidth MIT License

Please, refer to the third-party.txt file for further information.


Talks
License

ChopChop has been released under Apache License 2.0. Please, refer to the LICENSE file for further information.


Authors
  • Paul A.
  • David R. (For the Python version)
  • Stanislas M. (For the Golang version)


Related links
Posted by at No comments:

Nemesis: A Packet Injection Utility


"Nemesis is a command-line network packet injection utility for UNIX-like and Windows systems. You might think of it as an EZ-bake packet oven or a manually controlled IP stack. With Nemesis, it is possible to generate and transmit packets from the command line or from within a shell script. Nemesis attacks directed through fragrouter could be a most powerful combination for the system auditor to find security problems that could then be reported to the vendor(s)." read more...

Website: http://www.packetfactory.net/projects/nemesis

More info

Posted by at No comments:
Subscribe to: Posts (Atom)