Author Topic: Tests and other Media topics  (Read 579389 times)

0 Members and 2 Guests are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #570 on: April 05, 2018, 03:07:00 PM »
In the light of re-appearing security issues with websites with PHP driven Word Press CMS
(CMS short for Content Management Software).


Start to scan for a really quick and dirty here: http://hackertarget.com/wordpress-security-scan/

Also at: https://sitecheck.sucuri.net/
and https://www.quttera.com scans.

Furthermore for retirable jQuery libraries scan here: https://retire.insecurity.today/#

Also: https://observatory.mozilla.org/?
Together with a scan here: https://cryptoreport.websecurity.symantec.com/checker/en
Furthermore scan at: http://www.domxssscanner.com/

All scans are just meant for obtain benevolent research info.
Never use any info so gained against a certain AS, domain, IP range or IP etc.

For a json and api info scan: https://urlscan.io/domain

More scan suggestions via : https://geekflare.com/online-scan-website-security-vulnerabilities/

Interesting results may also be obtrained here via a scan here:
https://www.eff.org/https-everywhere/atlas/

Also via http://rips-scanner.sourceforge.net/ 
and
https://app.upguard.com/webscan#/

Enjoy my friends, enjoy.  Info credits luntrus (@security dot nl)

With questions or issues come to the virus and worms section of these avast forums,

polonus (volunteer website security analyst and website error hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Tests and other Media topics
« Reply #571 on: April 05, 2018, 04:06:09 PM »
Thank You. :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #572 on: April 07, 2018, 02:49:18 PM »
This is a POC - DO NOT use it for a production environment  Info credits goes to thecker at Github Today

Checking this POC code against facebook's proxygen-bolt -> https://github.com/lhecker/libnodecc
Do not use libnodecc in a developer's production environment, just for research experiments only.
See: https://urlscan.io/result/3b26405e-cc14-49fb-ba92-e2e2f8be0368/jsonview/
and https://urlquery.net/report/c85aceb0-5456-4363-ad7f-b9bb3e960636
proxygen-bolt unrecognized despite returning data
There always should be room for PHP (in)security testing: Security Checks for -static.xx.fbcdn.net
Verdict of insecurity:
(2) Susceptible to man-in-the-middle attacks
HSTS header does not contain includeSubDomains
HSTS header not prepared for preload list inclusion
Vulnerable to cross-site attacks
HttpOnly cookies not used

error to go onto
Quote
-static.xx.fbcdn.net/rsrc.php/v3iCvN4/yt/l/DE/iNEySX6agJT.js benign
     info: [decodingLevel=0] found JavaScript
     error: undefined variable __d
     error: undefined function __d
nested undefined variable error, when you try to grab, but you do not see what is run...(pol).

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #573 on: April 10, 2018, 04:49:27 PM »
Babel, a strict VM driven javascript compiler on the client (browser) to tight-test javascript security!

What we tested? Well javascript taken from this scan: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fyandex.ru

Tested against babel here: https://babeljs.io/repl#?babili=false&browsers=&build=&builtIns=false&code_lz=BQMwrgdgxgLglgewsA5gGgBZoDIEoDe408SABAG7ACGaARmlAQE4CmMYTEpRsiyBMJgE98rdp1JUAdFQAOsgDZDgMDHA

Do not think out of the box, think strict and exact. Go to the next phase with Rust and Babel.

Another check of this code: -mc.yandex.ru/metrika/watch.js benign
DOM-XSS vuln.
Number of sources found: 77
Number of sinks found: 14

For instance
Quote
repl: Unexpected token, expected ; (1:17)
> 1 | ["\x3c/form\x3e"]);h.innerHTML=k.join("")
    |                  ^ 

Enjoy, my research developer friends, enjoy,

Example
Quote
import codeFrame from 'babel-code-frame';
 
const rawLines = `class Foo {
  constructor()
}`;
const lineNumber = 2;
const colNumber = 16;
 
const result = codeFrame(rawLines, lineNumber, colNumber, { /* options */ });
 
console.log(result);
var jsTokens = require("js-tokens").default
 
var jsString = "var foo=opts.foo;\n..."
 
jsString.match(jsTokens)
// ["var", " ", "foo", "=", "opts", ".", "foo", ";", "\n", ...]
import {matchToToken} from "js-tokens"
// or:
var g = 9.82
var number = bar / 2/g


polonus
« Last Edit: April 10, 2018, 05:26:35 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #574 on: May 03, 2018, 04:35:06 PM »
Checking the privacy status of a certain website to a certain degree (cookies, advice, privacy, mozilla recommendations):

Re: https://webcookies.org/scan/15218489
Re: https://www.scamadviser.com/check-website/borneonews.co.id
Re: https://observatory.mozilla.org/analyze/www.borneonews.co.id
Re: https://privacyscore.org/site/96307/
Quote
This website is secured
100% of the trackers on this site are helping protect you from NSA snooping. Why not thank borneonews.co.id for being secure?

 All trackers
At least 7 third parties know you are on this webpage.

 -Google
 -www.borneonews.co.id
 -Facebook
 -Google
-www.google-analytics.com Google
 -api.borneonews.co.id
 -Google

 Info Tracker SSL extension report for wXw.borneonews.co.id

Also consider (1 red out of 10 netcraft risk given):
https://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fwww.borneonews.co.id%2F

and insecurity reported here: https://app.upguard.com/webscan#/borneonews.co.id

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: May 03, 2018, 04:48:11 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #575 on: May 06, 2018, 03:07:39 PM »
L.S.

DNS Record Viewer and another fine collection of handy dandy tools here:

http://dns-record-viewer.online-domain-tools.com/

Good to be used in combination with my Shodan extension in the browser - example:
https://www.shodan.io/host/52.2.58.67  -> http://ec2-52-2-58-67.compute-1.amazonaws.com/
PTR - pdns1.ultradns.net  x4.amazonaws.org  x2.amazonaws.com  x1.amazonaws.com  x3.amazonaws.org

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #576 on: May 07, 2018, 11:42:47 PM »
For Word Press website admins and maintanance:

Looking for retirable jQuery libraries: https://retire.insecurity.today/#

Scan for Word Press issues (a quick and dirty) scan at https://hackertarget.com/wordpress-security-scan/

For developers in the audience:
Quote
With Word Press plug-ins there is a possibility to get errors wih a certain plug-in that overwrites,
Press F 12 and inspect in the browser console what file causes this.
First thing to do now is to de-activate the plug-in, and a second solution is to remove the code,
but in that case you have to know your javascript a bit.


Quote info credits and thanks for the instruction goes out to Jasminder Pal Singh
,
who instructed this method to me via an online video.

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #577 on: May 10, 2018, 12:35:42 AM »
Going over an error after a PTR request for 165.38.101.151.in-addr.arpa , it said I got a name error.

After reading on how to setup Reverse DNS & PTR records, I stumbled on this nice online interface website:

https://www.digwebinterface.com/?hostnames=165.38.101.151.in-addr.arpa&type=Reverse&ns=resolver&useresolver=8.8.4.4&nameservers=

Not much to go by here: https://toolbar.netcraft.com/site_report?url=165.38.101.151.in-addr.arpa

Above link for IT specialists and researchers only.

We also checked it here and found out why it failed: DNSsy Report Results
Results for 165.38.101.151.in-addr.arpa

Test   Results   Status
Checking domain format:   Hostname looks good.   Pass
Checking for parent nameservers:   Found 6 parent nameservers.   Pass
Checking for parent glue:   Found glue from root nameservers to parent nameservers.   Info
NS records at parent nameserver:   Your NS records at your parent nameserver are:
 
 
Provided by e.in-addr-servers.arpa -> pri.authdns.ripe.net   Info
Nameservers listed at parent:   No nameservers found at parent nameserver.   Fail

Another tool for web admins in this line: http://www.subnet-calculator.com/cidr.php
and for dns: https://www.dnscolos.com/dnsreport.php


Enjoy, my good friends, enjoy,

polonus (volunteer website security analyst and website error-hunter)

« Last Edit: May 10, 2018, 11:00:45 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #578 on: May 10, 2018, 02:55:25 PM »
More on the dig web interface -

Quote
h@8.8.4.4 (Default):
Usage:  dig [@global-server] [domain] [q-type] [q-class] {q-opt}
            {global-d-opt} host [@local-server] {local-d-opt}
            [ host [@local-server] {local-d-opt} [...]]
Where:  domain     is in the Domain Name System
        q-class  is one of (in,hs,ch,...) [default: in]
        q-type   is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]
                 (Use ixfr=version for type ixfr)
        q-opt    is one of:
                 -x dot-notation     (shortcut for reverse lookups)
                 -i                  (use IP6.INT for IPv6 reverse lookups)
                 -f filename         (batch mode)
                 -b address[#port]   (bind to source address/port)
                 -p port             (specify port number)
                 -q name             (specify query name)
                 -t type             (specify query type)
                 -c class            (specify query class)
                 -k keyfile          (specify tsig key file)
                 -y [hmac:]name:key  (specify named base64 tsig key)
                 -4                  (use IPv4 query transport only)
                 -6                  (use IPv6 query transport only)
                 -m                  (enable memory usage debugging)
        d-opt    is of the form +keyword[=value], where keyword is:
                 +[no]vc             (TCP mode)
                 +[no]tcp            (TCP mode, alternate syntax)
                 +time=###           (Set query timeout) [5]
                 +tries=###          (Set number of UDP attempts) [3]
                 +retry=###          (Set number of UDP retries) [2]
                 +domain=###         (Set default domainname)
                 +bufsize=###        (Set EDNS0 Max UDP packet size)
                 +ndots=###          (Set NDOTS value)
                 +edns=###           (Set EDNS version)
                 +[no]search         (Set whether to use searchlist)
                 +[no]showsearch     (Search with intermediate results)
                 +[no]defname        (Ditto)
                 +[no]recurse        (Recursive mode)
                 +[no]ignore         (Don't revert to TCP for TC responses.)
                 +[no]fail           (Don't try next server on SERVFAIL)
                 +[no]besteffort     (Try to parse even illegal messages)
                 +[no]aaonly         (Set AA flag in query (+[no]aaflag))
                 +[no]adflag         (Set AD flag in query)
                 +[no]cdflag         (Set CD flag in query)
                 +[no]cl             (Control display of class in records)
                 +[no]cmd            (Control display of command line)
                 +[no]comments       (Control display of comment lines)
                 +[no]question       (Control display of question)
                 +[no]answer         (Control display of answer)
                 +[no]authority      (Control display of authority)
                 +[no]additional     (Control display of additional)
                 +[no]stats          (Control display of statistics)
                 +[no]short          (Disable everything except short
                                      form of answer)
                 +[no]ttlid          (Control display of ttls in records)
                 +[no]all            (Set or clear all display flags)
                 +[no]qr             (Print question before sending)
                 +[no]nssearch       (Search all authoritative nameservers)
                 +[no]identify       (ID responders in short answers)
                 +[no]trace          (Trace delegation down from root)
                 +[no]dnssec         (Request DNSSEC records)
                 +[no]nsid           (Request Name Server ID)
                 +[no]sigchase       (Chase DNSSEC signatures)
                 +trusted-key=####   (Trusted Key when chasing DNSSEC sigs)
                 +[no]topdown        (Do DNSSEC validation top down mode)
                 +[no]multiline      (Print records in an expanded format)
                 +[no]onesoa         (AXFR prints only one soa record)
        global d-opts and servers (before host name) affect all queries.
        local d-opts and servers (after host name) affect only that lookup.
        -h                           (print help and exit)
        -v                           (print version and exit)
Example output:
Quote
nimbus.bitdefender.net@8.8.4.4 (Default):
nimbus.bitdefender.net.   21599   IN   CNAME   elb-nvi-amz.nimbus.bitdefender.net.
elb-nvi-amz.nimbus.bitdefender.net. 21599 IN CNAME kube-nimbus-1671728955.us-east-1.elb.amazonaws.com.
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com. 20 IN A 52.204.39.25
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com. 20 IN A 52.203.98.12
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com. 20 IN A 52.203.77.162
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com. 20 IN A 52.205.81.93
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com. 20 IN A 52.45.231.34
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com. 20 IN A 52.45.221.142
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com. 20 IN A 52.44.27.79
kube-nimbus-1671728955.us-east-1.elb.amazonaws.com. 20 IN A 52.21.175.100

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #579 on: May 10, 2018, 08:56:44 PM »
Just some further additional sources: https://www.crunchbase.com/organization/securolytics#section-overview

Scam scanning sites: http://www.scamfoo.com/  &   https://www.islegitsite.com/check

So many ways to establish what a website is all about without actually clicking that website link

polonus (volunteer website security analyzer and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #580 on: May 23, 2018, 11:05:21 PM »
For developer's best practices and for debuggers alike, all your cheat sheets together online:

Re: http://overapi.com/                                       A pity you are not allowed to use it, when doing exams.

Also available as an extension: https://chrome.google.com/webstore/detail/all-cheat-sheets/oedodeocfdeegliepeeoieemhdgoijod

For those into websecurity and error-hunting: https://infosec.mozilla.org/guidelines/web_security.html

Enjoy, my good friends, enjoy,

polonus (volunteer website security analyst and website error-hunter)

« Last Edit: May 24, 2018, 12:58:13 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #581 on: June 03, 2018, 07:26:17 PM »
Net Neutrality Monitor - Monitor and analysis in real-time of the censorship systems used by Internet Service Providers.

Test your ISP for net neutrality: example: http://www.neumon.org/ip/206.165.6.11.html

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

REDACTED

  • Guest
Re: Tests and other Media topics
« Reply #582 on: June 09, 2018, 02:40:38 PM »
HTTP Header check: https://hackertarget.com/http-header-check/
another way using their api: http://api.hackertarget.com/httpheaders/?q=http://www.google.com

See: https://adresults.nl/tools/header-checker/  &  https://headers.cloxy.net/
Re: http://www.internetmarketingninjas.com/header-checker/

Read: https://www.keycdn.com/blog/http-security-headers/  -> check: https://tools.keycdn.com/curl

polonus

Halo Polonus, I have tried link that you share here to check my http header https://smartdigital.id/jasa-seo/ but its show message "unable to connect to HTTP port" and still load more time process than webconfs that I usually use.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #583 on: June 23, 2018, 01:39:51 PM »
A nice website and  webserver scanner for a "quick and dirty"scan,
see results: https://www.htbridge.com/ -> https://www.htbridge.com/websec/

Can be combined with results of this scanner: https://sonarwhal.com/scanner/
and other specific scanners like for instance https://privacyscore.org/https://urlscan.io/domain
Other aspects can be scanned as well, like jQuery library vulnerability at retire.insecurity.today/#
and dom based issues like sources and sinks via: http://www.domxssscanner.com/  (a Google provided service).

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Tests and other Media topics
« Reply #584 on: June 23, 2018, 02:02:23 PM »
This could also help you to find initializer errors in scripts like error: Undefined variable storage, where storage had be changed by ::Storage and then in the controller Storage.put_object_url(...)  to no longer get an error like
Quote
found JavaScript
     error: undefined function storage._each
     error: undefined variable storage
for ci.psdev.de/static/61489873/scripts/behavior.js  (info credits amonetti on Github's).

Other related scans: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fpsdev.de
re: https://urlscan.io/result/0f751ff0-71e9-4649-ab52-54e567d86693

All coming from the scan results at: https://www.htbridge.com/websec/ for related https://retire.insecurity.today/#!/scan/7149f4aa52e5c1e085e865b9b15c34cf6da783c323b3b17f1da65f9b9f4e7d50

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!