Author Topic: Tests and other Media topics  (Read 263266 times)

0 Members and 2 Guests are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32166
  • malware fighter
Re: Tests and other Media topics
« Reply #750 on: January 05, 2020, 06:48:16 PM »
Security grade of this search engine webpage: https://www.qwant.com/
Re: https://www.shodan.io/host/194.187.168.100
See: https://webhint.io/scanner/47f3776f-d541-49f3-93c0-a8d2dfb3c168
Cookie & Security Scan report: https://webcookies.org/cookies/www.qwant.com/1128157?673125
Re: B-grade: https://observatory.mozilla.org/analyze/www.qwant.com

Errors in browser console: Refused to load the image 'hxtps://lite.qwant.com/img/v4/header/header-bg-tablet.svg?redirect=OperaMobi13.04&1539938515=' because it violates the following Content Security Policy directive: "img-src blob: 'self' s1.qwant.com s2.qwant.com s.qwant.com data: s-boards.qwant.com s-lite.qwant.com www.qwant.com".

/undefined:1 GET -https://www.qwant.com/undefined 404
Image (async)
replaceInnerHTML @ app.js?1576502819736:3
constructor @ app.js?1576502819736:3
startApplication @ bootstrap.js?1576502819736:196
(anonymous) @ bootstrap.js?1576502819736:140
b.then @ app.js?1576502819736:1
initApplication @ bootstrap.js?1576502819736:139
languageFileLoad @ bootstrap.js?1576502819736:254
load (async)
(anonymous) @ bootstrap.js?1576502819736:224

DOM-XSS issues: Results from scanning URL: -https://www.qwant.com/
Number of sources found: 2
Number of sinks found: 38

and results from scanning URL: -https://www.qwant.com/js/app.js?1576502819736
Number of sources found: 302
Number of sinks found: 1037

and results from scanning URL: -https://www.qwant.com/js/app.js?1576502819736
Number of sources found: 609
Number of sinks found: 291

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32166
  • malware fighter
Re: Tests and other Media topics
« Reply #751 on: January 14, 2020, 05:39:25 PM »
Domain name cert checks.

Combine tests here, for instance: https://www.immuniweb.com/radar/?id=v4BmqgTP
and https://www.immuniweb.com/ssl/ & https://www.immuniweb.com/websec/
also https://www.immuniweb.com/websec/?id=U3EpLj3f (example)
and at https://moz.com/learn/seo/domain

Check: crt.sh for certificate transparancy scans.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32166
  • malware fighter
Re: Tests and other Media topics
« Reply #752 on: January 20, 2020, 06:22:32 AM »
Next to testing with Retire.JS extension inside the browser or https://retire.insecurity.today/
developed by Erlend Oftedal, we can also test at DomStorm's class selector XSS at
-> https://domstorm.skepticfx.com/modules?id=529bbe6e125fac0000000003
Other modules also available.. handy for DOM-XSS searches for sinks and sources.
Other example test: https://domstorm.skepticfx.com/modules?id=559b066c34473500003d257b

Enjoy, my friends, enjoy,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32166
  • malware fighter
Re: Tests and other Media topics
« Reply #753 on: January 20, 2020, 10:01:59 PM »
To make the theoretical ideas stand out more practically - when we combine retire.JS -
domstorm repository, SNYK vulners etc., is to know how to protect against this,
especially against abuse combined with payload injectors. (XSSight abuse etc.).

In general: Defenses against XSS
What input do we trust? (browser- and client-side validation)
Does it adhere to expected patterns?
Never simply reflect untrusted data.
Applies to data within our database too.
Encoding of context(Java/attribute/HTML/CSS

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32166
  • malware fighter
Re: Tests and other Media topics
« Reply #754 on: January 21, 2020, 04:25:24 PM »
Re: http://research.insecurelabs.org/jquery/test/

Let us take a particular example with known abuse and analyse retirable jQuery library there.
Re: https://www.abuseipdb.com/check/195.62.29.11 *
Check that particular IP for "vulners": https://www.shodan.io/host/195.62.29.11 common OpenSSH abuse...
Site report: https://sitereport.netcraft.com/?url=http%3A%2F%2Fparagon.net.uk
We see an outdated Word Press CMS version there: WordPress Version 4.9.13
We see it has passed various reputation checks (questionable in the light of the abuse report, see above *)
Reputation Check
PASSED
Google Safe Browse:OK
Spamhaus Check:OK
Abuse CC:OK
Dshield Blocklist:OK
Cisco Talos Blacklist:OK

External hosts also Google Safe Browsing approved:
Externally Linked Host   Hosting Provider   Country   
    -www.godaddy.com   GTT Communications Inc.   United States    
    -www.heg.com   Host Europe GmbH   United Kingdom    
    -domains.meshdigital.com   Host Europe GmbH   United Kingdom    
    -www.domainbox.com   Host Europe GmbH   United Kingdom    
    -aboutus.godaddy.net   Dosarrest Internet Security LTD   United States   

For the DOM we go here: https://urlscan.io/result/4c8d465b-1577-496b-9b0c-3c768c8c3dd0

1 Retirable jQuery library: https://retire.insecurity.today/#!/scan/608243a0f733be6600ab4c37808b81dd7dfbaccd646f3cbc5fc5251850d95bfc

DOM-XSS Sinks and Sources there: Results from scanning URL: -https://www.heg.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Number of sources found: 41
Number of sinks found: 17

Sources, output that could be controlled - .top! .innerHTML= [name= .location. .name write( opener| .parent .open( .op= =top+ "top"
sinks, methods to do so, .value href= data= .src=

The SNYK results from webhint - hint #1: 'jQuery@1.12.4' has 2 known vulnerabilities (2 medium). See 'https://snyk.io/vuln/npm:jquery' for more information@ https://webhint.io/scanner/9d38081f-16c8-4085-a918-baedbc3e3c9c#category-security

We find two requests with regular content  on -https://www.heg.com/wp-includes/js/jquery/jquery.js?ver=1.12.4

Read: https://github.com/jquery/jquery/issues/2432

Also valuable info from: https://webcookies.org/cookies/www.heg.com/28887761?484748
about outdated PHP and excessive server info proliferation; X-Powered-By: PHP/5.4.44
The header exposes web server version details. These serves no purpose apart from making life of security auditors and hackers easier, leading them straight to exploits for this particular version of product - Server: Apache/2.2.15 (CentOS)
-> https://www.centos.org/forums/viewtopic.php?t=65285

Results of vulners webscanner extension for/on HEG website:
Quote
wXw.heg.com
Apache, headers
Not vulnerable
PHP, headers - 5.4.44 vulnerable
7.5

jQuery, headers - 1.3
Not vulnerable
jQuery, script
Not vulnerable
jQuery Migrate, script
Not vulnerable
Bootstrap, script
Not vulnerable
Font Awesome, html
Not vulnerable
Yoast SEO, html - 4.5
Not vulnerable
Wordpress - 4.9.13
Not vulnerable
2017 -Vulners.comvulners.com


polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: January 22, 2020, 05:57:18 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32166
  • malware fighter
Re: Tests and other Media topics
« Reply #755 on: January 21, 2020, 11:06:57 PM »
Compare malicious IP scans.

Re: https://urlhaus.abuse.ch/url/294136/
IP server info: https://www.shodan.io/host/108.58.8.186
together with Netcraft's site report: https://sitereport.netcraft.com/?url=ool-6c3a08ba.static.optonline.net
Confirmation of scanning and Mirai-like infestations: https://viz.greynoise.io/ip/108.58.8.186

pol
« Last Edit: January 21, 2020, 11:08:51 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32166
  • malware fighter
Re: Tests and other Media topics
« Reply #756 on: January 22, 2020, 06:14:55 AM »
Testing PHP - http://evuln.com/tools/php-security/
There are also free apllications, so I won't give that address for we don't wanna break those  ;)
Also: https://phpstan.org/  as an online tool.
Example test on index.php: https://phpstan.org/r/2976723a-53b1-4698-8984-ccbbdee9b292

https://www.quora.com/How-do-I-view-a-PHP-source-code-of-a-website-just-like-we-see-the-HTML-and-other-codes

Sucuri also has resources: https://wordpress.org/support/topic/sucuri-auditqueue-php-and-other-files/
Re: https://www.unphp.net/decode/788b15af31089576dfcc553a4eddedd0/

Vulners extension for this site -forum.avast.com gives vuln. PHP.headers 5.4.49   7.5
-> https://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/opbyp-1/PHP-PHP.html

Often PHP could mean a "can of worms", specifically outside the kernel source of PHP based CMS like Word Press etc.

General interpretation of web security: https://infosec.mozilla.org/guidelines/web_security

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: January 22, 2020, 10:47:53 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32166
  • malware fighter
Re: Tests and other Media topics
« Reply #757 on: February 04, 2020, 05:40:36 PM »
L.S.

Linting for javascript errors and flaws, e.g. javascript-validation.
Combine with results from vulners webs scanner extension, Zen Mate Web Firewall extension &
Javascript Error Notifier extension and shodan extension for eventual website server info.

Using an online Javascript Validator: http://beautifytools.com/javascript-validator.php
Tested:  -https://refugiodocapitao.com.br/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Number of sources found: 3
Number of sinks found: 0
Linting produced:
Line   Col   Errors
5   1   Missing semicolon.
0   0   Use the function form of "use strict".
26   94   Missing semicolon.
31   146   Use '===' to compare with 'false'.

Scanned for retirable jQuery library: -https://refugiodocapitao.com.br/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Detected libraries:
jquery-migrate - 1.4.1 : -https://refugiodocapitao.com.br/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
No vulnerable libraries found

Line   Col   Errors
222   58   Unnecessary semicolon.
258   18   'options' is defined but never used.
298   22   'e' is defined but never used.
308   28   'e' is defined but never used.
360   35   'options' is defined but never used.
399   1   'new_max' is defined but never used.
424   53   'options' is defined but never used.
475   1   'whCustom' is defined but never used.
530   22   'index' is defined but never used.
460   1   'html_el' is defined but never used.
464   1   'full_slider' is defined but never used.
651   8   Use '===' to compare with '0'.
695   27   'direction' is defined but never used.
751   58   Expected an assignment or function call and instead saw an expression.
760   9   ['jswing'] is better written in dot notation.
760   30   ['swing'] is better written in dot notation.
794   62   A leading decimal point can be confused with a dot: '.3'.
801   62   A leading decimal point can be confused with a dot: '.3'.
808   65   A leading decimal point can be confused with a dot: '.3'.
811   22   A leading decimal point can be confused with a dot: '.5'.
812   71   A leading decimal point can be confused with a dot: '.5'.
834   41   A leading decimal point can be confused with a dot: '.75'.
836   44   A leading decimal point can be confused with a dot: '.9375'.
838   47   A leading decimal point can be confused with a dot: '.984375'.
842   70   A leading decimal point can be confused with a dot: '.5'.
843   60   A leading decimal point can be confused with a dot: '.5'.
843   67   A leading decimal point can be confused with a dot: '.5'.
781   49   Use '===' to compare with '0'.
784   6   Use '===' to compare with '0'.
794   6   Use '===' to compare with '0'.
795   33   's' is already defined.
796   10   's' is already defined.
801   6   Use '===' to compare with '0'.
802   33   's' is already defined.
803   10   's' is already defined.
808   6   Use '===' to compare with '0'.
809   33   's' is already defined.
810   10   's' is already defined.
815   7   Use '===' to compare with 'undefined'.
819   7   Use '===' to compare with 'undefined'.
823   7   Use '===' to compare with 'undefined'.
906   50   'delay' is defined but never used.
1173   17   Use '===' to compare with 'true'.
1289   5   'win' is defined but never used.
1186   22   'avia_is_mobile' is not defined.

Then we gonna compare to detected sinks and sources via a DOM XSS scan:

But here we found sources and sinks in retirable code:
https://retire.insecurity.today/#!/scan/618f3f67a7d9c4e74e7f1378ebe74d92b11d17db042b56d657463ceec95256d0

Detected sources and sinks: .parent, .top, .location, &  location.href. =

Re: https://domstorm.skepticfx.com/ ->https://domstorm.skepticfx.com/modules?id=56b4dfde108b7c00007363ac
Pentest tool like:  https://github.com/lwzSoviet/NoXss

jQuery versions with known weaknesses
Bug 9521 - $("#<img src=x onerror=...>")
Bug 11290 - $("element[attribute='<img src=x onerror=...>'")
jQuery issue 2432 - 3rd party $.get() auto executes if content type is text/javascript
jQuery issue 11974 - parseHTML executes inline scripts like event handlers

enjoy, my good friends, enjoy.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32166
  • malware fighter
Re: Tests and other Media topics
« Reply #758 on: February 06, 2020, 11:24:22 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32166
  • malware fighter
Re: Tests and other Media topics
« Reply #759 on: February 15, 2020, 02:59:45 PM »
Interesting test here: https://hidester.com/webrtc-ip-leak-test/
and more at that site where that came from.
Redirect checker and many other tools here: http://www.internetofficer.com/seo-tool/redirect-check/

Check websites for trackers (check Ghostery & ZenMate Web Firwall extension) here:
(random example): https://whotracks.me/websites/rijmwoordenboek.nl.html

URL analysis: www.theurlanalyzer.com  &  against threats: https://csi.forcepoint.com/  (5 reports a day free access)

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32166
  • malware fighter
Re: Tests and other Media topics
« Reply #760 on: February 15, 2020, 10:24:31 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32166
  • malware fighter
Re: Tests and other Media topics
« Reply #761 on: February 20, 2020, 09:52:38 PM »
Check subdomain enumeration: search query = site:example.com
& https://pentest-tools.com/information-gathering/find-subdomains-of-domain#
or  https://www.ultratools.com/
also  https://securitytrails.com/dns-trails

Quote
subdomain enumeration methods
Scraping
Brute-force
Alterations & permutations of already known subdomains
Online DNS tools
SSL certificates
Certificate Transparency
Search engines
Public datasets
DNS aggregators
Git repositories
Text parsing (HTML, JavaScript, documents…)
VHost discovery
ASN discovery
Reverse DNS
Zone transfer (AXFR)
DNSSEC zone walking
DNS cache snooping
Content-Security-Policy HTTP headers
Sender Policy Framework (SPF) records
Subject Alternate Name (SAN)
info source credits go to SecOff.

polonus


Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!