Contributing security tools to the AUR

Sebastian reinstalled his Arch Linux recently and continued to build some AUR (Arch user repository) packages. He’ll share some of the security related ones with you.

The following tools are packaged and maintained by Sebastian:

AXFR scanner

After our research on the Alexa Top 1M AXFR issue, we’ve published the AXFR scanner on GitHub. You can now easily install this tool with a simple yaourt axfrscanner-git. The usage of the tool has changed slightly to be more usable as a commandline tool:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

$> axfrscanner --help
usage: axfrscanner [-h] [-i [INPUTFILE]] [-o [OUTPUTFILE]] [-l [LOGFILE]]
                   [-p [PROCESSES]] [-d [DOMAIN]]

Check domains' nameservers for public AXFR

optional arguments:
  -h, --help            show this help message and exit
  -i [INPUTFILE], --inputfile [INPUTFILE]
                        Inputfile to read domains from. Default: stdin
  -o [OUTPUTFILE], --outputfile [OUTPUTFILE]
                        Outputfile to write zonedata to. Default: stdout
  -l [LOGFILE], --logfile [LOGFILE]
                        Logfile to use. Default: stderr
  -p [PROCESSES], --processes [PROCESSES]
                        Processes to use. Default: 20
  -d [DOMAIN], --domain [DOMAIN]
                        Domain to check. Ignored if -i is used.

Heartbleed scanner

Heartbleed is a pretty scary vulnerability which was discovered in 2014 and since then has been used to extract private keys from various OpenSSL applications. Sebastian built a package called heartbleedscanner-git for the python tools offered by einaros. This package includes three different programs:

  • heartbleedscanner : OpenSSL Heartbleed (CVE-2014-0160) vulnerability scanner and data miner.
  • heartbleedscanner-keyscan: Traverse memory dump, looking for prime factors.
  • heartbleedscanner-keydump: Restore SSL priv key based on prime at specific dump file offset.

Poodle scanner

Poodle is the name of a vulnerability in the SSLv3 protocol. There’s now a package for the python poodle scanning tool from 0xICF called poodlescanner-git. Usage:

1
2

$> poodlescanner -H localhost
localhost:443 SSLv3 [Errno 111] Connection refused

Useragent

The package is named useragent-git and it’s a small bash script (source on GitHub) which can be used to print different useragents to stdout. This is often useful in combination with curl or wget.

1
2

$> useragent -w
Mozilla/5.0 (Windows NT 5.0; rv:10.0) Gecko/20100101 Firefox/10.0

Wordlist

You can install wordlist-git which is a package for the python wordlist generation script by rexos. Different patterns can be provided.

1
2
3
4
5
6

> wordlist 0-9 -m 2 -M 3
00
01
02
[...]
999

theHarvester

The package theharvester-git contains a python script which can be used “for gathering e-mail accounts, subdomain names, virtualhosts, open ports/ banners, and employee names from different public sources(search engines, pgp key servers).”. More information can be found on the project’s repository.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

Usage: theharvester options 

       -d: Domain to search or company name
       -b: data source: google, googleCSE, bing, bingapi, pgp, linkedin,
                        google-profiles, jigsaw, twitter, googleplus, all

       -s: Start in result number X (default: 0)
       -v: Verify host name via dns resolution and search for virtual hosts
       -f: Save the results into an HTML and XML file
       -n: Perform a DNS reverse query on all ranges discovered
       -c: Perform a DNS brute force for the domain name
       -t: Perform a DNS TLD expansion discovery
       -e: Use this DNS server
       -l: Limit the number of results to work with(bing goes from 50 to 50 results,
       -h: use SHODAN database to query discovered hosts
            google 100 to 100, and pgp doesn't use this option)

This was just the small list of packages which Sebastian contributed. There are of course other security related packages in the AUR:

  • burpsuite: Free version of burp
  • wpscan: Wordpress vulnerability scanner
  • sqlmap: SQL injection helper
  • subbrute: DNS subdomain brute forcer
  • sslyze: SSL testing tool
  • ffdec: Flash decompiler
  • metasploit: Metasploit framework
  • radare2: Portable reversing framework
  • and many more

Sebastian will keep contributing useful security packges to the AUR ;)

The team of internetwache.org