Sebastian reinstalled his Arch Linux recently and continued to build some AUR (Arch user repository) packages. He’ll share some of the security related ones with you.
The following tools are packaged and maintained by Sebastian:
After our research on the Alexa Top 1M AXFR issue, we’ve published the AXFR scanner on GitHub. You can now easily install this tool with a simple
yaourt axfrscanner-git. The usage of the tool has changed slightly to be more usable as a commandline tool:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
Heartbleed is a pretty scary vulnerability which was discovered in 2014 and since then has been used to extract private keys from various OpenSSL applications. Sebastian built a package called
heartbleedscanner-git for the python tools offered by einaros. This package includes three different programs:
heartbleedscanner: OpenSSL Heartbleed (CVE-2014-0160) vulnerability scanner and data miner.
heartbleedscanner-keyscan: Traverse memory dump, looking for prime factors.
heartbleedscanner-keydump: Restore SSL priv key based on prime at specific dump file offset.
The package is named
useragent-git and it’s a small bash script (source on GitHub) which can be used to print different useragents to stdout. This is often useful in combination with curl or wget.
You can install
wordlist-git which is a package for the python wordlist generation script by rexos. Different patterns can be provided.
1 2 3 4 5 6
theharvester-git contains a python script which can be used “for gathering e-mail accounts, subdomain names, virtualhosts, open ports/ banners, and employee names from different public sources(search engines, pgp key servers).”. More information can be found on the project’s repository.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
This was just the small list of packages which Sebastian contributed. There are of course other security related packages in the AUR:
burpsuite: Free version of burp
wpscan: Wordpress vulnerability scanner
sqlmap: SQL injection helper
subbrute: DNS subdomain brute forcer
sslyze: SSL testing tool
ffdec: Flash decompiler
metasploit: Metasploit framework
radare2: Portable reversing framework
- and many more
Sebastian will keep contributing useful security packges to the AUR ;)
The team of internetwache.org