Forums

This is a small extension script to monitor suff.py, or the Simple Universal Fortigate Fuzzer, and to collect crashlogs for future analysis.   Download: suff_monitor.py.txt   Mirror: #!/usr/bin/env python3 # suff_monitor.py -- basic monitoring for fuzzing scenarios (suff/burp/mutiny) # # -- updates -- # 22.11.2023 @ 02:23 :: shame init version ready to go # 21.11.2023 @ 19:18 :: log me if you can # 21.11.2023 @ 15:14 :: added: time, sleep, log2fp # 21.11.2023 @ 01:19 :: started this lame code # # idea - run suff_monitor.py against the box you're testing (fgvm): # - add time to sleep and date to log updates # - log in (so same creds as for suff.py, postauth testing, etc) # - get ver/info -> log2file # ** (should be ready at this stage, so): ** # while true: # check_diag_deb(+log2file,+a) # sleep 1 # end_of_file # # ------------- # # for more details: # https://code610.blogspot.com/2023/12/monitoring-suff.html # https://code610.blogspot.com/2023/04/fuzzing-fortigate-7.html # https://github.com/c610/free/blob/master/suff-v0.1.py # https://github.com/c610/free/blob/master/fg7stack_poc.py # # from netmiko import Netmiko import sys,os import time import paramiko ################### ############## ######## #### ## # fplog = open('saveme.log','+a') command = 'diag debug crashlog show' # did you enable logs in your FGVM? def connect_to_crashlog(): # set up for the target try: fw_01 = { 'host':'192.168.56.231', 'username':'admin', 'password':'P@ssw0rd', 'device_type':'fortinet', 'timeout':3 } net_connect = Netmiko( **fw_01 ) print("+ Connected to FG!") print("+ logfile: savethis.log") fplog.write('----starting suff_monitor.py ----\n') fplog.write(net_connect) fplog.write('\n-- results below: --\n') # if we're connected: check diag debug crashlog (or any other you'd like to) send_logcheck_cfg = net_connect.send_config_set( command ) fplog.write(send_logcheck_cfg) fplog.write('\n---- next while loop ----\n') print("+ looks like we just sent this command:\n\t%s\n\n" % send_logcheck_cfg ) print("send_init_cfg finished") ## check crashlog finished except paramiko.ssh_exception.SSHException as e: print(" > connection error: %s" % e) except ConnectionResetError as e: print("> connection error2: %s" % e) except UnboundLocalError as e: print("UnboundLocalError: local variable 'net_connect' referenced before assignment") print("> unbound variable error: %s" % e) ## end of connect_to_crashlog() # ########## #### main ########## print('y0;[') print('starting: connect_to_crashlog()') while True: print('debug: connect_to_crashlog() starting...') connect_to_crashlog() print("... sleeping 1...") time.sleep(1) print('sleep done. next True iter...') #### print("finished main()")   Source

Nota! Acest proiect cred ca o sa il suspend si il voi reface in GOLang,  ii mai performant pe async requests si in comparatie cu python nu ii limitat de GIL "Global Interpreter Lock". Am inceput sa lucrez la un proiect python de ~ o luna, numit 3eyes: un 'community-based' framework pentru fingerprint webservice-uri dinamic bazat pe template-uri yaml. Link: https://github.com/BogdanDSergiu/3eyes Sa trec direct la ce poate sa faca cu exemple reale, dupa instalarea modulelor python ( pip install requirements.txt ).   - In acest repository se afla si 'url_examples.txt' prin care se poate incarca prin argumentul '-i' si modulul prin '-m':   python 3eyes.py -m grafana -i url_examples.txt   Output:   (...) [-] Found: http://[IP CENZURAT] : 'Grafana OSS' v9.1.0 [-] Found: https://[CENZURAT] : 'Grafana OSS' v8.4.6 [-] Found: https://[CENZURAT] : 'Grafana OSS' v7.4.3 [+] Percentages based on total URLs. [-] Execution time: 4.71 sec [-] Total: 97 [-] Succeed: 3 3.09% └─ Grafana OSS: 3.09% └─ 9.1.0: 1 1.03% └─ 7.4.3: 1 1.03% └─ 8.4.6: 1 1.03% [-] Fail: 94 96.91% └─ StatusCode: 85 87.63% └─ NoMatch: 9 9.28% Nota! Daca sunt mai multe target-uri (fara -t, numai prin pipe sau -i) o sa realizeze un rezumat, in exemplele urmatoare o sa omit acesta functionalitate daca nu prezinta importanta.   - Selectarea unei versiuni anume din modul grafana, se face prin argumentul '-sm' (select module): python 3eyes.py -m grafana -i url_examples.txt -sm "Grafana OSS"   Output:   (...) [-] Found: http://[IP CENZURAT] : 'Grafana OSS' v9.1.0 [-] Found: https://[CENZURAT] : 'Grafana OSS' v7.4.3 [-] Found: https://[CENZURAT] : 'Grafana OSS' v8.4.6 (...) - Selectarea unei versiuni specifice se face prin argumentul '-cv' (check version) python 3eyes.py -m grafana -i url_examples.txt -sm "Grafana OSS" -cv "x.y.z 7.4.3"   (...) [-] Found: https://[CENZURAT] : 'Grafana OSS' v7.4.3 (...) - Setarea output-ului se face prin argumentul '-so' (set output): python 3eyes.py -m grafana -i url_examples.txt -sm "Grafana OSS" -cv "x.y.z 7.4.3" -so "Am gasit {{url}} cu versiunea {{ver}}" (...) Am gasit https://[CENZURAT] cu versiunea 7.4.3 (...) Nota: markdown-uri valide sunt {{url}}, {{name}}, {{descr}} si {{ver}}, unde {{name}} si {{descr}} sunt din modulul grafana   - Modulul grafana are un tag 'server' pentru validarea webserver-ului, care in default nu ii executat si poate fii folosit in cazul in care nu ii sigur daca exista instanta grafana.Se activeaza prin '-cs' (check server): python 3eyes.py -m grafana -i url_examples.txt -sm "Grafana OSS" -cv "x.y.z 7.4.3" -so "Am gasit {{url}} cu versiunea {{ver}}" -cs   (...) Am gasit https://[CENZURAT] cu versiunea 7.4.3 [+] Percentages based on total URLs. [-] Execution time: 4.05 sec [-] Total: 97 [-] Succeed: 1 1.03% └─ Grafana OSS: 1.03% └─ 7.4.3: 1 1.03% [-] Fail: 96 98.97% └─ StatusCode: 85 87.63% └─ NoMatch: 9 9.28% └─ NoVerMatch: 2 2.06% Nota! Acesta functie verifica prima data regex-ul din server apoi trece mai departe sa verifice versiunile. - In modului grafana in tag-ul 'arguments' se afla logica extra, care in mod normal nu ii executat, in acest caz 'getHostInfo' care se activea prin argumentul '-so': python 3eyes.py -m grafana -t https://[IP CENZURAT] -so "'{{url}}' - '{{x.getHostInfo}}' : v{{ver}}"   (...) 'https://[IP CENZURAT]' - 'http://[HOSTNAME CENZURAT]:3000/' : v9.1.0 Nota: Argumentul este reprezentat prin 'x.' la inceput, in acest caz extrage doar informatia ce se afla in webserver-ul grafana care poate sa nu fie valid, nu transforma ip in domeniu. FAQ: + De ce trebuie sa fie tag-ul 'server' obligatori in modul daca nu ii folosit in default? - Deoarece o sa fie folositor la urmatoarea functionalitate de 'auto detect'   + Care sunt problemele? - La pornire, cateodata se blocheaza fara sa afiseze nimica si numai reactioneaza la CTRL+C. Nu trece mai departe de 'asyncio.run(init())' posibil cum argparser foloseste func sync in arg type. - Design-ul trebuie realizat consistent   + De ce verifica doar response body, dar headers nu? - Deoarece ma gandesc sa il refac in alt limbaj si atunci numai merita sa contribui la versiunea python   + De ce il publici asa de repede, fara sa il scoti din beta? - Imi doresc o reconversie profesionala pentru a putea aplica anul viitor la job-uri cu un profil GitHub. Nu stiu daca este la fel de util pe cat cred sau daca merita sa-l refac în GO. Sunt incepator în ecosistemul GitHub si în limbajul Go.   Astept parerile voastre.

Era un server insa nu cred ca mai e folosit de mult timp. Pentru RSTCon exista: https://discord.com/channels/1079160543887241226/1079160601747664946  Dar desigur, nu prea e activ fiind folosit pe perioada conferintei. 

Salut! Avem server pe discord?

Rezolvai, dupa doar 2-3 ani, problema cu incarcarea unor profile pages.  

grep taticu

[Hacksnation.com] Recon for Ethical Hacking Penetration Testing & Bug Bounty   https://mega.nz/folder/CDphRCJB#eBZqSmleyW6Thld_8RbZwQ

[Hacksnation.com] Hacking in Practice Intensive Ethical Hacking MEGA Course:   https://mega.nz/folder/STp0RTgI#9evucI3TuA4ovRHwIzkZjw    

print_r(array_filter(array_count_values(str_word_count(strtolower(file_get_contents('a.txt')), 1)), function ($count) { return $count > 1; }));     foreach(array_count_values(preg_split('/\W+/', file_get_contents('a.txt'))) as $w=>$c)echo"$c $w\n";     mi-a mai venit o idee