Donnerstag, 24. Januar 2013

ruleset - update

[+] new sigs:
42000239 :: web_apps.rules :: DN WEB_APPS Typo3-JumpURL-Access
42000238 :: scanner.rules :: DN SCAN NMAP SQLSpider-Scan
42000235 :: malware.rules :: DN MALWARE C99-Shell SelfKill detected
42000234 :: malware.rules :: DN MALWARE Possible Webshell-Access
42000237 :: malware.rules :: DN MALWARE C99-Shell SelfKill detected
42000236 :: web_server.rules :: DN WEB_SERVER DoubleDot in URL

Donnerstag, 10. Januar 2013

doxi-tools in action


this is a screenshort from [ dx-result -x ], showing the 24hrs - event-summary on a nginx-reverse-proxy infront of 2 webapps with moderate traffic (approx 3000 visitiors/day)    





















screenshot from [ dx-result -i 42000122 ]  showing the 24hrs and part of the 7days - event-summary for that particular SID

































screenshot from [ dx-update -x ], showing 6 new rules that are available for this update














Mittwoch, 9. Januar 2013

ruleset-update / misc RAILS/ColdFusion - Vulns



download the complete rulesets:
https://bitbucket.org/lazy_dogtown/doxi-rules/src
[+] new sigs:
  42000228 :: web_server.rules     :: DN WEB_SERVER /etc/passwd encoded as Base64
  42000229 :: app_server.rules     :: DN APP_SERVER ColdFusion - Vuln-URL-Access administrator
  42000231 :: app_server.rules     :: DN APP_SERVER ColdFusion - Vuln-URL-Access componentutils
  42000230 :: app_server.rules     :: DN APP_SERVER ColdFusion - Vuln-URL-Access adminapi
  42000233 :: app_server.rules     :: DN APP_SERVER Possible RAILS - Exploit using type=symbol
  42000232 :: app_server.rules     :: DN APP_SERVER Possible RAILS - Exploit using type=yaml



Donnerstag, 3. Januar 2013

ruleset update


more scanner.rules

[+] new sigs:
42000187 :: scanner.rules :: DN SCAN Scanner Absinthe
42000204 :: scanner.rules :: DN SCAN Scanner Pavuk - Website Mirroring Tool for Off-line Analysis
42000206 :: scanner.rules :: DN SCAN Scanner SQL Power Injector SQL Injection
42000207 :: scanner.rules :: DN SCAN Scanner Sipvicious User-Agent Detected
42000200 :: scanner.rules :: DN SCAN Scanner Mysqloit - Mysql Injection Takover Tool
42000201 :: scanner.rules :: DN SCAN Scanner Netsparker
42000202 :: scanner.rules :: DN SCAN Netsparker-Scan in Progress
42000203 :: scanner.rules :: DN SCAN Scanner Paros Proxy Scanner
42000215 :: app_server.rules :: DN APP_SERVER Tomcat Auth Brute Force attempt (manager)
42000208 :: scanner.rules :: DN SCAN Scanner Sipvicious
42000209 :: scanner.rules :: DN SCAN Scanner Toata Scanner User-Agent Detected
42000189 :: scanner.rules :: DN SCAN Scanner Watchfire AppScan Web App Vulnerability Scanner
42000188 :: scanner.rules :: DN SCAN Acunetix-Scanner detected
42000211 :: app_server.rules :: DN APP_SERVER Tomcat Auth Brute Force attempt (tomcat)
42000210 :: app_server.rules :: DN APP_SERVER Tomcat Auth Brute Force attempt (admin)
42000194 :: scanner.rules :: DN SCAN Scanner DavTest WebDav Vulnerability Scanner
42000195 :: scanner.rules :: DN SCAN Scanner DirBuster Web App Scan
42000196 :: scanner.rules :: DN SCAN Scanner Grendel Web Scan
42000197 :: scanner.rules :: DN SCAN Scanner Httprecon Web Server Fingerprint Scan
42000190 :: scanner.rules :: DN SCAN Scanner AutoGetColumn
42000191 :: scanner.rules :: DN SCAN Scanner bsqlbf Brute Force SQL Injection
42000192 :: scanner.rules :: DN SCAN Scanner Cisco-torch
42000193 :: scanner.rules :: DN SCAN Scanner crimscanner
42000198 :: scanner.rules :: DN SCAN Scanner IBM NSA User Agent
42000199 :: scanner.rules :: DN SCAN Scanner Mini MySqlatOr SQL Injection
42000219 :: scanner.rules :: DN SCAN Scanner Python-urllib
42000218 :: scanner.rules :: DN SCAN Scanner WafWoof Web Application Firewall Detection Scan
42000205 :: scanner.rules :: DN SCAN Scanner SQL Injection Attempt (Agent uil2pn)
42000216 :: app_server.rules :: DN APP_SERVER Tomcat admin-admin login credentials
42000217 :: scanner.rules :: DN SCAN Tomcat upload from external source
42000222 :: scanner.rules :: DN SCAN Open-Proxy ScannerBot (webcollage-UA)
42000223 :: scanner.rules :: DN SCAN Scanner WebShag Web Application Scan
42000220 :: scanner.rules :: DN SCAN Scanner WebHack Control Center
42000221 :: scanner.rules :: DN SCAN Scanner Python-httplib
42000226 :: scanner.rules :: DN SCAN Scanner WITOOL SQL Injection Scan
42000227 :: scanner.rules :: DN SCAN Scanner ZmEu exploit scanner
42000224 :: scanner.rules :: DN SCAN Scanner Wikto Scan
42000225 :: scanner.rules :: DN SCAN Wikto Backend Data Miner Scan

rules-update

[+] new sigs:
42000175 :: scanner.rules :: DN SCAN Scanner wordpress hash grabber
42000186 :: scanner.rules :: DN SCAN Scanner / Broken UserAgent
42000185 :: scanner.rules :: DN SCAN Scanner t34mh4k
42000184 :: scanner.rules :: DN SCAN Scanner Fake GoogleBot
42000183 :: app_server.rules :: DN APP_SERVER Scanner neuralbot
42000182 :: scanner.rules :: DN SCAN Scanner gameboy
42000181 :: scanner.rules :: DN SCAN Scanner webster pro
42000180 :: scanner.rules :: DN SCAN Scanner picscout
42000179 :: scanner.rules :: DN SCAN Scanner digimarc webreader
42000165 :: scanner.rules :: DN SCAN Scanner kmccrew
42000164 :: scanner.rules :: DN SCAN Scanner casper
42000132 :: scanner.rules :: DN SCAN Scanner blackwidow
42000133 :: scanner.rules :: DN SCAN Scanner bwh3_user_agent
42000130 :: scanner.rules :: DN SCAN Scanner backdoor
42000131 :: scanner.rules :: DN SCAN Scanner bilbo
42000136 :: scanner.rules :: DN SCAN Scanner copyguard
42000137 :: scanner.rules :: DN SCAN Scanner copyrightcheck
42000134 :: scanner.rules :: DN SCAN Scanner cgichk
42000135 :: scanner.rules :: DN SCAN Scanner cherrypickernice
42000138 :: scanner.rules :: DN SCAN Scanner datacha0s
42000139 :: scanner.rules :: DN SCAN Scanner exploit
42000174 :: scanner.rules :: DN SCAN PHP-Injetion on UA
42000150 :: scanner.rules :: DN SCAN Scanner .nasl
42000151 :: scanner.rules :: DN SCAN Scanner whatweb
42000152 :: scanner.rules :: DN SCAN Scanner nsauditor
42000153 :: scanner.rules :: DN SCAN Scanner n-stealth
42000154 :: scanner.rules :: DN SCAN Scanner pmafind
42000155 :: scanner.rules :: DN SCAN Scanner poe-component-client
42000156 :: scanner.rules :: DN SCAN Scanner safexplorer
42000157 :: scanner.rules :: DN SCAN Scanner s.t.a.l.k.e.r
42000158 :: scanner.rules :: DN SCAN Scanner webinspect
42000159 :: scanner.rules :: DN SCAN Scanner webmole
42000176 :: scanner.rules :: DN SCAN Scanner chinaclaw
42000173 :: scanner.rules :: DN SCAN Scanner SkipFish
42000170 :: scanner.rules :: DN SCAN Scanner sqlmap
42000178 :: scanner.rules :: DN SCAN Scanner w3af
42000171 :: scanner.rules :: DN SCAN Scanner whisker
42000177 :: scanner.rules :: DN SCAN Scanner n-stealth
42000169 :: scanner.rules :: DN SCAN Scanner Nmap
42000168 :: scanner.rules :: DN SCAN Scanner Springenwerk
42000127 :: scanner.rules :: DN SCAN Scanner Amiga-Aweb
42000172 :: scanner.rules :: DN SCAN Scanner XSSS (probably)
42000161 :: scanner.rules :: DN SCAN Scanner siphon
42000160 :: scanner.rules :: DN SCAN Scanner core-project
42000163 :: scanner.rules :: DN SCAN Scanner twengabot
42000162 :: scanner.rules :: DN SCAN Scanner autoemailspider
42000129 :: scanner.rules :: DN SCAN Scanner atomic_email_hunter
42000128 :: scanner.rules :: DN SCAN Nessus-Scanner detected
42000167 :: scanner.rules :: DN SCAN Scanner Acunetix
42000166 :: scanner.rules :: DN SCAN Scanner planetwork
42000143 :: scanner.rules :: DN SCAN Scanner internet-exprorer
42000142 :: scanner.rules :: DN SCAN Scanner gameboy
42000141 :: scanner.rules :: DN SCAN Scanner fantombrowser
42000140 :: scanner.rules :: DN SCAN Scanner extractor
42000147 :: scanner.rules :: DN SCAN Scanner mosiac
42000146 :: scanner.rules :: DN SCAN Scanner morzilla
42000145 :: scanner.rules :: DN SCAN Scanner morfeus
42000144 :: scanner.rules :: DN SCAN Scanner jaascois
42000149 :: scanner.rules :: DN SCAN Scanner nameofagent
42000148 :: scanner.rules :: DN SCAN Scanner murzillo

doxi-tools 0.2 released

doxi-tools are now available in v0.2, see
https://bitbucket.org/lazy_dogtown/doxi for details
and Changelog for whats new.

the main change: the ruleset itself is now a separate
git-repo for more flexibility, see
https://bitbucket.org/lazy_dogtown/doxi-rules