Analyst Tip: Testing Firewall Egress

A quick tip for testing available TCP egress, using nc, bash, and allports.exposed: for i in {1..1023}; do nc -vz -w 1 allports.exposed $i; done This will use nc with the -v, -z, and -w switches to attempt to connect to allports.exposed on TCP ports 1 through 1023. -v requests verbose output, -z puts nc in scanning mode, and -w 1 tells nc to time out after one second. [Read more...]

Simple Check For OptionsBleed vulnerability

Shortly after CVE-2017-9798 (a.k.a. “OptionsBleed”) was announced, the good folks over at The Fuzzing Project posted a great write-up, including a quick check for the vulnerability. I adapted it to check a list of sites, as analysts often have more than one web property to test. for j in `cat domains.txt`; do for i in {1..20}; do curl -sI -X OPTIONS https://www.$j/| grep -i "allow:"; done >optionsbleed-https-www.$j.out ;done This will run through a list of domains in the file domains. [Read more...]

Analyst Tip: Researching IPs, Domains, And URLs From The Shell

In the course of an average day, an analyst needs to look up various bits of information about IPs, domain names, and URLs. Various workplace tools may do some of this enrichment automatically, but every now and then the analyst needs a quick, effective way to either get this information for a single indicator, or for a large list of them. Tools While there are numerous websites that can be used to obtain this information, in my opinion, nothing beats the flexibility of command-line tools. [Read more...]