Nothink!

---

Father of two, triathlete and seasoned security analyst. My interests are offensive security, digital forensic, SIEM management and systems hardening. I'm also an OpenBSD enthusiast and occasionally I contribute with the Metasploit project developing modules and porting public exploits for educational purposes only.

During the last years I managed freely and free of charge many honeypot systems (ADB, DNS (a low bandwidth open resolver server to observe DNS amplification attacks automatically), SMB, SNMP, SSH, Telnet) and I shared data, blacklists and statistics with all the Internet (students, researchers, companies...). Currently the data is no longer shared. But you can find something below. My most successful open source project is snmpcheck, a tool to enumerate information via SNMP protocol. You can find it into the most secure Linux distros.

If you have any question please let me know, my key ID is 941F9ED7AE7655A597BABF0F7E4A111756F1C790

---

Common Vulnerabilities and Exposures

• CVE-2019-19781 Citrix path traversal base on vpns folder
• CVE-2018-7600 Drupal: unsanitized requests allow remote attackers to execute arbitrary code
• CVE-2017-5638 Apache Struts Jakarta Multipart Parser OGNL Injection
• CVE-2016-5734 phpMyAdmin 4.6.2 - Authenticated Remote Code Execution
• CVE-2015-1635 MS15-034 HTTP.sys IIS DoS
• CVE-2014-6271 Bash 'Shellshock' Vulnerability
• CVE-2014-3704 Drupal Core SQL Injection Vulnerability
• CVE-2011-3192 Apache Remote Denial of Service

Honeypots data (outdated)

• ADB attacks
• DNS attacks, amplifications
• SMB binaries collected, old collections
• SNMP attacks
• SSH attackers blacklist, files downloaded, passwords list, clients version
• Telnet attackers blacklist, passwords list, urls collected

Metasploit contribution

• Anonymous FTP Access Detection auxiliary/scanner/ftp/anonymous
• AWStats configdir Remote Command Execution exploits/unix/webapp/awstats_configdir_exec
• Chargen Probe Utility auxiliary/scanner/chargen/chargen_probe
• FrontPage Server Extensions Anonymous Login Scanner auxiliary/scanner/http/frontpage_login
• HP LaserJet Printer SNMP Enumeration auxiliary/scanner/snmp/snmp_enum_hp_laserjet
• HTTP Open Proxy Detection auxiliary/scanner/http/open_proxy
• JBoss Status Servlet Information Gathering auxiliary/scanner/http/jboss_status
• NTP Monitor List Scanner auxiliary/scanner/ntp/ntp_monlist
• PAJAX Remote Command Execution exploits/unix/webapp/pajax_remote_exec
• phpMyAdmin Authenticated Remote Code Execution exploit/multi/http/phpmyadmin_null_termination_exec
• Printer Directory Listing Scanner auxiliary/scanner/printer/printer_list_dir
• Printer Environment Variables Scanner auxiliary/scanner/printer/printer_env_vars
• Printer File Download Scanner auxiliary/scanner/printer/printer_download_file
• Printer Ready Message Scanner auxiliary/scanner/printer/printer_ready_message
• Printer Volume Listing Scanner auxiliary/scanner/printer/printer_list_volumes
• Printer Version Information Scanner auxiliary/scanner/printer/printer_version_info
• Simple PHP Blog 0.4.0 Remote Command Execution exploits/unix/webapp/sphpblog_file_upload
• SNMP Enumeration Module auxiliary/scanner/snmp/snmp_enum
• SNMP Set Module auxiliary/scanner/snmp/snmp_set
• TikiWiki Information Disclosure auxiliary/admin/tikiwiki/tikidblib
• TikiWiki jhot Remote Command Execution exploits/unix/webapp/tikiwiki_jhot_exec
• TikiWiki tiki-graph_formula Remote PHP Code Execution exploits/unix/webapp/tikiwiki_graph_formula_exec
• Tomcat Administration Tool Default Access auxiliary/admin/http/tomcat_administration
• Tomcat Application Manager Login Utility auxiliary/scanner/http/tomcat_mgr_login
• VNC Authentication None Detection auxiliary/scanner/vnc/vnc_none_auth
• Webmin File Disclosure auxiliary/admin/webmin/file_disclosure
• Wireshark chunked_encoding_dissector function DOS auxiliary/dos/wireshark/chunked
• WordPress Symposium Plugin SQL Injection auxiliary/admin/http/wp_symposium_sql_injection

Metasploit experiments

• auto_http_light.rc Rc file used to check web servers automatically
• jboss-scan.rb Rc file used to gath info by Jboss status servlet
• names_female_us.txt US female names list
• names_male_us.txt US male names list
• names_surname_us.txt US surname list
• smtp_open_relay1.rb SMTP Open Relay Server Detection
• smtp_open_relay2.rb SMTP Open Relay Server Detection
• snmp_login.rc Rc file used to scan SNMP login automatically
• text.rb Class formats text

NMAP NSE script

• dns-open-resolver.nse Script to identify open DNS resolvers
• chargen.nse Script to identify open chargen service checking the answer
• http-status.nse Script to identify Apache/Tomcat/Jboss Server server-status pages

Bettercap contribution

• htmlmail.rb HTML email address parser
• htmlphone.rb HTML email address parser
• htmltitle.rb HTML title response parser
• snmp_protocol.rb SNMP protocol parser
• snmp_sniffer.rb SNMP community string parser

Generic stuff

• check_routing_loop Scapy script useful to identify routing loops through ICMP time exceeded
• dns_amply, dns_amply_domain Search DNS server that respond at 'any +dnssec +ignore' requests. Useful to choose a good server and domain to use during a DNS Amplification Attacks.
• nmap_parser Nmap parser written in Ruby using Nmap::Parser library
• pkg_search Packages finder for OpenBSD
• RedHat73.zip Volatility profiles for Red Hat Enterprise Linux Server 7.3 (System.map-3.10.0-514.el7.x86_64)
• snmpcheck Tool to enumerate information via SNMP protocol
• snmpscan SNMP multithread scanner written in Perl
• snmpsize A rudimentary snmpwalk-like with scapy. Useful to choose a good OID to use during a SNMP reflected amplification DDos attack

Perl modules

• Mail-Maps-Lookup Query the MAPS lookup service via DNS
• Mail-OpenRelay-Simple Check if a mail server runs as an open relay
• WWW-UserAgent-Random Perl extension to generate random User Agent

Miscellaneous stuff

• OpenBSD/game boy advanced sp my 2004 April fools' day with Slashdot effect! :)
• SNMP Reflected Amplification DDoS Attack rainy day considerations...

---