nothink.org
| Here you can find some informations about "malware IRC network activity". You can download a "TOTAL CSV FILE" (md5, file size, irc server, irc server asn, irc server asn_org, irc server geo, channel, irc nickname, irc username, irc password, anubis report) : hash.csv (log every 4 hours). |
| Here you can find some malwares collected by my ADSL homed honeypots (Amun/Nepenthes) and comparison between several free Antivirus scanners. Write me if you want a copy of binaries. Some sandbox for malware analysis : CWSandbox, Norman, Anubis, ThereatExpert, Joebox. |
| Here you can find some statistics about "remote file inclusion attacks", collected parsing web log files (log every 24 hours). |
| Here you can find some statistics about "SSH attacks", collected parsing SSH Honeypot log files. (SSH IP Address Black List, every 24 hours). |
Writings
Hardening OpenBSD: situazioni reali - Lab, Smau 05 in Milano on 22 October 2005;
Systrace: sicurezza alla base, a basic introduction to Systrace;
Metasploit modules
anonymous, Anonymous FTP Access Detection;
awstats_configdir_exec, AWStats configdir Remote Command Execution;
chunked, Wireshark chunked_encoding_dissector function DOS;
file_disclosure, Webmin file disclosure;
frontpage, display version information about FPSE;
frontpage_login, queries the FrontPage Server Extensions and determines whether anonymous access is allowed;
phpnuke_search_module, PHPNuke Search Module SQL Injection Vulnerability;
sphpblog_file_upload, Simple PHP Blog remote command execution;
snmp_enum, enumerate information from SNMP enabled devices; Net::SNMP perl module is required;
sweep_udp, UDP Service Sweeper;
tcpdump, meterpreter script to use tcpdump on target;
tikidblib, TikiWiki information disclosure;
tikiwiki_graph_formula_exec, TikiWiki tiki-graph_formula Remote Command Execution;
tikiwiki_jhot_exec, TikiWiki jhot Remote Command Execution;
tomcat_administration, detect Tomcat Administration Tool default access;
tomcat_manager, detect Tomcat Web Application Manager default access;
vnc_none_auth, VNC Authentication None Detection;
Perl scripts
googlegath, simple Google-Search to gathering site/domain informations;
gpsdriveToGoogleEarth, extract data from gpsdrive db and build a "kml" file for Google Earth (example, example);
nmapdb, script to insert nmap results into a MySQL database (create_nmapdb);
snmpcheck, useful to get information via SNMP protocols for Windows, Linux, Cisco and other platforms...
snmpscan, free, multi-processes SNMP scanner. It could be useful for systems gathering or penetration testing;
Perl modules
Mail::Maps::Lookup, query the MAPS lookup service via DNS;
Mail::OpenRelay::Simple, check if a mail server runs as an open relay;
Net::DNS::Version, grab DNS server version;
Net::IP::Extract, extract Ip Address from a document;
Net::Netstat::Wrapper, Perl module for getting the current tcp open ports;
Net::Scan::Extract, Perl module to extract stuff from text;
Net::Scan::Fork, a simple way to manage fork processess;
Net::Scan::Ftp::Anonymous, scan for anonymous read/write access FTP servers;
Net::Scan::HTTP::Server::Directory, scan for directory on a web server;
Net::Scan::HTTP::Server::Methods, retrieve allowed http methods;
Net::Scan::HTTP::Server::Version, grab HTTP server version;
Net::Scan::SMTP::Banner, scan for banner message from a SMTP server;
Net::Scan::SNMP, scan devices to verify SNMP community;
Net::Scan::SSH::Server::Version, grab SSH server version;
WWW::UserAgent::Random, Perl extension to generate random User Agent;
Wireless
WL-172, Sitecom WL-172 on Ubuntu 7.10;
wardriving, my wardriving stuff;
Miscellaneous
Linkedin.com, my LinkedIn profile;
Flickr.com, my photos repository;
|
This page were 100% AUTO-GENERATED via customize Perl scripts. The data on this website is provided for research purposes only. It is provided for your personal use only and is supplied AS IS WITHOUT WARRANTY OF ANY KIND. Use or reliance on this data is at your own risk. |
Matteo Cantoni, matteo.cantoni@nothink.org
|
ADSL homed honeypot summary report
last update 2009-06-05 (packets statistics)Total attacks (last 24 hours) : 51
| Top 5 source attackers (last 24 hours) | |||
| # | ip address | country | flag |
| 6 | 79.21.56.183 | it |  |
| 4 | 79.16.249.134 | it | |
| 3 | 79.16.218.248 | it | |
| 2 | 218.61.126.6 | cn |  |
| 2 | 79.21.48.23 | it | |
| Top 5 destination ports (last 24 hours) | ||
| # | port | dshield link |
| 42 | 135 | dshield port details |
| 4 | 2967 | dshield port details |
| 3 | 445 | dshield port details |
| 1 | 8080 | dshield port details |
| Top 5 vulnerabilities (last 24 hours) | |
| # | vulnerability |
| 42 | dcom |
| 4 | symantec |
| 3 | asn1 |
| 1 | tivoli |
| Top 5 urls (last 24 hours) | |
| # | url |
| 6 | cbackf://79.21.56.183:16050/DxpNfQ== |
| 5 | tftp://0.0.0.0:69/ssms.exe |
| 4 | bind://hidden ip:3061/ |
| 2 | bind://hidden ip:1659/ |
| 2 | bind://hidden ip:2378/ |
| Top attackers coutries (month) : 746 | ||
| # | country | flag |
| 656 | it | |
| 14 | cn | |
| 11 | de |  |
| 10 | pl |  |
| 8 | unk |  |
| 7 | fr |  |
| 7 | gb |  |
| 6 | ro |  |
| 4 | mk |  |
| 3 | ru |  |
| 3 | se |  |
| 2 | md |  |
| 1 | ar |  |
| 1 | co |  |
| 1 | th |  |
| 1 | tr |  |
| 1 | eg |  |
| 1 | us |  |
| 1 | es |  |
| 1 | uy |  |
| 1 | il |  |
| 1 | in |  |
| 1 | pt |  |