Nothink!

---

Father, triathlete, security analyst and bug bounty hunter in spare time. My interests are honeypots, malwares collection, wardriving, forensic and bug bounties. I'm also an OpenBSD enthusiast and occasionally I contribute with the Metasploit project developing modules and porting public exploits for educational purposes only.

During the last years I managed many honeypot systems (ADB, DNS (a low bandwidth open resolver server to observe DNS amplification attacks automatically), SMB, SNMP, SSH, Telnet) and I shared data, blacklists and statistics with all the Internet (students, researchers, companies...). Currently the data is no longer shared. But you can find something below. My most successful open source project is snmpcheck, a tool to enumerate information via SNMP protocol. You can find it into the most secure Linux distros. Just out of curiosity, some references to my site or my tools.

If you have any question please let me know, my key ID is 941F9ED7AE7655A597BABF0F7E4A111756F1C790

---

Common Vulnerabilities and Exposures

• CVE-2019-19781 Citrix path traversal base on vpns folder
• CVE-2018-7600 Drupal: unsanitized requests allow remote attackers to execute arbitrary code
• CVE-2017-5638 Apache Struts Jakarta Multipart Parser OGNL Injection
• CVE-2016-5734 phpMyAdmin 4.6.2 - Authenticated Remote Code Execution
• CVE-2015-1635 MS15-034 HTTP.sys IIS DoS
• CVE-2014-6271 Bash 'Shellshock' Vulnerability
• CVE-2014-3704 Drupal Core SQL Injection Vulnerability
• CVE-2011-3192 Apache Remote Denial of Service

Honeypots data (outdated)

• ADB attacks
• DNS attacks, amplifications
• SMB binaries collected, old collections
• SNMP attacks
• SSH attackers blacklist, files downloaded, passwords list, clients version
• Telnet attackers blacklist, passwords list, urls collected

Metasploit contribution

• Anonymous FTP Access Detection auxiliary/scanner/ftp/anonymous
• AWStats configdir Remote Command Execution exploits/unix/webapp/awstats_configdir_exec
• Chargen Probe Utility auxiliary/scanner/chargen/chargen_probe
• FrontPage Server Extensions Anonymous Login Scanner auxiliary/scanner/http/frontpage_login
• HP LaserJet Printer SNMP Enumeration auxiliary/scanner/snmp/snmp_enum_hp_laserjet
• HTTP Open Proxy Detection auxiliary/scanner/http/open_proxy
• JBoss Status Servlet Information Gathering auxiliary/scanner/http/jboss_status
• NTP Monitor List Scanner auxiliary/scanner/ntp/ntp_monlist
• PAJAX Remote Command Execution exploits/unix/webapp/pajax_remote_exec
• phpMyAdmin Authenticated Remote Code Execution exploit/multi/http/phpmyadmin_null_termination_exec
• Printer Directory Listing Scanner auxiliary/scanner/printer/printer_list_dir
• Printer Environment Variables Scanner auxiliary/scanner/printer/printer_env_vars
• Printer File Download Scanner auxiliary/scanner/printer/printer_download_file
• Printer Ready Message Scanner auxiliary/scanner/printer/printer_ready_message
• Printer Volume Listing Scanner auxiliary/scanner/printer/printer_list_volumes
• Printer Version Information Scanner auxiliary/scanner/printer/printer_version_info
• Simple PHP Blog 0.4.0 Remote Command Execution exploits/unix/webapp/sphpblog_file_upload
• SNMP Enumeration Module auxiliary/scanner/snmp/snmp_enum
• SNMP Set Module auxiliary/scanner/snmp/snmp_set
• TikiWiki Information Disclosure auxiliary/admin/tikiwiki/tikidblib
• TikiWiki jhot Remote Command Execution exploits/unix/webapp/tikiwiki_jhot_exec
• TikiWiki tiki-graph_formula Remote PHP Code Execution exploits/unix/webapp/tikiwiki_graph_formula_exec
• Tomcat Administration Tool Default Access auxiliary/admin/http/tomcat_administration
• Tomcat Application Manager Login Utility auxiliary/scanner/http/tomcat_mgr_login
• VNC Authentication None Detection auxiliary/scanner/vnc/vnc_none_auth
• Webmin File Disclosure auxiliary/admin/webmin/file_disclosure
• Wireshark chunked_encoding_dissector function DOS auxiliary/dos/wireshark/chunked
• WordPress Symposium Plugin SQL Injection auxiliary/admin/http/wp_symposium_sql_injection

Metasploit experiments

• auto_http_light.rc Rc file used to check web servers automatically
• jboss-scan.rb Rc file used to gath info by Jboss status servlet
• names_female_us.txt US female names list
• names_male_us.txt US male names list
• names_surname_us.txt US surname list
• smtp_open_relay1.rb SMTP Open Relay Server Detection
• smtp_open_relay2.rb SMTP Open Relay Server Detection
• snmp_login.rc Rc file used to scan SNMP login automatically
• text.rb Class formats text

NMAP NSE script

• dns-open-resolver.nse Script to identify open DNS resolvers
• chargen.nse Script to identify open chargen service checking the answer
• http-status.nse Script to identify Apache/Tomcat/Jboss Server server-status pages

Bettercap contribution

• htmlmail.rb HTML email address parser
• htmlphone.rb HTML email address parser
• htmltitle.rb HTML title response parser
• snmp_protocol.rb SNMP protocol parser
• snmp_sniffer.rb SNMP community string parser

Curl scripts

• curl_domain_recon Bash script to create a list of target domains via crt.sh, certspotter.com, bufferover.run and suip.biz
• curl_html_title Bash "multi-thread" script to retrieve HTML title
• curl_http_catch Bash "multi-thread" script to catch a web page by URL (headers and body) and take a screenshot using wkhtmltox+timelimit
• curl_http_dirs Bash "multi-thread" script to enum web directories and catch info (http code, size...)
• curl_http_fuzz Bash "multi-thread" script to fuzz an url (by HTTP method, Content-Type...)
• curl_http_headers Bash "multi-thread" script to retrieve HTTP headers
• curl_http_host Bash "multi-thread" script to identify simple SSRF via headers
• curl_http_info Bash "multi-thread" script to retrieve HTTP info: url_effective;remote_ip;http_code;size_download;size_header;content_type;redirect_url
• curl_http_put Bash "multi-thread" script to try to upload local file via HTTP PUT method
• curl_http_recon Bash script to create a list of target domain via amass,assetfinder,sonar,subfinder
• curl_http_ssl Bash "multi-thread" script to collect info from SSL certs

Generic stuff

• amass_loop Bash script to provide a domains list to amass tool
• apache_gnuplot Bash script to parse Apache access log (CLF) and get total requests and bandwidth with Gnuplot charts (requests, bandwidth)
• appar Perl script to parse Apache access log (CLF) and migrate it to MySQL
• atrax A simple web spider useful during a penetration test
• backup.ps1 Powershell script to backup files and directories
• bind_stats Simple DNS Bind log parser (top FQDN,src,type,src port,src flag)
• check_routing_loop Scapy script useful to identify routing loops through ICMP time exceeded
• dns_amply, dns_amply_domain Search DNS server that respond at 'any +dnssec +ignore' requests. Useful to choose a good server and domain to use during a DNS Amplification Attacks.
• dns_tail_block DNS Bind log parser and iptables block
• dnsbrute Bash script to automate the discovery tasks
• domains_resolv Perl script to DNS lookup
• extract_ip Perl script to extract IP address from text
• firehol Perl script to download and check IP address from FireHOL lists
• host_info Perl script to obtain DNS/ASN/GEO info from a IP/FQDN address list
• jboss-status-gath Jboss status servlet clients info gathering
• inetsim_smtp_parser Inetsim SMTP log parser
• ip_catcher Bash script to extract IP address
• ip_create_list Perl script to create IP address list
• meta-generator Recon-ng auxiliary module. Checks for 'meta generator' tags. Useful to identify CMS
• nmap_parser Nmap parser written in Ruby using Nmap::Parser library
• phpinfo PHP shell with IP and User-Agent filter
• pkg_search Packages finder for OpenBSD
• reboot_fiber (mysrp.py) Python script to reboot TIM HUB fiber router
• RedHat73.zip Volatility profiles for Red Hat Enterprise Linux Server 7.3 (System.map-3.10.0-514.el7.x86_64)
• report_email Cowrie SSH honeypot daily report (HTML format)
• router_reboot Wireless modem router N300 rebooter
• sniffme A rude sniffer for jailbroken iPhone written on a gloomy day!
• snmpcheck Tool to enumerate information via SNMP protocol
• snmpscan SNMP multithread scanner written in Perl
• snmpsize A rudimentary snmpwalk-like with scapy. Useful to choose a good OID to use during a SNMP reflected amplification DDos attack
• sql_load_file Simple MySQL Injection load_file() fuzzer
• sshguessable Simple Ruby SSH bruteforcer (guessable user)
• ssl_cert_details Perl script to get SSL certificate details
• twitter_monitor Perl script to monitor your followers on Twitter filtering/excluding for keywords (DBM support)
• virustotal_report Python script to query VirusTotal for reports
• webss Perl script to scan web site
• wget_spider Bash script to crawl a web site with wget
• xor Ruby script to decrypt payload encrypted using XOR (XOR DDoS botnet)

Perl modules

• Mail-Maps-Lookup Query the MAPS lookup service via DNS
• Mail-OpenRelay-Simple Check if a mail server runs as an open relay
• WWW-UserAgent-Random Perl extension to generate random User Agent

Configurations

• cntlm.ini, stunnel_server.conf, stunnel_client.conf Cntlm + Stunnel settings
• dionaea_installation, dionaea.cfg Dionaea installation notes - Ubuntu 16.04.3 LTS
• honeypot_telnet AppArmor config file
• rc.host.iptables sample iptables rules for host firewall (kernel options,honeypot,limit,log)

Miscellaneous stuff

• OpenBSD/game boy advanced sp my 2004 April fools' day with Slashdot effect! :)
• SNMP Reflected Amplification DDoS Attack rainy day considerations...

---