Wednesday, 19 October 2011

Test your SSL: TLSSLed v1.2 released!

I have decided to stop swearing when tools don't work and fixing them or implementing my improvements and then send them to the tool author instead. The point is to give back to the community since after all the community gave it to me for free first :).

As part of this initiative as I was playing with TLSSLed on a weekend, I had a few ideas, implemented them and send them to Raúl Siles, the tool author. He is a very capable guy, made my contributions even better and was cool enough to add me to the credits :).

TLSSled automates the blackbox tests for the Testing for SSL-TLS (OWASP-CM-001) entry in the OWASP Testing Guide. It is very simple to use and the results are easy to read. I highly recommend it.

You can see a detailed write-up on the new features and download the tool here or read more about it on Taddong's blog.

I originally saw the tool on the site http://www.pentesterscripting.com and more precisely here. However, since Raúl is owning the tool I would suggest to download it from Taddong's site instead.

Friday, 7 October 2011

Backtrack 5 Shell Script to Change the Ruby Environment automatically

NOTE: I also posted this to the BeEF Project Wiki here

Some Backtrack 5 security tools need ruby 1.8 (i.e. whatweb) and others ruby 1.9.2 (i.e. BeEF). This script automates the switch.
By setting the ruby environment to the correct ruby version we can run all tools. This script aims to make this small task easier to do and in a more scripting-friendly way.
Instalation Instructions:
  1. copy-paste code below into a file called setrubyenv.sh, ideally somewhere in your PATH
  2. chmod 700 setrubyenv.sh # (obviously!)
IMPORTANT: You need to call this script with a ". " in front of it to alter your environment settings.
Examples:
  1. . setrubyenv.sh 1.8 ; /pentest/enumeration/web/whatweb/whatweb http://target.com
  2. cd /pentest/web/beef ; . setrubyenv.sh 1.9.2 ; ruby beef
If you try to start BeEF using the incorrect environment you should see an error message like this:
"Ruby version 1.8.7 is no longer supported. Please upgrade 1.9 or later."
If you ran the Backtrack 5 Installation Script then you would only need to run this script to run ruby 1.8 tools.

Source code to copy-paste: