Apache Log Extractor tool Apache Log Extractor tool Apache Log Extractor is a quick script to export URL information from Apache access logs. The thought behind this script was to provide a list of known URL’s on a remote server by analysing the logs. How to use. Output[ ] Extracting URLs from logfile : access.log.1[ ] Extracted URL : /[ ] Extracted URL : /Signed_Update.jar[ ] Extracted URL : /ajax/bottomnavinfo.ashx[ ] Extracted URL : /MetaAdServer/MAS.aspx? As it is a python script it is os independent and fast.Download Apache Log Extractor
theharvester - Information Gathering The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization. This is a complete rewrite of the tool with new features like: Time delays between request All sources search Virtual host verifier Active enumeration (DNS enumeration, Reverse lookups, TLD expansion) Integration with SHODAN computer database, to get the open ports and banners Save to XML and HTML Basic graph with stats New sources Passive discovery: Google: google search engine - www.google.com Google-profiles: google search engine, specific search for Google profiles Bing: microsoft search engine - www.bing.com Active discovery:
Metadata Extraction using FOCA | KaffeNews By Sudhanshu on March 1, 2013 in Analyst - 0 Comments In this Information age, Data is very crucial. From Information security point of view also data is what everybody is behind. Metadata: Simple data can be described as raw values which need to be processed for the purpose of generating information and deriving knowledge. Metadata (metacontent) is defined as data providing information about one or more aspects of the data, such as: Means of creation of the data Purpose of the data Time and date of creation Creator or author of data Location on a computer network where the data was created Standards used Metadata has been utilized for various purposes from cataloging archives, data virtualization to SEO (Search Engine Optimization) for web sites. We can extract metadata for a given domain using a tool called as FOCA. FOCA: FOCA means seal in Spanish language. Figure 1. Policies and procedures need to be developed for document sanitization before hosting them online.
VSAntivirus Google Enumeration Here we are going to do some Zone transfer and google enum. We found a DNS server that allows Zone transfer and we can see all the hosts a domain has. We can run port scan on these host's or use the information we obtain for a social engineering attack. Zone transferhost -t ns victim.comvictim.com name server ns2. host -l victim.com ns1. victim.com name server ns1. Email HarvestingHere is the python script I used. marketing@victim.comjbotti@victim.comJFrankel@victim.comtfranceski@victim.com So a little google search on the email address and see what’s up with these guys. We can also do some SMTP enumeration or send him a message on blackberry.com forum I think someone would be more prone to open a forum private message link as opposed to an email. We see the domain has a hosted email server do to the IP being in a complete different range.
Tracking (and Being Tracked) with Twitter The aptly named Creepy is a "geolocation aggregator," which is to say that it gathers location data from social networking sites and image hosting services. Digital image files contain EXIF tags which record the image's date and time stamp information. Some cameras and smart phones can also provide GPS data along with the time stamp. So ... by using Creepy to collect information from Twitter, Flickr and other apps, you can track a subject's movements and create a composite map. According the Creepy website, "Using Creepy for any illegal or unethical purposes is strictly forbidden and the developer assumes no liability." Installing Creepy I decided to take Creepy for a test run using a couple of colleagues as guinea pigs. Downloading the Creepy executable from the web was as simple as it gets. Tracking the First Subject I began the tracking exercise by entering the Twitter Username in the box of the same name and clicking "Geolocate Target." Tracking the Second Subject The Moral of the Story
SIMPLER Project name: theHarvesterDownload: Github CodeLanguage: PythonFeatured in: The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization.
Las 75 Herramientas de Seguridad Más Usadas Notas del Traductor: Muchos de los términos a traducir, tienen poco sentido al ser traducidos al castellano, y no es universalmente aceptada *UNA* traducción en particular, por lo que hice un intento de traducirlos pero mantuve, muchas veces, el término original en inglés siguiendo al traducido, entre llaves -- y encomillado, en caso de ser un término de varias palabras --. Hago esto porque es posible que alguien quiera conocer más sobre algún término y se frustre al tratar de poner en algún buscador el término en castellano, o incluso la traducción a inglés de _esta_particular_ traducción del término. ;-) Debido a la ambigüedad en la traducción de algunos términos como "free" o "commercial", éstos fueron acomodados en su traducción al sentido que se le quiso dar en el contexto en el que se encuentran ubicados y teniendo en cuenta algunas de las explicaciones de Richard Stallman en "Algunas palabras y frases confusas que vale la pena evitar" Se usarán estos íconos:
Fierce Fierce Domain Scan was born out of a frustration while performing a web application security audit. It used to be very time-consuming to discover large swaths of a non-contiguous corporate network, but it doesn't have to be. It's terribly easy to run a scanner against an IP range, but if a network's web presence is distributed across multiple ranges, you can miss huge chunks of networks. Fierce helps solve that problem. Fierce is a reconnaissance tool written in Perl that quickly scans domains (usually in just a few minutes, assuming no network lag) using a variety of techniques to locate undocumented, internal or just hard-to-find resources via the DNS system. Latest version Fierce v2 ¶ To check out the latest version of Fierce v2 from subversion, simply run the following command: svn co fierce2/ You can find the documentation here: Installing and Updating Documentation ¶ To access the documentation for Fierce v2 use the following command:
Basic Use Of Maltego For Network Intelligence Gathering Description: This is a screen-cast demonstration of the basic uses of Maltego, a powerful program used in network and open source intelligence gathering, by Rick Gurley of Risk Management Research & Investments, Inc. - a licensed private investigation agency in Columbia, Missouri. With the continued growth of your organization, the people and hardware deployed to ensure that it remains in working order is essential, yet the threat picture of your “environment” is not always clear or complete. In fact, most often it’s not what we know that is harmful - it’s what we don’t know that causes the most damage. This being stated, how do you develop a clear profile of what the current deployment of your infrastructure resembles? What are the cutting edge tool platforms designed to offer the granularity essential to understand the complexity of your network, both physical and resource based? Maltego offers the user with unprecedented information. What does Maltego do? Comments:
Color Palette and the 56 Excel ColorIndex Colors [View without Frames] Excel Color Index, coloring of fonts, cell interiors[palette], [copy], [chart], [colorindex], [grayscale], [formatting], [DOS/OE], [HTML]*, [Help], [Macros], [macros], [ColorFormulas], [FormatUnprotected], [chgfont], [ClearConstantsf], [icolorF], [popvalue], [popbased], [sorting], [count], [rowcolor], [DelRows], [hexconv], [chgpalette], [fillcolor], [cellcommentcolor], [BackupDisplay], [tabs], [triangles], [manual], [colorcharts], [detector], [Luma], [pgms], [colorcoding], [coloringcode], [VBE], [Related], [thissite], [postings], [otherxl], [other], [font], [problems], [printers], [mskb], [msdn], Scope of the Color Palette: Each workbook has it’s own palette. To change the default, change your book.xlt template for new workbooks. How the color palette works (#palette) The arrangement in XL97 differs from previous releases in that the colors are arranged from darker to lighter colors, but the Color Index values remain the same. From HELP --> Index --> palette
PPT2000: Introduction to Macro Programming in PowerPoint 2000 This article explains the steps to create a simple Microsoft Visual Basic for Applications macro within Microsoft PowerPoint. The macro you create will add a slide to your presentation, set a background texture for a slide, set slide timings, and run a slide show. This article is designed to introduce you to some of the tools and concepts you need to become a macro programmer. Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. Create A New Presentation On the File menu, click New. Create a Macro On the Tools menu, point to Macro, and then click Macros. Add Code to a New Macro You should now be looking at a flashing cursor within the Code Window. Run the Macro There are several methods to run a macro. View the Macro Code Add Some More Code Now we are ready to add the rest of the commands to complete the macro.
Using Excel with Other Office Applications General Tips on Application Interactions Copy - Paste Methodology When you copy from one Microsoft Office application into another, the default Copy-Paste sequence embeds an object of the source application into the target application's document. Generally this is helpful, because it maintains a link between the pasted object and the program used to edit the embedded object. Copying an Excel object is different. If you paste five charts from a 1 MB workbook into a PowerPoint presentation, you are adding 5 MB to the size of the presentation.If you are send the presentation to someone else, you may inadvertently send proprietary information which exists elsewhere in the workbook. This behavior also makes formatting the container of the embedded object an adventure. When I copy an Excel chart into another application, I always copy the chart as a picture. Note: Copying a chart as a picture eliminates the ability to reformat the chart using Excel's chart formatting features. Summary:
Second Life | What is Second Life? Exploring and Discovery Travel with friends to thousands of beautiful and exciting places — all created by the Second Life community. Join Now Filled with Friends Millions of people have already joined Second Life. Self-Expression Dress up and design a new 3D you. Endless Fun Every day there are thousands of new experiences and events created by the Second Life community. Artistic Bliss Discover your artistic t a lents and share them instantly with friends.