DOMXSS Scanner
DOMXSS Scanner is an online tool that helps you find potential DOM based XSS security vulnerabilities. Enter a URL to scan the document and the included scripts for DOMXSS sources and sinks in the source code of Web pages and JavaScript files.
http://www.domxssscanner.com
Saturday, February 19, 2011
Friday, February 18, 2011
Java SE 6 Update 24 released
JDK 6 Update 24 is now available to download from Oracle’s Java download page. Looking at the release notes, this is mainly a security and bug fix release. Thankfully, they have addressed the floating point parsing vulnerability which resulted in a denial of service of the JVM through excessive resource consumption.
Sunday, February 13, 2011
Patriot NG 2.0 released
Patriot NG is a 'Host IDS' tool which allows real time monitoring of changes in Windows systems or Network attacks. It is available for Windows XP, Windows Vista, Windows 7 (32Bits & 64bits)
Patriot monitors:
Download: http://www.security-projects.com/?Patriot_NG:Download
Documentation: http://www.security-projects.com/ManualPatriot-NG2.0EN.pdf
Video demo: http://vimeo.com/19798452
Patriot monitors:
- Changes in Registry keys: Indicating whether any sensitive key (autorun, internet explorer settings...) is altered.
- New files in 'Startup' directories
- New Users in the System
- New Services installed
Changes in the hosts file - New scheduled jobs
- Alteration of the integrity of Internet Explorer: (New BHOs, configuration changes, new toolbars)
- Changes in ARP table (Prevention of MITM attacks)
- Installation of new Drivers
- New Netbios shares
- TCP/IP Defense (New open ports, new connections made by processes, PortScan detection...)
- Files in critical directories (New executables, new DLLs...)
- New hidden windows (cmd.exe / Internet Explorer using OLE objects)
- Netbios connections to the System
- ARP Watch (New hosts in your network)
- NIDS (Detect anomalous network traffic based on editable rules)
Download: http://www.security-projects.com/?Patriot_NG:Download
Documentation: http://www.security-projects.com/ManualPatriot-NG2.0EN.pdf
Video demo: http://vimeo.com/19798452
BeEF v.0.4.2.2-alpha Released
BeEF, the Browser Exploitation Framework is a professional security tool provided for lawful research and testing purposes. It allows the experienced penetration tester or system administrator additional attack vectors when assessing the posture of a target. The user of BeEF will control which browser will launch which command module and at which target.
BeEF hooks one or more web browsers as beachheads for the launching of directed command modules in real-time. Each browser is likely to be within a different security context. This provides additional vectors that can be exploited by security professionals.
BeEF provides a professional and simple user interface. It is easy to deploy and is implemented in Ruby so it will run on most Operating Systems. The framework contains various command modules which employ BeEF's simple API. This API facilitates quick development of custom modules by the user.
Download: http://code.google.com
BeEF hooks one or more web browsers as beachheads for the launching of directed command modules in real-time. Each browser is likely to be within a different security context. This provides additional vectors that can be exploited by security professionals.
BeEF provides a professional and simple user interface. It is easy to deploy and is implemented in Ruby so it will run on most Operating Systems. The framework contains various command modules which employ BeEF's simple API. This API facilitates quick development of custom modules by the user.
Download: http://code.google.com
Sunday, July 4, 2010
SABnzbd Java API version 0.2
I have now released another Google Code Project in relation to Sabnzbd. This is a Java API that consumes Sabnzbd server functions. It supports alot of functionality at the moment, querying all information about the server and downloads and also supports other functions such as adding downloads, pausing and resuming the server.
More detail can be found on the Google Code Project here:
http://code.google.com/p/jsabnzbd/
More detail can be found on the Google Code Project here:
http://code.google.com/p/jsabnzbd/
Friday, February 19, 2010
SABnzbd Java API
For all you SABnzbd fans, i've got a real treat for you. I've just put together a Java API (must admit didn't take long) to support various functions that SABnzbd supports. Here is a sneak preview of what you will be able to do with the API:
String[] nzbs =
{"http://www.newzbin.com/browse/post/5569239/nzb",
"http://www.newzbin.com/browse/post/5568352/nzb"};
String sabURL= "http://sabserverurl";
SABnzbd mySabServer= new SABnzbd(sabURL, "uname", "pwd");
System.out.println("Current download speed: " + mySabServer.getDownloadSpeed());
for(String nzb: nzbs)
{
mySabServer.download(nzb);
}
List queue = mySabServer.getQueue();
if (queue.isEmpty()) {
System.out.println("No download entries");
} else {
for (QueueEntry qu : queue) {
System.out.println("---- New Entry --- ");
System.out.println("Category: " + qu.getCategory());
System.out.println("Name: " + qu.getName());
System.out.println("Reamining " + qu.getRemain());
System.out.println("Total:" + qu.getTotal());
System.out.println("ETA: " + qu.getEta());
}
}
Tuesday, January 26, 2010
Orange SMS API
So you own an account with Orange and you want to have the ability to send SMS using your Orange credit which you have already paid for on your monthly contract? Well I certainly did, and the API works identically to the T-Mobile API which I developed. So here is an example of how you would use my Java API to send an SMS through the Orange network:
I have found this particularly useful as it has allowed me to load balance the sending of SMS through either the T-Mobile or Orange network. Due to both of the classes which now implement the "MobileNetwork" interface means you can program to the interface not the implementation. Now being able to utilise two separate GSM networks also improves the stability of all the applications I develop which require SMS communication. Please feel free to contact me via email if you feel this is something of interest to you.
Orange orange= new Orange("username", "password");
orange.sendSMS("01234567890", "Hello World!");
I have found this particularly useful as it has allowed me to load balance the sending of SMS through either the T-Mobile or Orange network. Due to both of the classes which now implement the "MobileNetwork" interface means you can program to the interface not the implementation. Now being able to utilise two separate GSM networks also improves the stability of all the applications I develop which require SMS communication. Please feel free to contact me via email if you feel this is something of interest to you.
Tuesday, January 12, 2010
Netbeans IDE not loading...
For all the Netbeans fans out there (I am certainly one of them) you may have come across at some point that Netbeans will not load after the loading of modules and you may end up with a blank screen or just a basic outline of the Netbeans window. After doing some debugging to find out what is going on the best solution I have found is to delete the Netbeans cache. You can find out where your cache is stored by looking inside your Netbeans conf file and you will see an entry similar to:
So for most Windows based users you will probably find your cache directory here:
Simply remove the ".netbeans" directory (ensure Netbeans is not loaded) and you should be good to reload. Note though that you will lose configurations, for example you won't have any projects listed when you next load, also any custom services won't be listed like databases of web servers. I have found it is quick enough to put it all back in and you should be up and running again within a few minutes.
# ${HOME} will be replaced by JVM user.home system property
netbeans_default_userdir="${HOME}/.netbeans/6.7"
So for most Windows based users you will probably find your cache directory here:
C:\Documents and Settings\<USERNAME>\.netbeans
Simply remove the ".netbeans" directory (ensure Netbeans is not loaded) and you should be good to reload. Note though that you will lose configurations, for example you won't have any projects listed when you next load, also any custom services won't be listed like databases of web servers. I have found it is quick enough to put it all back in and you should be up and running again within a few minutes.
Saturday, January 9, 2010
Java Weather API
Knowing what is happening with the weather is always a piece of useful information worth having. After Googling around I wasn't able to find an actually Java API for the weather and I could see many others were just looking for a simple Java API to plug into their system. So I started the development with a friend, Luke Morgan, and we are at the stages where the API has reached a mature level and is something we will release shortly, most likely as part of a Google Code project. The API is extremely easy to use (as it should be!) and here is an example of how it would be utilised:
So as you can see, incorporating this API into any application is trivial. The API also supports the forecast for weather. So, for example, it could be successfully utilised as:
This is something I have personally utilised as part of Jarvis - the virtual assistant. By utilising this API in my system I receive weather updates automatically each morning, giving me the current condition and forecast data then receiving another update at night giving me tomorrows forecast. The updates are mostly delivered using my T-Mobile API. It is further utilised by the fact that Jarvis has access to my Google Calendar, so for each event Jarvis also delivers the weather conditions.
In the meantime if you would like access to this code please feel free to contact me.
Weather weather;
try
{
Weather weather = WeatherStation.getWeather("wirral");
}
catch(WeatherStationException wse)
{}
weather.getConditions(); //Returns a string, such as "Fog", "Partly Cloudy"
weather.getTemperature(); //returned in degree celsius
So as you can see, incorporating this API into any application is trivial. The API also supports the forecast for weather. So, for example, it could be successfully utilised as:
Forecast forecast;
try
{
forecast = WeatherStation.getForecast("wirral");
}
catch(WeatherStationException wse
{}
for(Weather weather: forecast.getForecast()) //returns a list of Weather (4 days)
{
System.out.println(weather.getDate() + " is forecast for " + weather.getConditions());
}
}
This is something I have personally utilised as part of Jarvis - the virtual assistant. By utilising this API in my system I receive weather updates automatically each morning, giving me the current condition and forecast data then receiving another update at night giving me tomorrows forecast. The updates are mostly delivered using my T-Mobile API. It is further utilised by the fact that Jarvis has access to my Google Calendar, so for each event Jarvis also delivers the weather conditions.
In the meantime if you would like access to this code please feel free to contact me.
Jarvis - The Virtual Assistant
I have been busy writing alot of Java APIs lately, specifically for plugging into an virtual assistant that I am constructing, called Jarvis. The concept behind Jarvis is that of any assistant, it is a tool who or that helps another person accomplish his goals but the beauty of a virtual assistant is one that never sleeps and they don't take a salary. Communication is always a key to successful assistants and I have accomplished this by developing a modularised communication system which utilises email, SMS and chat rooms. For example, Jarvis is currently able to communicate via email, SMS and Google Talk. Commands can be issued via any of those methods and Jarvis responds via the appropriate medium based upon my status and using some seamless intelligence. For example, if I issue a command such as "define assistant" via SMS and the definition is over 160 characters the communication control centre will find a more appropriate medium to deliver the response, for example if I am logged into Google Talk then Jarvis responds via that channel.
I have been making good progress on this project over the past months, currently offloading tasks such as bank account checks (the jHSBC API mentioned below has been plugged into the Jarvis system and I receive alerts about bank account changes), and Jarvis is also plugged into my Google Calendar allowing the system to send updates via SMS to myself but also any other relevant parties who are attached to that event.
Designing Jarvis has prompted me to develop many APIs in order for the system to perform a wide range of tasks. The capabilities of Jarvis so far continue to extend, most recently I have developed a Java API for Weather and an API for mapping journeys. I will be releasing more information on these APIs shortly.
I have been making good progress on this project over the past months, currently offloading tasks such as bank account checks (the jHSBC API mentioned below has been plugged into the Jarvis system and I receive alerts about bank account changes), and Jarvis is also plugged into my Google Calendar allowing the system to send updates via SMS to myself but also any other relevant parties who are attached to that event.
Designing Jarvis has prompted me to develop many APIs in order for the system to perform a wide range of tasks. The capabilities of Jarvis so far continue to extend, most recently I have developed a Java API for Weather and an API for mapping journeys. I will be releasing more information on these APIs shortly.
Subscribe to:
Posts (Atom)