From lists@infosecurity.ch Fri Jul 6 02:34:18 2018 From: "Fabio Pietrosanti (naif)" To: cypherpunks-legacy@lists.cpunks.org Subject: Re: [tor-talk] Automatic vulnerability scanning of Tor Network? Date: Fri, 06 Jul 2018 02:34:18 +0000 Message-ID: <172289093119.3849117.2118337158094889161.generated@mail.pglaf.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2394904757690878340==" --===============2394904757690878340== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On 12/22/11 12:35 PM, Jacob Appelbaum wrote: > I really appreciate that you're not working for people who wish to do > the Tor network harm. Please do consider the concerns of people in this > thread and weight your actions against those people. They too are trying > to help the network, the project, and the users. Yes, i agree, we can find a common point. We just all need to move in the same direction, with conflicts and constructive criticism, but in the same direction. > Hopefully we'll all meet at CCC for a mate to discuss this in person! Let's try to sketch down on a etterpad or trac ticket an idea on how to implement something like this in order to: - evaluating and pushing hardening of system/network security of Tor nodes - avoid/mitigate alerts and risks for Tor Operators That way we can try to match the needs perceived by all different parties, balancing the risk/return of the initiative. I'm gonna dump in this email a set of useful links collected during browsing to do that. We are probably not interested in Nessus & Metasploit AutoPwn, but it's important to know that anyone can just aggregate everything into a chain of automatic portscanning + vulnerability scanning + vulnerability exploiting. Python NMAP (A python library which helps in using nmap port scanner): http://code.google.com/p/python-nmap/ Python NMAP XML Parsing Scripts (nmap xml to sqlite): https://github.com/d1b/python-nmap-xml-output-parser Plugin Spotlight: Import Nmap XML Results Into Nessus http://blog.tenablesecurity.com/2009/08/plugin-spotlight-import-nmap-xml-resu= lts-into-nessus.html MetaSploit AutoPwn Integration with Nessus: http://www.defenceindepth.net/2009/11/metasploit-autopwn-hacking-made-simple.= html Tor NetworkScanner/ExitAuthority: https://gitweb.torproject.org/torflow.git/tree/HEAD:/NetworkScanners/ExitAuth= ority Scripts to extract exit-node, relays and their listening port: https://gitweb.torproject.org/tor.git/tree/HEAD:/contrib -naif _______________________________________________ tor-talk mailing list tor-talk(a)lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- --=20 Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE --===============2394904757690878340==--