binaryedge / 40fy Goto Github PK
View Code? Open in Web Editor NEWFeatures and development of the 40fy SaaS
Features and development of the 40fy SaaS
SNMP: tcp and udp
161/162 (snmp, trap)
10161/10162 (snmps, trap)
if open -> bad
if open + communitystring is readable (like public) -> critical
impact: ability to read machine-data, configs (firewall, router 'n' stuff). if not secured,, ability to alter machine-settings
https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Using_SNMP_to_attack_a_network
curl -6 -v -k https://[2001:4ca0:xx.yy.zz] -> redirects /user/sign_in -> loads page
curl -6 -v -k http://[2001:4ca0:xx.yy.zz] -> redirects to cname-host
curl -v -k https://129.xx.yy.zz -> redirects /user/sign_in -> loads page
curl -v -k http://129.xx.yy.zz -> redirects to cname-host
the html-body and headers are only available in ipv4-results for port 443, while ipv6 - reults only displays th ssl-cert - info but nothing on the html.
this strips certain ipv6 - results out of searches/filters and leads to missing/false-negatives on ipv6 - only hosts or resulst where cnames with ipv4 and ipv6 are located on different machines.
like:
will be highly manual, but can give a huge value for orgs monitoring their own datacenters OR the datacenters on their supplychain
Abstract:
For OSINT and continuous monitoring of specific targets it would be incredibly useful to be able to store and access specify "investigations" via the dashboard. A simple query and private tag with a description would be sufficient. You may wish to limit the qnty based on subscription level. This would also reduce failed or invalid queries as new customers on-board.
Giving users the ability to publicly share these queries (Twitter and Slack share buttons) would also help create awareness of the platform and further build the community through collaborative research.
would be great
In some cases, it is really helpful to search for web pages with a specific hash. It would be great to have this feature in Binary Edge (sha256 maybe ?)
This feature allows you as a user to provide an ip address and in return receive a list of websites potentially hosted on that ip address:
For example for the ip address: 213.13.146.142
you would see the following data:
[{"A": ["213.13.146.142"], "subdomain": "www", "created_at": "2018-01-21T14:23:00.397489", "root": "sapo.pt", "title": "SAPO", "name": "sapo", "domain": "www.sapo.pt", "AAAA": ["2001:8a0:2102:c:213:13:146:142"], "suffix": "pt", "updated_at": "2018-06-12T21:40:56.463209", "org": "MEO Servicos de Comunicacoes e Multimedia SA"}, {"A": ["213.13.146.142"], "subdomain": "", "created_at": "2018-09-21T06:01:01.647817", "root": "sapo.pt", "name": "sapo", "domain": "sapo.pt", "suffix": "pt", "updated_at": "2018-09-21T06:01:01.647817"}]
For each host found display the SSL cert info(if any) such as:
Common Names, Organization, Creation and Expiry, supported versions of SSL / TLS,
Shodan.io does a similar thing to the above.
Another thing that is maybe a bit more advanced to make, is to make a custom dashboard experience by letting users build dashboards with the search terms they desire, would be dope and could be expanded for a lot of different purposes.
Hi,
Just a suggestion of improvement in the web interface : when I am searching for an IP in https://app.binaryedge.io/services/query, I get a list of results for this related IP which is not what I am looking for, I am looking for the page with all the details about this IP (like https://app.binaryedge.io/services/query/8.8.8.8). This result page is really helpful when searching for a keyword / tag / complex search, but not for an IP, and half of my searchs in BE are details about an IP. Would it be possible to have a check server side for the IP address format and redirect to the IP page directly if it is an IP ?
What do you think ?
For each IP that has a certificate (regardless of port) query the serial and/or cn/SANs against CT log to see if it exists in the dataset. If the certificate is visible within CT logs, pull that info (this is similar to what censys.io does presently, but their scans miss a lot of ports and hosts). From the UX perspective, make the tag (ex: in_ct) searchable and visible to the end user. example search: ssl "string" AND tag:in_ct WHERE cert_expired:FALSE. You could also make the tag itself click searchable from within the UI; example workflow: user looks at IP, sees cert serial, clickable leads to information about cert and how many hosts presently serve it.
Note: there are a number of ways to do this, but the simplest would be to maintain your own local index of the CT logs and query against them - use something akin to axeman
Hi,
It would be nice to have an entry point in the API to get the quota used this month but also the type of plan.
Thanks
Tek
when copying data from banners, no linebreaks are copied
goto:
https://app.binaryedge.io/services/query/2a02:7b40:b945:36ee::1
open data for port 34128
copy data from banner
insert data into editor of choice:
all lines are on one single line
same effect when copying the data into a form-field in a browser
Even where authentication is generally required, Kubernetes makes some API server paths available unauthenticated as part of the system:discovery cluster role. Whilst this has been locked down a bit in the latest versions many clusters will disclose some interesting information without authentication on the API server port, which gets returned via the type:kubernetes search.
The paths allowed by the role are as below. Probably the interesting ones are /version which shows things like software version and discloses some info. about the type of install and /swagger.json which can disclose info. about software installed on the cluster.
- /api
- /api/*
- /apis
- /apis/*
- /healthz
- /openapi
- /openapi/*
- /swagger-2.0.0.pb-v1
- /swagger.json
- /swaggerapi
- /swaggerapi/*
- /version
- /version/
When looking at an IP address, I can see the AS number but not the AS name, it would be really helpful to see the name too. This information is available publicly in different places like http://www.cidr-report.org/as2.0/autnums.html
This features allows you as a user to give a domain ie: binaryedge.io
and receive in return a list of subdomains that we have on our database associated with that domain ie:
app.binaryedge.io
blog.binaryedge.io
etc...
In app scss please justify align the google recaptcha api for sign-up (margin-left:auto;margin-right:auto) etc.
Also for login inputs <input ng-model="username" id="username" type="email"../> the lack of left-padding feels off.
Referenced on line 10622 of app.scss:
.splash-container .input-group .form-control {
padding: 0;
Or by adding padding to the element.
We would like to have a tag that automatically filters for interesting events for bugbounties, like MongoDB, Redis, Elasticsearch
Typeahead example https://ng-bootstrap.github.io/#/components/typeahead/examples
Could possibly add a typeahead for the following:
product
as_name
country
port
...
any and all of the existing filters.
If you had the ability to do on demand scans, what would you like to do and how would you like to configure them?
In this feature we would like to look back in the history of scans of an ip address in a timeline fashion, similar to the timeline on the dataleaks.
It would use the historical API endpoint which allows you to look back 6 months.
This feature enables access to our listener data. This means we can identify IP addresses which are scanning or doing requests.
With this data its possible to:
Example events:
{"origin":{"type":"sinkhole","ts":1543620828902,"client_id":"sinkhole","ip":"116.31.116.9"},"target":{"ip":"172.104.186.81","port":22,"protocol":"tcp"},"data":{"payload":"\x00\x00\x02\x84\x07\x14u\xbb\x8bI\xc7\x17V\xd1R\xaf\xd8\x98{\xc2J\xc0\x00\x00\x00Ydiffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1\x00\x00\x00\x0fssh-rsa,ssh-dss\x00\x00\x00\x92aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,[email protected],aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc\x00\x00\x00\x92aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,[email protected],aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc\x00\x00\x00Uhmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,[email protected]\x00\x00\x00Uhmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,[email protected]\x00\x00\x00\x04none\x00\x00\x00\x04none\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\xf5W\xc8]\xddX","extra":{"ssh":{"hassh_algorithms":"diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,[email protected],aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,[email protected];none","hassh":"92674389fa1e47a27ddd8d9b63ecd42b"}}}}
{"target":{"protocol":"tcp","port":445,"ip":"213.32.78.78"},"data":{"payload":"\x00\x00\x00\x85\xffSMBr\x00\x00\x00\x00\x18S\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xfe\x00\x00@\x00\x00b\x00\x02PC NETWORK PROGRAM 1.0\x00\x02LANMAN1.0\x00\x02Windows for Workgroups 3.1a\x00\x02LM1.2X002\x00\x02LANMAN2.1\x00\x02NT LM 0.12\x00"},"origin":{"ts":1543620834696,"ip":"142.4.193.169","type":"sinkhole","client_id":"sinkhole"}}
{"target":{"ip":"47.106.200.110","port":5060,"protocol":"udp"},"data":{"payload":"REGISTER sip:47.106.200.110 SIP/2.0\r\nVia: SIP/2.0/UDP 195.154.49.119:4040;branch=z9hG4bK1713871061\r\nMax-Forwards: 70\r\nFrom: "47106200110" sip:[email protected];tag=799463280\r\nTo: "me" sip:[email protected]\r\nCall-ID: 1491721404-394118509-1512312112\r\nCSeq: 1 REGISTER\r\nContact: sip:[email protected]:4040\r\nExpires: 3600\r\nAllow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO\r\nUser-Agent: pplsip\r\nContent-Length: 0\r\n\r\n"},"origin":{"ip":"110.185.170.198","client_id":"sinkhole","type":"sinkhole","ts":1543620995572}}
{"target":{"port":502,"ip":"213.219.39.228","protocol":"tcp"},"data":{"payload":"GET / HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0\r\nHost: 213.219.39.228:502\r\nConnection: Keep-Alive\r\n\r\n"},"origin":{"type":"sinkhole","ts":1543621097552,"ip":"37.49.231.146","client_id":"sinkhole"}}
A possible feature you could add for your kubernetes facilities, is access to the read-only kubelet port. This is common on older clusters and leaks quite a lot of information. It's generally interesting as , where running, it's always available without authentication.
Port 10255/TCP
A query to /
will likely just back 404
A query to /pods/
will dump the configuration of all workloads running on the host.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.