tdr130

Proposal: Node.js penetration test framework

Hi guys! Since I started to write Bluebox-ng I've been tracking the different security projects I found written in Node.js. Now we've published the first stable version we think it's the right moment to speak among us (and, of course, everyone interested in it :).

Why?

I think we're rewriting the same stuff in our respective projects again and again. For example, almost any tool supports IPv6 because the functions we need are still not present in the Node core and the libraries I found (IMHO) were not enough.
There're different projects implementing exactly the same thing, ie: port scanners.
We're working in a too new environment, so we need to make it together.

	#!/usr/bin/sudo ruby

	#
	# revealer.rb -- Deobfuscate GHE .rb files.
	#
	# This is simple:
	# Every obfuscated file in the GHE VM contains the following code:
	#
	# > require "ruby_concealer.so"
	# > __ruby_concealer__ "..."

	/* SMBLoris attack proof-of-concept
	*
	* Copyright 2017 Hector Martin "marcan" <marcan@marcan.st>
	*
	* Licensed under the terms of the 2-clause BSD license.
	*
	* This is a proof of concept of a publicly disclosed vulnerability.
	* Please do not go around randomly DoSing people with it.
	*
	* Tips: do not use your local IP as source, or if you do, use iptables to block

	import socket
	import random
	import argparse
	import sys
	from io import BytesIO

	# Referrer: https://github.com/wuyunfeng/Python-FastCGI-Client

	PY2 = True if sys.version_info.major == 2 else False