Daily feed of bad IPs (with blacklist hit scores)

IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.

💡 As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:

curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1

💡 If you want to try it with ipset, you can do the following:

sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:net
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -I INPUT -m set --match-set ipsum src -j DROP

In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).

https://github.com/stamparm/ipsum

#IPsum #tool #guide
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

aria2 - The ultra fast download utility

aria2 is a utility for downloading files. The supported protocols are HTTP(S), FTP, SFTP, BitTorrent, and Metalink. aria2 can download a file from multiple sources/protocols and tries to utilize your maximum download bandwidth.

It supports downloading a file from HTTP(S)/FTP/SFTP and BitTorrent at the same time, while the data downloaded from HTTP(S)/FTP/SFTP is uploaded to the BitTorrent swarm. Using Metalink's chunk checksums, aria2 automatically validates chunks of data while downloading a file like BitTorrent.

💡 Features:

👉🏼 Multi-Connection Download. aria2 can download a file from multiple sources/protocols and tries to utilize your maximum download bandwidth. Really speeds up your download experience.

👉🏼 Lightweight. aria2 doesn’t require much memory and CPU time. When disk cache is off, the physical memory usage is typically 4MiB (normal HTTP/FTP downloads) to 9MiB (BitTorrent downloads). CPU usage in BitTorrent with download speed of 2.8MiB/sec is around 6%.

👉🏼 Fully Featured BitTorrent Client. All features you want in BitTorrent client are available: DHT, PEX, Encryption, Magnet URI, Web-Seeding, Selective Downloads, Local Peer Discovery and UDP tracker.

👉🏼 Metalink Enabled. aria2 supports The Metalink Download Description Format (aka Metalink v4), Metalink version 3 and Metalink/HTTP. Metalink offers the file verification, HTTP/FTP/SFTP/BitTorrent integration and the various configurations for language, location, OS, etc.

👉🏼 Remote Control. aria2 supports RPC interface to control the aria2 process. The supported interfaces are JSON-RPC (over HTTP and WebSocket) and XML-RPC.

👉🏼 👀 The project page is located at:
https://aria2.github.io/

#aria2 #download #tool #utility #linux #windows
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Maltrail

Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists, where trail can be anything from domain name (e.g. zvpprsensinaix.com for Banjori malware), URL (e.g. hXXp://109.162.38.120/harsh02.exe for known malicious executable), IP address (e.g. 185.130.5.231 for known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic mechanisms that can help in discovery of unknown threats (e.g. new malware).

💡Architecture

Maltrail is based on the Traffic -> Sensor <-> Server <-> Client architecture. Sensor(s) is a standalone component running on the monitoring node (e.g. Linux platform connected passively to the SPAN/mirroring port or transparently inline on a Linux bridge) or at the standalone machine (e.g. Honeypot) where it "monitors" the passing Traffic for blacklisted items/trails (i.e. domain names, URLs and/or IPs). In case of a positive match, it sends the event details to the (central) Server where they are being stored inside the appropriate logging directory (i.e. LOG_DIR described in the Configuration section). If Sensor is being run on the same machine as Server (default configuration), logs are stored directly into the local logging directory. Otherwise, they are being sent via UDP messages to the remote server (i.e. LOG_SERVER described in the Configuration section).

👀 👉🏼 https://github.com/stamparm/maltrail#introduction

👀 👉🏼 ipsum:
https://github.com/stamparm/ipsum

#stamparm #maltrail #ipsum #tool #malicious #detection #blacklist
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

GHunt

GHunt is an OSINT tool to extract a lot of informations of someone's Google Account email.

👀 👉🏼 It can currently extract :

✅ Owner's name
✅ Last time the profile was edited
✅ Google ID
✅ If the account is an Hangouts Bot
✅ Activated Google services (Youtube, Photos, Maps, News360, Hangouts, etc.)
✅ Possible Youtube channel
✅ Possible other usernames
✅ Public photos
✅ Phones models
✅ Phones firmwares
✅ Installed softwares
✅ Google Maps reviews
✅ Possible physical location

⚠️ Warning:
02/10/2020: Since few days ago, Google return a 404 when we try to access someone's Google Photos public albums, we can only access it if we have a link of one of his albums.
Either this is a bug and this will be fixed, either it's a protection that we need to find how to bypass.
So, currently, the photos & metadata module will always return "No albums" even if there is one.

👀 👉🏼 https://github.com/mxrch/GHunt

#ghunt #google #account #tool
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Awful AI

Awful AI is a curated list to track current scary usages of AI - hoping to raise awareness to its misuses in society

Artificial intelligence in its current state is unfair, easily susceptible to attacks and notoriously difficult to control. Often, AI systems and predictions amplify existing systematic biases even when the data is balanced. Nevertheless, more and more concerning the uses of AI technology are appearing in the wild. This list aims to track all of them. We hope that Awful AI can be a platform to spur discussion for the development of possible preventive technology (to fight back!).

➡️ Discrimination

➡️ Influencing, disinformation, and fakes

➡️ Surveillance

➡️ Social credit systems

➡️ Misleading platforms, and scams

➡️ Autonomous weapon systems and military

➡️ Awful research

👀 👉🏼 https://github.com/daviddao/awful-ai

#awful #ai #answers #guide #tool #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Take Control Of Your Privacy

Exercising privacy rights more simply is critical to making online privacy accessible to all.

You might have noticed “Do Not Sell” and “Object To Processing” links around the web from companies complying with privacy regulations. Rather than having to click on each of these links individually across many websites, you can exercise your rights in one step via the “Global Privacy Control” (GPC) signal, which is required under the California Consumer Protection Act (CCPA) and Europe’s Global Data Protection Regulation (GDPR).

💡 👉🏼 Get your privacy rights under control:
https://globalprivacycontrol.org/#download

👀 👉🏼 https://globalprivacycontrol.org/

💡 👉🏼 Read as well 👈🏼 💡
https://spreadprivacy.com/announcing-global-privacy-control/

#privacy #control #tool #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Introducing Cover Your Tracks!

Today, we’re pleased to announce Cover Your Tracks, the newest edition and rebranding of our historic browser fingerprinting and tracker awareness tool Panopticlick. Cover Your Tracks picks up where Panopticlick left off. Panopticlick was about letting users know that browser fingerprinting was possible; Cover Your Tracks is about giving users the tools to fight back against the trackers, and improve the web ecosystem to provide privacy for everyone.

Over a decade ago, we launched Panopticlick as an experiment to see whether the different characteristics that a browser communicates to a website, when viewed in combination, could be used as a unique identifier that tracks a user as they browse the web. We asked users to participate in an experiment to test their browsers, and found that overwhelmingly the answer was yes—browsers were leaking information that allowed web trackers to follow their movements.

n this new iteration, Cover Your Tracks aims to make browser fingerprinting and tracking more understandable to the average user. With helpful explainers accompanying each browser characteristic and how it contributes to their fingerprint, users get an in-depth look into just how trackers can use their browser against them.

👀 👉🏼 https://www.eff.org/deeplinks/2020/11/introducing-cover-your-tracks

#eff #tool #coveryourtracks #panopticlick #tracking #fingerprinting
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Nipe - An engine to make Tor Network your default gateway

Summary

The Tor project allows users to surf the Internet, chat and send instant messages anonymously through its own mechanism. It is used by a wide variety of people, companies and organizations, both for lawful activities and for other illicit purposes. Tor has been largely used by intelligence agencies, hacking groups, criminal activities and even ordinary users who care about their privacy in the digital world.

Nipe is an engine, developed in Perl, that aims on making the Tor network your default network gateway. Nipe can route the traffic from your machine to the Internet through Tor network, so you can surf the Internet having a more formidable stance on privacy and anonymity in cyberspace.

👀 👉🏼 Download and install:
https://github.com/htrgouvea/nipe#download-and-install

#nipe #tor #routing #privacy #anonymity #tool
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

You've Got Spam: With this tool you send back your spam mails

You get unwanted emails every day, no matter how often you unsubscribe from mailing lists? With this tool, e-mail revenge is yours.

💡 👉🏼 https://youvegotspam.mschfmag.com

#youvegotspam #email #spam #tool #gmail
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

LineageOS adopts SeedVault as its open source backup solution

For those not familiar with SeedVault, it is an open-source backup app that uses the same internal APIs as adb backup. The application doesn’t need root access, but it must be compiled with the operating system. The backup location is user-configurable, with options ranging from a USB flash drive to a remote self-hosted cloud alternative such as NextCloud. This makes SeedVault a particularly viable option for users who doesn’t want to store their personal data to Google’s proprietary cloud-based storage.

👀 👉🏼 https://nitter.net/t_grote/status/1220036097293586432#m

👀 👉🏼 http://telegra.ph/LineageOS-adopts-SeedVault-as-its-open-source-backup-solution-12-06

via www.xda-developers.com

⚠️Warning not all apps can be backed up this way
Some apps declare they cannot be backed up in their manifests so adb backup, therefore seedvault, skips them


#lineage #android #seedvault #opensource #backup #tool
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

SOPS: Secrets OPerationS

sops is an editor of encrypted files that supports #YAML, #JSON, #ENV, #INI and #BINARY formats and encrypts with #AWS #KMS, #GCP #KMS, #Azure #Key #Vault and #PGP.

https://github.com/mozilla/sops

#sops #encryption #tool
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Social Analyzer

Social Analyzer - API, CLI & Web App for analyzing & finding a person's profile across +300 social media websites. It includes different string analysis and detection modules, you can choose which combination of modules to use during the investigation process.

The detection modules utilize a rating mechanism based on different detection techniques, which produces a rate value that starts from 0 to 100 (No-Maybe-Yes). This module intended to have less false positive and it's documented in this Wiki link

The analysis and extracted social media information from this OSINT tool could help in investigating profiles related to suspicious or malicious activities such as cyberbullying, cybergrooming, cyberstalking, and spreading misinformation.

This project is "currently used by some law enforcement agencies in countries where resources are limited".

https://github.com/qeeqbox/social-analyzer

#social #analyzer #qeeqbox #socialmedia #tool
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

This browser extension shows what the Internet would look like without Big Tech

A web without Google, Facebook, Microsoft, or Amazon

The Economic Security Project is trying to make a point about big tech monopolies by releasing a browser plugin that will block any sites that reach out to IP addresses owned by Google, Facebook, Microsoft, or Amazon. The extension is called Big Tech Detective, and after using the internet with it for a day (or, more accurately, trying and failing to use), I’d say it drives home the point that it’s almost impossible to avoid these companies on the modern web, even if you try.

https://www.theverge.com/2021/2/24/22297686/browser-extension-blocks-sites-using-google-facebook-microsoft-amazon

💡 https://bigtechdetective.net/

#DeleteGoogle #delete #microsoft #amazon #browser #plugin #extension #tool
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

FLoC Block

Prevent Federated Learning of Cohorts aka FLoC ad-targeting code from running in Chrome.

FLoC, short for Federated Learning of Cohorts, is the new mechanism used by Google Chrome to group users into buckets based on their interests. You can read more about it here and why Brave and some other browsers have blocked it here. EFF did some analysis as well.

💡 How does this Chrome Extension help?

If you HAVE to use Chrome but don't like the idea of being grouped into a bucket (aka cohort) based on the websites you visit, this extension is a simple way to prevent FLoC from divulging your "cohort id" to websites. The extension removes document.interestCohort() from every page so that a website cannot get your cohort id.

💡 How do I install this extension?

👉🏼 Download flocblock.zip from https://github.com/ShivanKaul/flocblock/releases/latest. Direct link: https://github.com/ShivanKaul/flocblock/releases/download/v0.0.1/flocblock.zip

👉🏼 Extract extension.

👉🏼 Follow the instructions to load into Chrome.

https://github.com/ShivanKaul/flocblock

#floc #block #chrome #browser #tracking #tool
📡 @nogoolag 📡 @blackbox_archiv

Facebook Email to profile vulnerability

A video shared with researchers and Motherboard shows a tool linking email addresses to Facebook accounts

A tool lets a user see which email address is linked to a Facebook account even if the Facebook user didn't publicly advertise their address, according to a video sent to various researchers and Motherboard.

The news presents another significant privacy issue for Facebook, which is continuing to face a series of data leaks around phone numbers and other data.

https://twitter.com/UnderTheBreach/status/1384552368512159744

https://www.vice.com/en/article/bvz8pz/tool-finds-facebook-email-addresses

#tool #facebook #DeleteFacebook #poc #email #accounts #video
📡 @nogoolag 📡 @blackbox_archiv

Profil3r

Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses. This program also alerts you to the presence of a data leak for the found emails.

‼️ For educational purposes only

https://github.com/Rog3rSm1th/Profil3r

#educational #profil3r #osint #tool #social #networks #email
📡 @nogoolag 📡 @blackbox_archiv