Ideja iza ove teme jeste da se popise niz security checks free toolova i best practice konfiguracija, kako bi se utegla bezbednost.
S`obzirom da ovo pisem kao draft, bice dosta izmena, za pocetak pocinjem sa temom da bi ostala na "papiru".
1. Provera jel moze da se spoofuje domen (ako nema spf i dmarc record).
2. Provera web aplikacija/servera za sigurnosnim update-ovima kao i konfiguracijama:
a. Analyse your HTTP response headers (securityheaders.com)
b. Website Scanner | Website Security Check for Free | Snyk
c. Mozilla Observatory
d. SSL Server Test (Powered by Qualys SSL Labs)
e. Free SSL Web Server Tester • Wormly Monitoring
f. Haveibeensquatted
g. BadSSL
h. DNS history and more
3. Analyzers and Intel:
a. Intezer
b. Any.run
c. JoeSandBox
d. AlienVault
e. VirusTotal
f. OstorLab - mobile and web app. analyzer
g. PolySwarm
h. Unpac.me (PE32 only)
i. abuse.ch
j. Onion2IP
k. ThreatMiner
l. GIT research
m. OSINT resources
n. IntellX
o. CVE research
p. APK anaylzer
q. OSINT framework
r. SourceCode research
s. ThreatMiner
t. Sta se sve hostuje na IP?
u. Vizualizacija konekcija po sajtu
v. Internet research netlas
w. Internet research censys
x. Internet research shodan
y. Internet research onyphe
z. Internet research shodan
1. Domain/Service analyzer
4. pcap analyzer & one more
5. Testiranje WAF resenja
6. Detekcija deepfake klipova
a. DeepFake sources
7. Chekiranje twiter naloga jel bot ili ne
a. BotSentinel
8. Search over pastebin website
9. ArchiveEU
some randoms:
https://unprotect.it/
https://know.netenrich.com/content/track/data-breach
https://yomi.yoroi.company/upload
http://www.visualsitemapper.com/
https://socradar.io/labs/deep-web-report/
https://maltiverse.com/search
https://www.dehashed.com/
https://dorksearch.com/
https://www.zoomeye.org/
https://pulsedive.com/
https://buckets.grayhatwarfare.com/
https://www.companywall.rs/
https://fofa.info/
https://vi.strobes.co/
https://www.criminalip.io
S`obzirom da ovo pisem kao draft, bice dosta izmena, za pocetak pocinjem sa temom da bi ostala na "papiru".
1. Provera jel moze da se spoofuje domen (ako nema spf i dmarc record).
2. Provera web aplikacija/servera za sigurnosnim update-ovima kao i konfiguracijama:
a. Analyse your HTTP response headers (securityheaders.com)
b. Website Scanner | Website Security Check for Free | Snyk
c. Mozilla Observatory
d. SSL Server Test (Powered by Qualys SSL Labs)
e. Free SSL Web Server Tester • Wormly Monitoring
f. Haveibeensquatted
g. BadSSL
h. DNS history and more
3. Analyzers and Intel:
a. Intezer
b. Any.run
c. JoeSandBox
d. AlienVault
e. VirusTotal
f. OstorLab - mobile and web app. analyzer
g. PolySwarm
h. Unpac.me (PE32 only)
i. abuse.ch
j. Onion2IP
k. ThreatMiner
l. GIT research
m. OSINT resources
n. IntellX
o. CVE research
p. APK anaylzer
q. OSINT framework
r. SourceCode research
s. ThreatMiner
t. Sta se sve hostuje na IP?
u. Vizualizacija konekcija po sajtu
v. Internet research netlas
w. Internet research censys
x. Internet research shodan
y. Internet research onyphe
z. Internet research shodan
1. Domain/Service analyzer
4. pcap analyzer & one more
5. Testiranje WAF resenja
6. Detekcija deepfake klipova
a. DeepFake sources
7. Chekiranje twiter naloga jel bot ili ne
a. BotSentinel
8. Search over pastebin website
9. ArchiveEU
some randoms:
https://unprotect.it/
https://know.netenrich.com/content/track/data-breach
https://yomi.yoroi.company/upload
http://www.visualsitemapper.com/
https://socradar.io/labs/deep-web-report/
https://maltiverse.com/search
https://www.dehashed.com/
https://dorksearch.com/
https://www.zoomeye.org/
https://pulsedive.com/
https://buckets.grayhatwarfare.com/
https://www.companywall.rs/
https://fofa.info/
https://vi.strobes.co/
https://www.criminalip.io