Nos publications
Actualité cybersécurité : nos publications récentes sont disponibles sur notre blog.
Outils
Follow us on GitHub : https://github.com/Intrinsec/
CoMisSion – Whitebox CMS analysis
CoMisSion is a tool to quickly analyze a CMS setup. The tool:
- checks for the core version;
- looks for the last core version;
- looks for vulnerabilities in core version used;
- checks for plugins version;
- looks for vulnerabilities in plugins version used;
https://github.com/Intrinsec/comission
https://www.intrinsec.com/2017/08/16/comission-whitebox-cms-analysis/
Burp extension « Scan manual insertion point »
This Burp extension lets the user select a region of a request (typically a parameter value), and via the context menu do an active scan of just the insertion point defined by that selection. It is similar with the « actively scan defined insertion points » feature in the context menu of the Intruder, without the burden of having to send the request to the Intruder.
https://github.com/Intrinsec/burp-scan-manual-insertion-point
Android-SSL-Patch
This program can be used during mobile application assessment or mobile malware on android platform to patch the binary application (APK file) in order to disable SSL certificates verifications.
http://code.google.com/p/intrinsec-android-ssl-patch/
Apache Range Header DOS Testing
This script can be used to test an host (IP or hostname) or a range of IP against the Apache Range Header DOS (CVE-2011-3192).
http://code.google.com/p/intrinsec-dos-apache-range-header-tester/
XML-RPC Scanner
This program is developped as a POC to perform security audits against XML-RPC services. It is developped in python using xlmrpclib and allow to: perform discovery of available methods, perform bruteforce attacks against authentication using known methods (or as a base to implement a bruteforce against a new one) and build authenticated attacks (the script is ready to accept login / password and new tests)