Publications

CERT-Intrinsec – Trending Threat

CERT-Intrinsec – Handbooks

CERT-Intrinsec – Advisories

 Présentations

Outils

Follow us on GitHub : https://github.com/Intrinsec/

CoMisSion – Whitebox CMS analysis

CoMisSion is a tool to quickly analyze a CMS setup. The tool:

  • checks for the core version;
  • looks for the last core version;
  • looks for vulnerabilities in core version used;
  • checks for plugins version;
  • looks for vulnerabilities in plugins version used;

https://github.com/Intrinsec/comission

https://securite.intrinsec.com/2017/08/16/comission-whitebox-cms-analysis/

Burp extension « Scan manual insertion point »

This Burp extension lets the user select a region of a request (typically a parameter value), and via the context menu do an active scan of just the insertion point defined by that selection. It is similar with the « actively scan defined insertion points » feature in the context menu of the Intruder, without the burden of having to send the request to the Intruder.

https://github.com/Intrinsec/burp-scan-manual-insertion-point

https://securite.intrinsec.com/2017/07/03/burp-extension-scan-manual-insertion-point/

Android-SSL-Patch

This program can be used during mobile application assessment or mobile malware on android platform to patch the binary application (APK file) in order to disable SSL certificates verifications.

http://code.google.com/p/intrinsec-android-ssl-patch/

Apache Range Header DOS Testing

This script can be used to test an host (IP or hostname) or a range of IP against the Apache Range Header DOS (CVE-2011-3192).

http://code.google.com/p/intrinsec-dos-apache-range-header-tester/

XML-RPC Scanner

This program is developped as a POC to perform security audits against XML-RPC services. It is developped in python using xlmrpclib and allow to: perform discovery of available methods, perform bruteforce attacks against authentication using known methods (or as a base to implement a bruteforce against a new one) and build authenticated attacks (the script is ready to accept login / password and new tests)

http://code.google.com/p/intrinsec-xmlrpc-scanner/