Telegram-Trilateration
VulnWhisperer
| Telegram-Trilateration | VulnWhisperer | |
|---|---|---|
| 9 | 1 | |
| 541 | 1,335 | |
| - | 0.0% | |
| 0.0 | 0.0 | |
| about 2 years ago | over 1 year ago | |
| Python | Python | |
| GNU General Public License v3.0 only | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Telegram-Trilateration
- Telegram Trilateration
- Telegram Trilateration: Abusing “People Near Me” and tracking people's location
-
Hacker News top posts: Mar 13, 2022
Telegram Trilateration: Abusing “People Near Me” and tracking people's location\ (18 comments)
- Telegram Trilateration: PoC abusing “People Near Me” & tracking people location
- POC for abusing Telegram “People Near Me” feature and tracking people's location
- Proof of concept for abusing Telegram's "People Near Me" feature and tracking people's location
-
Security Analysis of Telegram (Symmetric Part)
Besides cryptographic issues they are also other issues compared to Signal Mtproto seems like the old man out in terms of cryptographic protocols also Mtproto dosen't seem to scale for multiple users. In earlier iterations of Mtproto there key-things missing like MAC, and etc. To be fair the paper does show in some sense the Mtproto is "secure" at protocol level (assuming your using the official client and the server is trusted) still it looks like it's fragile and pretty bad. Linked below are some more serious holes found in Mtproto's game.
VulnWhisperer
-
Building a vulnerability management dashboard
You could look at something like vuln whisperer (https://github.com/HASecuritySolutions/VulnWhisperer) which will allow you to pull in your vulnerability data from Nessus and then add your manual findings or findings from other tools to the underlying elasticsearch environment so they also show up on the vuln whisperer dashboard.
What are some alternatives?
Vulnnr - Vulnnr - Vulnerability Scanner And Mass Exploiter, created for pentesting.
gvm-tools - Remote control your Greenbone Community Edition or Greenbone Enterprise Appliance
bleachbit - BleachBit system cleaner for Windows and Linux
faraday - Open Source Vulnerability Management Platform
hosts - 🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.
ShellShockHunter - It's a simple tool for test vulnerability shellshock
breaking-telegram - Simple PoC script that allows you to exploit telegram's "send with timer" feature by saving any media sent with this functionality.
RedELK - Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Groppy - Facilitating regex creation and deploying custom grok patterns in an ELK environment 🦌📜
avatar - Self-hosted service for creating random avatars
dp_cryptomg - Another tool for exploiting CVE-2017-9248, a cryptographic weakness in Telerik UI for ASP.NET AJAX dialog handler.