VulnWhisperer
Telegram-Trilateration
Our great sponsors
VulnWhisperer | Telegram-Trilateration | |
---|---|---|
1 | 9 | |
1,335 | 541 | |
0.7% | - | |
0.0 | 0.0 | |
over 1 year ago | about 2 years ago | |
Python | Python | |
Apache License 2.0 | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
VulnWhisperer
-
Building a vulnerability management dashboard
You could look at something like vuln whisperer (https://github.com/HASecuritySolutions/VulnWhisperer) which will allow you to pull in your vulnerability data from Nessus and then add your manual findings or findings from other tools to the underlying elasticsearch environment so they also show up on the vuln whisperer dashboard.
Telegram-Trilateration
- Telegram Trilateration
- Telegram Trilateration: Abusing “People Near Me” and tracking people's location
-
Hacker News top posts: Mar 13, 2022
Telegram Trilateration: Abusing “People Near Me” and tracking people's location\ (18 comments)
- Telegram Trilateration: PoC abusing “People Near Me” & tracking people location
- POC for abusing Telegram “People Near Me” feature and tracking people's location
- Proof of concept for abusing Telegram's "People Near Me" feature and tracking people's location
-
Security Analysis of Telegram (Symmetric Part)
Besides cryptographic issues they are also other issues compared to Signal Mtproto seems like the old man out in terms of cryptographic protocols also Mtproto dosen't seem to scale for multiple users. In earlier iterations of Mtproto there key-things missing like MAC, and etc. To be fair the paper does show in some sense the Mtproto is "secure" at protocol level (assuming your using the official client and the server is trusted) still it looks like it's fragile and pretty bad. Linked below are some more serious holes found in Mtproto's game.
What are some alternatives?
gvm-tools - Remote control your Greenbone Community Edition or Greenbone Enterprise Appliance
Vulnnr - Vulnnr - Vulnerability Scanner And Mass Exploiter, created for pentesting.
faraday - Open Source Vulnerability Management Platform
bleachbit - BleachBit system cleaner for Windows and Linux
ShellShockHunter - It's a simple tool for test vulnerability shellshock
hosts - 🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.
RedELK - Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
breaking-telegram - Simple PoC script that allows you to exploit telegram's "send with timer" feature by saving any media sent with this functionality.
Groppy - Facilitating regex creation and deploying custom grok patterns in an ELK environment 🦌📜
PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
dp_cryptomg - Another tool for exploiting CVE-2017-9248, a cryptographic weakness in Telerik UI for ASP.NET AJAX dialog handler.
avatar - Self-hosted service for creating random avatars