stunner
cve-2021-3449
stunner | cve-2021-3449 | |
---|---|---|
4 | 4 | |
711 | 225 | |
- | - | |
7.4 | 0.0 | |
4 days ago | over 2 years ago | |
Go | Go | |
GNU General Public License v3.0 or later | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
stunner
- Stunner β tool to test and exploit STUN, TURN and TURN over TCP servers
- Stunner - tool to test and exploit STUN, TURN and TURN over TCP servers.
- stunner: Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers. If you find a misconfigured server you can use this tool to open a local socks proxy that relays all traffic via the TURN protocol into the internal network behind the server.
- New tool to exploit TURN servers - create a socks proxy into the internal network
cve-2021-3449
-
CVE 2021 3449 exploit method
I am trying to understand how to use the information in https://github.com/terorie/cve-2021-3449 to check in my server which has UI and supports TLS 1.2. It does not support renegotiation though but I still wanted to check with exploit to verify whether or not, it is impacted. The link mentions βgo run . -host host:portβ but I am not able to figure out how to use it as there seem no script to run. Any help would be appreciated.
- CVE-2021-3499 OpenSSL denial-of-service PoC
-
Do these vulns affect Fortigate devices? CVE-2021-3449 - CVE-2021-3450
FortiOS(web gui/sslvpn) is "vulnerable" to CVE-2021-3449, tested using POC https://github.com/terorie/cve-2021-3449 Impact is basically limited to filling up your crashlog, but if you have fortigates your used to that :)
-
OpenSSL Security Advisory [25 March 2021]
Does anyone have a PoC? Someone posted this on Github but the git log is squashed and doesn't show the changes they made. https://github.com/terorie/cve-2021-3449
What are some alternatives?
hershell - Multiplatform reverse shell generator
Caddy - Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
turn - Pion TURN, an API for building TURN clients and servers
httpd - Docker Official Image packaging for Apache HTTP Server
tfsec - Security scanner for your Terraform code
OpenSSL - TLS/SSL and crypto library
turner - SOCKS5 and HTTP over TURN/STUN proxy
chain-bench - An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
mkcert - A simple zero-config tool to make locally trusted development certificates with any names you'd like.
go-stun - A go implementation of the STUN client (RFC 3489 and RFC 5389)
traitor - :arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock