online – Grey Panthers Savannah https://grey-panther.net Just another WordPress site Wed, 15 Jul 2009 14:46:00 +0000 en-US hourly 1 https://wordpress.org/?v=6.7.1 206299117 Update to OVScan https://grey-panther.net/2009/07/update-to-ovscan.html https://grey-panther.net/2009/07/update-to-ovscan.html#comments Wed, 15 Jul 2009 14:46:00 +0000 https://grey-panther.net/?p=267 506198525_7e08998910_b I finally had a little free time to work on the OVscan script. Here are the updates:

  • updated to the latest changes in VirusTotal
  • updated to the latest changes in Jotti
  • added a new scanner site (NoVirusThanks). Unfortunately they currently seem to be down for maintenance
  • disable Virscan.Org, since they are down since a couple of days (hopefully they didn’t suffer a major DDoS or a visit from the police – with them being Chinese and all)

As always, you can get it from my SVN repository.

Picture taken from Vik Nanda’s photostream with permission.

]]>
https://grey-panther.net/2009/07/update-to-ovscan.html/feed 4 267
Updated VTUploader – renamed to OVScan https://grey-panther.net/2009/03/updated-vtuploader-renamed-to-ovscan.html https://grey-panther.net/2009/03/updated-vtuploader-renamed-to-ovscan.html#comments Fri, 13 Mar 2009 13:16:00 +0000 https://grey-panther.net/?p=361 389323110_fd02d6225e_oI updated the the script I originally published for submitting files to VirusTotal and renamed it OVScan (Online Virus Scan). What has changed:

  • Added support for multiple sites
  • Added support for submitting via SSL (if the site supports it)
  • Added support for a per-file timeout

Get it while it’s fresh from the source-code repository (to download it, click on the “View raw file” link). Some caveats though:

  • Not all sites support all the features. SSL is supported only by VirusTotal at the moment for example.
  • Different sites have different engines, different signature versions and so on.
  • Different sites have different usage policies. Make sure to check out the policy for the given site before submitting to it. In general assume that the site can do whatever it wants with the submitted file
  • Support for scanner.virus.org is broken at the moment because every scan seems to stall at 80% (at Norman), so I couldn’t get a sample of what the results look like
  • Support for virscan.org is rather rudimentary because of their more complex call scheme which is needed
  • To use SSL, you need to have Crypt::SSLeay installed, which under Windows means using alternative package sources.

Hope you find it useful.

Update: for those of you who prefer more asynchronous processing, there is the vtsubmit.py python script which uses the e-mail interface for VirusTotal.

Update: I did some updates to the script. Please download the new version (because the old version doesn’t really work with the changes the sites did to their architecture :-)).

Image taken from 37Hz’s photostream with permission.

]]>
https://grey-panther.net/2009/03/updated-vtuploader-renamed-to-ovscan.html/feed 15 361
Nmap online https://grey-panther.net/2006/11/nmap-online.html https://grey-panther.net/2006/11/nmap-online.html#comments Wed, 29 Nov 2006 18:42:00 +0000 https://grey-panther.net/?p=993 Some brave people have put online a service where you can scan an arbitrary computer with Nmap using their server to do the scanning on your behalf. One can say that this is the grownup version of Shields Up!.

I was worried that their service could be abused in an attack-by-proxy (or in this case reconnaissance-by-proxy) scenario, so I contacted them. They were kind enough to reply to me very fast, and here are the things I learned:

  • They are confident that the limits set in their Terms of Service are enough. At the moment of writing this post these are the following (but they can change of course):
  • There can be only one active (running) scan from one IP
  • Maximum 5 scan requests from one IP per 24 hours
  • Maximum 20 scan reqests from one IP per 7 days
  • Scan timeout is 60 min
  • An other safety measure is the fact that the logs are kept and are correlated with the requesting IP.
  • When I saw the possibility to enter an arbitrary command line, I got very nervous and asked them if they considered command line injection? Thankfully they said yes and reassured me that they taken the necessary security measures (and also that their logs were full of attempts to verify the existence of an exploit)

Given all this, I can only say: scan away! 🙂

]]>
https://grey-panther.net/2006/11/nmap-online.html/feed 3 993