Over time, I have contributed to some Open Source Software projects. What follows a list of such contributions. The list of contributions is grouped by project and sorted in chronological order.
- Minor fixes to IVRE’s web interface (#601).
- NSE script
sslv2-drown causes import error (#631).
- Added the
display:vulnerability search filter directive (#634).
- Fixed an issue with the calculation of the top CPEs (#635).
- Integration between stoQ Framework and LIEF (#22).
- Updated integration between stoQ Framework and LIEF to the latest API (#44).
- Fix the compilation under Linux with MinGW cross-compiler (#29).
- Added extra checks for VMWare and Wine (#31, as reported in #15).
- Disabled Wow64 file system redirection (#34).
- Added a check for less than one GiB of memory (#35).
- Fixed some compilation warnings (#37).
- Added HackingTeam VM detection methods (#39).
- Added support to prepending a path to a transversal (#3).
- Cleaned up repeated code (#482).
- Unified2 alert output X-Forwarded-For support rewrite and improvement (#544).
- Fix the segmentation fault while logging the host on the custom HTTP logger (#734).
- Simple code fixes (#1105).
- Added X-Forwarded-For support to JSON logging (#1254).
- Added support for SHA1 and SHA256 (#2252).
- Added missing AIS message types (#1).
- Fixed an issue where exception stack traces were being included (#34).
Change log can be found here.
- Improvements to smtp-open-relay script;
- Created the smtp-enum-users script, which attempts to find user account names over SMTP by brute force testing using RCPT, VRFY, and EXPN tests.
- Created the http-vuln-cve2011-3192 script that detects a denial of service vulnerability in the way the Apache web server handles requests for multiple overlapping/simple ranges of a page.
- Made http-wordpress-enum script able to get names of users who have no posts.
- Added path argument to the http-auth script and update the script to use stdnse.format_output.
- Added new fingerprints to http-enum for Subversion, CVS and Apache Archiva.
- Applied patch to snmp-brute that solves problems with handling errors that occur during community list file parsing.
- Added new services and the ATTACK category to the dnsbl script.