Contributions
Over time, I have contributed to some Open Source Software projects. What follows a list of such contributions. The list of contributions is grouped by project and sorted in chronological order.
- Fixed AnyConnect IPC message format (#17564).
IVRE
- Minor fixes to IVRE’s web interface (#601).
- NSE script
sslv2-drown
causes import error (#631).
- Added the
display:vulnerability
search filter directive (#634).
- Fixed an issue with the calculation of the top CPEs (#635).
stoQ Framework
- Integration between stoQ Framework and LIEF (#22).
- Updated integration between stoQ Framework and LIEF to the latest API (#44).
- Fix LIEF plugin usage of stoQ’s configuration API (#107).
Pafish
- Fix the compilation under Linux with MinGW cross-compiler (#29).
- Added extra checks for VMWare and Wine (#31, as reported in #15).
- Disabled Wow64 file system redirection (#34).
- Added a check for less than one GiB of memory (#35).
- Fixed some compilation warnings (#37).
- Added HackingTeam VM detection methods (#39).
Evilarc
- Added support to prepending a path to a transversal (#3).
bash-portscanner
- Some fixes and improvements (#1)
Suricata
- Cleaned up repeated code (#482).
- Unified2 alert output
X-Forwarded-For
support rewrite and improvement (#544).
- Fix the segmentation fault while logging the host on the custom HTTP logger (#734).
- Simple code fixes (#1105).
- Added
X-Forwarded-For
support to JSON logging (#1254).
- Added support for SHA1 and SHA256 (#2252).
AisLib
- Added missing AIS message types (#1).
Logback
- Fixed an issue where exception stack traces were being included (#34).
Nmap
Change log can be found here.
- Improvements to
smtp-open-relay.nse
;
- Created the
smtp-enum-users.nse
, which attempts to find user account names over SMTP by brute force testing using RCPT, VRFY, and EXPN tests.
- Created the
http-vuln-cve2011-3192.nse
that detects a denial of service vulnerability in the way the Apache web server handles requests for multiple overlapping/simple ranges of a page.
- Made
http-wordpress-enum.nse
able to get names of users who have no posts.
- Added path argument to the
http-auth.nse
script and update the script to use stdnse.format_output
.
- Added new fingerprints to
http-enum.nse
for Subversion, CVS and Apache Archiva.
- Applied patch to
snmp-brute.nse
that solves problems with handling errors that occur during community list file parsing.
- Added new services and the ATTACK category to the dnsbl script.
- Fixed a bug in
http-wordpress-users.nse
that could cause extraneous output to be captured as part of a username.