This is a partial and quick and dirty proof of concept implementation of the following specifications to configure a tor client to use trusted exit relays only.

Related tags

Security related resourcestrustor-poc
Overview

This is a partial and quick and dirty proof of concept implementation of the following specifications to configure a tor client to use trusted exit relays only.

NOTE: This PoC is NOT fit for general use and not meant to be used by end-users!

This limited version only selects exit relays and leaves other positions unchanged. It supports a max_depth of 0 only (no recusion to find trusted operators).

this PoC performs the following steps

  • reads the trust configuration and validation cache
  • connects to a local tor client via it's ControlPort to find relays claiming to be from a trusted operator
  • validates claims via HTTPS (routed via tor) or DNS including DNSSEC check (can also be routed via tor but requires dnscrypt-proxy)
  • writes a validation cache to disk
  • configures the local tor client (non-persistently) to only use exits from trusted operators that passed the validation steps

requirements

  • a local tor client must be running (see sample torrc file)
  • dnssec-root-trust must contain the DNSSEC Root Trust Anchor (IANA)
  • local dnscrypt-proxy daemon, configured to route (encrypted) DNS via tor's SOCKSPort
force_tcp = true

proxy = 'socks5://127.0.0.1:9050'

...

configuration

  • this PoC comes with an empty trust_config file, users need to add entries (example)
  • dnscrypt-proxy is expected to listen on 127.0.2.1:53 otherwise configure the IP address in the resolv.conf file
  • generate a password hash via tor --hash-password randomstringgoeshere and paste it into the torrc config (or use ControlSocket instead)
  • add the plaintext password to the controller_password= line in the script
  • torcontactinfoparser needs to be installed manually
  • on debian pyunbound is in the python3-unbound package

used libraries

Owner
https://nusenu.medium.com/
GitHub Repository
log4j-tools: CVE-2021-44228 poses a serious threat to a wide range of Java-based applications

log4j-tools Quick links Click to find: Inclusions of log4j2 in compiled code Calls to log4j2 in compiled code Calls to log4j2 in source code Overview

JFrog Ltd. 171 Dec 25, 2022
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

About Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Changed from sam-the-admin. Usage SAM THE ADMIN CVE-202

Evi1cg 500 Jan 06, 2023
Scan Site - Tools For Scanning Any Site and Get Site Information

Site Scanner Tools For Scanning Any Site and Get Site Information Example Require - pip install colorama - pip install requests How To Use Download Th

NumeX 5 Mar 19, 2022
LittleBrother is a simple parental control application monitoring specific processes on Linux hosts to monitor and limit the play time of children.

Parental Control Application LittleBrother Overview LittleBrother is a simple parental control application monitoring specific processes (read "games"

40 Dec 21, 2022
A toolkit for web reconnaissance, it's fast and easy to use.

A toolkit for web reconnaissance, it's fast and easy to use. File Structure httpsuite/ main.py init.py db/ db.py init.py subdomains_db directories_db

whoami security 22 Jul 22, 2022
Simple python script for generating custom high-secure passwords for securing your social-apps ❀️

Opensource Project Simple Python Password Generator This repository is just for peoples who want to generate strong-passwords for there social-account

K A R T H I K 15 Dec 01, 2022
Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers

CVE-2022-21907 - Double Free in http.sys driver Summary An unauthenticated attacker can send an HTTP request with an "Accept-Encoding" HTTP request he

Podalirius 71 Dec 22, 2022
A Radare2 based Python module for Binary Analysis and Reverse Engineering.

Zepu1chr3 A Radare2 based Python module for Binary Analysis and Reverse Engineering. Installation You can simply run this command. pip3 install zepu1c

Mehmet Ali KERİMOĞLU 5 Aug 25, 2022
A deobfuscator for multiple python obfuscators

PY4COC A deobfuscator for multiple python obfuscators, supports exe's packed with pyinstaller too. How to use python3 py4coc.py exe file or py file o

svenskithesource 16 Dec 03, 2022
DomainMonitor is a web project that has a RESTful API to get a domain's subdomains and whois data.

DomainMonitor is a web project that has a RESTful API to get a domain's subdomains and whois data.

2 Feb 05, 2022
Safety checks your installed dependencies for known security vulnerabilities

Safety checks your installed dependencies for known security vulnerabilities. By default it uses the open Python vulnerability database Safety DB, but

pyup.io 1.4k Dec 30, 2022
Tool to check if your DNS comply to Polish Ministry of Finance gambling domains restrictions

dns-mf-hazard Tool to check if your DNS comply to Polish Ministry of Finance gambling domains restrictions How to use it? Installation You need python

Marek Wajdzik 2 Jan 01, 2022
Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10

CVE-2021-29440 Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10 Grav is a file based Web-platform. Twig processing of static p

Enox 6 Oct 10, 2022
π™Ύπš™πšŽπš— πš‚πš˜πšžπš›πšŒπšŽ πš‚πšŒπš›πš’πš™πš - π™½πš˜ π™²πš˜πš™πš’πš›πš’πšπš‘πš - πšƒπšŽπšŠπš– πš†πš˜πš›πš” - πš‚πš’πš–πš™πš•πšŽ π™Ώπš’πšπš‘πš˜πš— π™Ώπš›πš˜πš“πšŽπšŒπš - π™²πš›πšŽπšŠπšπšŽπš π™±πš’ : π™°πš•πš• πšƒπšŽπšŠπš– - π™²πš˜πš™πš’π™ΏπšŠπšœπš π™²πšŠπš— π™½πš˜πš π™ΌπšŠπš”πšŽ 𝚈𝚘𝚞 πšπšŽπšŠπš• π™Ώπš›πš˜πšπš›πšŠπš–πš–πšŽπš›

π™Ύπš™πšŽπš— πš‚πš˜πšžπš›πšŒπšŽ πš‚πšŒπš›πš’πš™πš - π™½πš˜ π™²πš˜πš™πš’πš›πš’πšπš‘πš - πšƒπšŽπšŠπš– πš†πš˜πš›πš” - πš‚πš’πš–πš™πš•πšŽ π™Ώπš’πšπš‘πš˜πš— π™Ώπš›πš˜πš“πšŽπšŒπš - π™²πš›πšŽπšŠπšπšŽπš π™±πš’ : π™°πš•πš• πšƒπšŽπšŠπš– - π™²πš˜πš™πš’π™ΏπšŠπšœπš π™²πšŠπš— π™½πš˜πš π™ΌπšŠπš”πšŽ 𝚈𝚘𝚞 πšπšŽπšŠπš• π™Ώπš›πš˜πšπš›πšŠπš–πš–πšŽπš›

CodeX-ID 2 Oct 27, 2022
CVE-2022-22965 - CVE-2010-1622 redux

CVE-2022-22965 - vulnerable app and PoC Trial & error $ docker rm -f rce; docker build -t rce:latest . && docker run -d -p 8080:8080 --name rce rce:la

Duarte Duarte 20 Aug 25, 2022
Separate handling of protected media in Django, with X-Sendfile support

Django Protected Media Django Protected Media is a Django app that manages media that are considered sensitive in a protected fashion. Not only does t

Cobus Carstens 46 Nov 12, 2022
python script for hack gmail account using brute force attack

#Creator: johnry #coded by john ry GBrute python script for hack gmail account using brute force attack Commands apt update && apt upgrade git clone h

6 Dec 09, 2022
FIVE, Vulnerability Scanner And Mass Exploiter, made for pentesting.

$ FIVE - FIVE is a Pentesting Framework to Test the Security & Integrity of a Website, or Multiple Websites. $ Info FIVE Was Made After Vulnnr to Prod

Neon 24 Dec 10, 2021
A Python wrapper around the OpenSSL library

pyOpenSSL -- A Python wrapper around the OpenSSL library Note: The Python Cryptographic Authority strongly suggests the use of pyca/cryptography where

Python Cryptographic Authority 795 Dec 29, 2022
Detection And Breaking With Python

Detection And Breaking IIIIIIIIIIIIIIIIIIII PPPPPPPPPPPPPPPPP VVVVVVVV VVVVVVVV I::::::::II::::::::I P:::::::

Baris Dincer 1 Dec 26, 2021