-
Ticketbleed (CVE-2016-9244) detector
Sending a (N - 31 byte) sessionId and alerting on received ticket being
- serverHello.sessionId larger than clientHello.sessionId
- equals( serverHello.sessionI…
-
While converting ``run_ticketbleed()`` to a different socket sending function which omits the leading x in each bytes I thought: Well, as we don't have a unit test for ticketbleed (and I couldn't fi…
-
**Very legacy error reproduced**
When I do a mass 'pcap read' related script scan on windows, it's happening
Syn-scan finish and a few minutes after the NSE scan begins:
![image](https://github.com…
-
Hello,
I noticed when trying to use your script to import the csv files into elastic search nothing gets imported for the vulnerabilities as it appears with - and also when trying to do a search in…
-
This is first just a dump of my thoughts which came up after some discussion with David. Feedback is appreciated!
As of now testssl.sh has a rating which is more or less best practice from the pers…
-
Hey just a heads up
https://github.com/oscarotero/nginx-snippets/blob/023ff04a71ff696a162dd3151cac50dd10dd93f5/server.conf#L24-L25
is vulnerable to https://www.breachattack.com/.
Debian disab…
kousu updated
3 years ago
-
## Environment
* Operating system (including version): Ubuntu 22.1
* mkcert version (from `mkcert -version`): v1.4.4
* Server (where the certificate is loaded): localhost
* Client (e.g. browser,…
-
4月3号,愚人节后的两天,也恰是清明的前两天。意外收到来自京东的面试,简历是3月28号投的,未曾想到能会通过筛选,面试官聊了一会,不出意外,并没有通过。自省之余,对其中的5道问题并不能很好的回答,因此予以记录
---
# 一面
1. 一般sql注入怎么发现触点的,从源码阐述sqlmap如何测试注入点的.
2. masscan扫描端口时靠什么检测,为什么这么快? 请详述.
3.…
-
**Describe the bug**
I am testing Authentik with LDAP federation using a TLS-only openLDAP. The LDAP server runs on Debian Bookworm with a normal TLS setup, a valid LE cert, TLS 1.2+, etc.
The A…
-
1. uname -a: `Linux debian 4.19.0-9-amd64 #1 SMP Debian 4.19.118-2+deb10u1 (2020-06-07) x86_64 GNU/Linux`
2. testssl version from the banner:
```
testssl.sh 3.1dev from https://test…
ghost updated
4 years ago