Tuesday, December 30, 2014

Search the web from Splunk using Faroo


I have been away for a while, but been very busy at Github. Just wrapped up a app for Splunk that allows you to search the web using key words from a specific Splunk field. Primary use for this is to rank up items that might have been indexed by a web service like Faroo. Also to add further context on the fly when doing investigations.

See the code at:

https://github.com/divious1/SA-faroo

I just submitted to https://apps.splunk.com for approval.

Tuesday, June 3, 2014

Generating Elliptical Curve (EC) Key/Pair

Just finished a post over at Splunk blog regarding using EC (Elliptical Curve) certs with in Splunk. Although the explanation was geared towards someone deploy the keys in a Splunk deployment the key pair could be used in any situation (proxy, web server etc..)

Here is the TL;DR summary of the post:


Generate a New Elliptical Curve CA key and Cert
openssl ecparam -out ca-key.pem -genkey -name prime256v1
openssl req -x509 -new -key ca-key.pem -out ca-cert.pem

Generate Servers Private key and CSR
openssl ecparam -out server-key.pem -genkey -name prime256v1
openssl req -new -key server-key.pem -out server-csr.pem


Generate Public Certificates:
openssl x509 -req -days 365 -in server-csr.pem -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem

Testing

If you want to test your keys. Start a web server with the following openssl command.
openssl s_server -www -key server-key.pem -cert server-cert.pem -CAfile ca-cert.pem -state

Then, try to connect to
openssl s_client -connect 127.0.0.1:4433

Friday, May 9, 2014

Nexpose Python Client Library

Just wrapped up a client library for Nexpose. I forked one already created, but added custom reporting support to it, which was a feature that a friend was requesting. Hope it helps anyone else running this as their Vulnerability scanner.

https://github.com/divious1/pnexpose

If there are any errors, or issues with it please feel free to ping me at @divious_1