coolervoid / codewarrior Goto Github PK

Hello everyone,
Thanks in advance for this important project, I have a doubt about this tool, if I need to run this tool over a DD, what could be the best practice? is it possible to run it from a script?
PD: my dd has a source code of my application with a lot of folders.

Thanks again...

i try to make, but i got error

Chrome returns
ERR_SSL_VERSION_INTERFERENCE

Software vulnerabilities that result in a stack-based buffer overflow are not as common today as they once were. but it only takes a single known vulnerability in a commonly used piece of software or operating systems to leave an entire infrastructure exposed. Since the release of papers detailing exploitation methods like Mudge’s “How To Write Buffer Overflows” , Aleph One’s “Smashing The Stack For Fun and Profit,” buffer overflows get chunk of problems in the information security field. The past few years has seen volumes of information published on techniques, when you use other tools to make static analysis don't have more precision...

So in this issue, need add stack overflow detector for C language, i think use dlopen() function to load external module, with this way, anyone can implement analyser...

With version v061 for Linux, it is not possible to load de SSL certificate.

It has been generated after following the readme file:

cd cert; openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout certkey.key -out certificate.crt
cat certificate.crt certkey.key > certkey.pem 
cd ..

> bin/warrior
Starting SSL server on port 1345, cert from cert/certkey.pem, key from cert/certkey.key

--- DEBUG-START ---

 Thu Aug 19 15:56:52 2021 src/main.c[35] main(): 
Failed to create listener: Invalid SSL key


--- DEBUG-END ---

System versions:

> uname -a
Linux kali 5.10.0-kali5-amd64 #1 SMP Debian 5.10.24-1kali1 (2021-03-23) x86_64 GNU/Linux
> openssl version
OpenSSL 1.1.1j  16 Feb 2021 (Library: OpenSSL 1.1.1k  25 Mar 2021

HardCoded credentials extract and get line of path, for building a evidence...

For example:
https://www.unix-ninja.com/p/A_cheat-sheet_for_password_crackers

What are the programming languages that are currently supported ?

I'm seeing an error when I try to build CodeWarrior on Mac Mohave.
What do you advise to fix this?

input:
$ make

output:
Compile...
gcc -Wall -Wextra -DMG_ENABLE_SSL -DMG_DISABLE_PFS lib/slre/slre.c lib/libmongoose/mongoose.c lib/sha256/sha256.c lib/BSD/strsec.c lib/frozen/frozen.c -c src/*.c
lib/libmongoose/mongoose.c:4658:10: fatal error: 'openssl/ssl.h' file not found
#include <openssl/ssl.h>
^~~~~~~~~~~~~~~
1 error generated.
make: *** [warrior] Error 1

Hi found some bugs about certificate.
default TLS checking error, comiit the code here!

master...bincker:patch-1#diff-32c2ec4117fe15bd5accfa2483beb3f9
error like .
Error loading SSL cert: Invalid ssl cert

/Desktop/codewarrior$ make
make: *** No rule to make target 'src/main.c', needed by 'warrior'. Stop.

/Desktop/codewarrior$ ls src/
file_ops.c mem_ops.c string_ops.c validate.c
file_ops.h mem_ops.h string_ops.h validate.h
html_entities.c routes.c token_anti_csrf.c whitelist.c
html_entities.h routes.h token_anti_csrf.h whitelist.h

The youtube link https://youtu.be/tZkllJ9mieU in the README file is broken.

So token with timeout is not necessary, because repeat any times... this loss security...
Change timeout options to use session, each time put diferent token and uses HMAC() function in sha256().

So old versions have the use of headers anti-XSS, CSP, etc...

The new version needs headers for hardening.

https://github.com/openssh/openssh-portable/blob/00df97ff68a49a756d4b977cd02283690f5dfa34/openbsd-compat/reallocarray.c#L37

is better than malloc() and realloc() because have integer overflow protection...

So the modules need some fixes and put true references at MITRE etc
https://github.com/CoolerVoid/codewarrior/tree/master/eggs