weekly

GitHub XSLT Trending

The latest build: 2024-06-16Source of data: GitHubTrendingRSS

NIST Certified SCAP 1.2 toolkit


OpenSCAP

GatingJoin the chat at https://gitter.im/OpenSCAP/openscap

Open Source Security Compliance Solution

About

The oscap program is a command line tool that allows users to load, scan, validate, edit, and export SCAP documents.

Contributing

We welcome all contributions to the OpenSCAP project. If you would like to contribute, either by fixing existing issues or adding new features, please check out our contribution guide to get started. If you would like to discuss anything, ask questions, or if you need additional help getting started, you can either send a message to our libera.chat IRC channel, #openscap, or to our mailing list.

Microsoft Windows Support

The Microsoft Windows support is officially void as of Febuary 1, 2022.

Use cases

SCAP Content Validation

  • The following example shows how to validate a given source data stream; all components within the data stream are validated (XCCDF, OVAL, OCIL, CPE, and possibly other components):
oscap ds sds-validate scap-ds.xml

Scanning

  • To evaluate all definitions within the given OVAL Definition file, run the following command:
oscap oval eval --results oval-results.xml scap-oval.xml

where scap-oval.xml is the OVAL Definition file and oval-results.xml is the OVAL Result file.

  • To evaluate all definitions from the OVAL component that are part of a particular data stream within a SCAP data stream collection, run the following command:
oscap oval eval --datastream-id ds.xml --oval-id xccdf.xml --results oval-results.xml scap-ds.xml

where ds.xml is the given data stream, xccdf.xml is an XCCDF file specifying the OVAL component, oval-results.xml is the OVAL Result file, and scap-ds.xml is a file representing the SCAP data stream collection.

  • To evaluate a specific profile in an XCCDF file run this command:
oscap xccdf eval --profile Desktop --results xccdf-results.xml --cpe cpe-dictionary.xml scap-xccdf.xml

where scap-xccdf.xml is the XCCDF document, Desktop is the selected profile from the XCCDF document, xccdf-results.xml is a file storing the scan results, and cpe-dictionary.xml is the CPE dictionary.

  • To evaluate a specific XCCDF benchmark that is part of a data stream within a SCAP data stream collection run the following command:
oscap xccdf eval --datastream-id ds.xml --xccdf-id xccdf.xml --results xccdf-results.xml scap-ds.xml

where scap-ds.xml is a file representing the SCAP data stream collection, ds.xml is the particular data stream, xccdf.xml is ID of the component-ref pointing to the desired XCCDF document, and xccdf-results.xml is a file containing the scan results.

Document generation

  • without XCCDF rules
oscap xccdf generate guide XCCDF-FILE > XCCDF-GUIDE-FILE
  • with XCCDF rules
oscap xccdf generate guide --profile PROFILE XCCDF-FILE > XCCDF-GUIDE-FILE
  • generate report from scanning
oscap xccdf generate report XCCDF-RESULT-FILE > XCCDF-REPORT-FILE

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)


Living Off The Land Binaries and Scripts (and now also Libraries)

All the different files can be found behind a fancy frontend here: https://lolbas-project.github.io (thanks @ConsciousHacker for this bit of eyecandy and the team over at https://gtfobins.github.io/). This repo serves as a place where we maintain the YML files that are used by the fancy frontend.

Goal

The goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniques.

Criteria

A LOLBin/Lib/Script must:

  • Be a Microsoft-signed file, either native to the OS or downloaded from Microsoft.
  • Have extra "unexpected" functionality. It is not interesting to document intended use cases.
    • Exceptions are application whitelisting bypasses
  • Have functionality that would be useful to an APT or red team

Interesting functionality can include:

  • Executing code
    • Arbitrary code execution
    • Pass-through execution of other programs (unsigned) or scripts (via a LOLBin)
  • Compiling code
  • File operations
    • Downloading
    • Upload
    • Copy
  • Persistence
    • Pass-through persistence utilizing existing LOLBin
    • Persistence (e.g. hide data in ADS, execute at logon)
  • UAC bypass
  • Credential theft
  • Dumping process memory
  • Surveillance (e.g. keylogger, network trace)
  • Log evasion/modification
  • DLL side-loading/hijacking without being relocated elsewhere in the filesystem.

We do not approve binaries that allows for netntlm coercing, since most Windows binaries allows for that. Only exception is binaries that allows that on other than default ports (such as rpcping) or can allow direct credential theft.

Contributing

If you have found a new LOLBin or LOLScript that you would like to contribute, please review the contributing guidelines located here: https://github.com/LOLBAS-Project/LOLBAS/blob/master/CONTRIBUTING.md

A template for the required format has been provided here: https://github.com/LOLBAS-Project/LOLBAS/blob/master/YML-Template.yml

The History of the LOLBin

The phrase "Living off the land" was coined by Christopher Campbell (@obscuresec) & Matt Graeber (@mattifestation) at DerbyCon 3.

The term LOLBins came from a Twitter discussion on what to call binaries that can be used by an attacker to perform actions beyond their original purpose. Philip Goh (@MathCasualty) proposed LOLBins. A highly scientific internet poll ensued, and after a general consensus (69%) was reached, the name was made official. Jimmy (@bohops) followed up with LOLScripts. No poll was taken.

Common hashtags for these files are:

  • #LOLBin
  • #LOLBins
  • #LOLScript
  • #LOLScripts
  • #LOLLib
  • #LOLLibs

Our primary maintainer (@oddvarmoe) of this project did a talk at DerbyCon 2018 called: #Lolbins Nothing to LOL about! - https://www.youtube.com/watch?v=NiYTdmZ8GR4 This talk goes over the history of this project.

Maintainers

The following folks help maintain the LOLBAS Project on their personal time:

Thanks

As with many open-source projects, this one is the product of a community and we would like to thank ours:

  • The domain http://lolbins.com has been registered by an unknown individual and redirected it to the old version of this project.
  • The domain http://lolbas-project.com has been registered by Jimmy (@bohops).
  • The logos for the project were created by Adam Nadrowski (@_sup_mane). We #@&!!@#! love them.

Notice

  • Please refer to NOTICE.md for license information

Tests for URI Template implementations


URI Template Tests

This is a set of tests for implementations of RFC6570 - URI Template. It is designed to be reused by any implementation, to improve interoperability and implementation quality.

If your project uses Git for version control, you can make uritemplate-tests into a submodule.

Test Format

Each test file is a JSON document containing an object whose properties are groups of related tests. Alternatively, all tests are available in XML as well, with the XML files being generated by transform-json-tests.xslt which uses json2xml.xslt as a general-purpose JSON-to-XML parsing library.

Each group, in turn, is an object with three children:

  • level - the level of the tests covered, as per the RFC (optional; if absent, assume level 4).
  • variables - an object representing the variables that are available to the tests in the suite
  • testcases - a list of testcases, where each case is a two-member list, the first being the template, the second being the result of expanding the template with the provided variables.

Note that the result string can be a few different things:

  • string - if the second member is a string, the result of expansion is expected to match it, character-for-character.
  • list - if the second member is a list of strings, the result of expansion is expected to match one of them; this allows for templates that can expand into different, equally-acceptable URIs.
  • false - if the second member is boolean false, expansion is expected to fail (i.e., the template was invalid).

For example:

{ "Level 1 Examples" : { "level": 1, "variables": { "var" : "value", "hello" : "Hello World!" }, "testcases" : [ ["{var}", "value"], ["{hello}", "Hello%20World%21"] ] }}

Tests Included

The following test files are included:

  • spec-examples.json - The complete set of example templates from the RFC
  • spec-examples-by-section.json - The examples, section by section
  • extended-tests.json - more complex test cases
  • negative-tests.json - invalid templates

For all these test files, XML versions with the names *.xml can be generated with the transform-json-tests.xslt XSLT stylesheet. The XSLT contains the names of the above test files as a parameter, and can be started with any XML as input (i.e., the XML input is ignored).

License

Copyright 2011-2012 The Authors

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

 http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.