Threat Level: green Handler on Duty: Tom Webb

SANS ISC: ISC Feature of the Week: Tools->Information Gathering - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ISC Feature of the Week: Tools->Information Gathering

Overview

One of the sections on the ISC Tools page is Information Gathering at https://isc.sans.edu/tools/#info-gathering. This collection will help you easily find out how your browser and plugins look to the outside and lists some other information lookup tools.

Features

Browser Headers - https://isc.sans.edu/tools/browserinfo.html
How a server sees your browser.

Browser Plugin Detector - https://isc.sans.edu/tools/adobinator.html
This page attempts to detect various browser plugins. The detection code used was created using PluginDetect.

  • Lists plugins detected and various version information for each.

Site Availability Check - https://isc.sans.edu/tools/sitecheck.html
Checks if hostname is reachable.

  • Single input box.
  • Displays failure if unreachable.
  • If reachable, outputs:
    • Page load time
    • Page size in bytes
    • Return status code (ie. 200 success)
    • Final URL

Site DNS Check - https://isc.sans.edu/tools/dnscheck.html
Hostname to IP DNS resolver.

  • Single input box.
  • Output IP if system is able to resolve.

Whereis[IP] - https://isc.sans.edu/tools/whereis.html

  • Multi-line input box. Enter one(1) IP per line.
  • Output table contains:
    • IP ADDRESS queried
    • ASN of IP
    • NETWORK assignment
    • COUNTRY abbreviation
    • ISP name
    • RIR - Name of registry

Content Security Policy Test - https://isc.sans.edu/tools/csptest.html
Created for Firefox 4 but features may be found in other browsers.

  • Lots of details and information on the test outlined and explained on the page

 

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form
--
Adam Swanger, Web Developer (GWEB, GWAPT)
Internet Storm Center https://isc.sans.edu

 

AdamS

86 Posts
Not sure if the plugin needs an update or the configuration needs tweaking, but the browser plugin detector is showing some rather old versions as the latest. For example, it says that the current version of Adobe PDF Reader is 9.4.2.
Pete

1 Posts
@Pete Thanks for pointing that out! Latest versions updated and I set a reminder to keep up with them.
AdamS

86 Posts
A similar remark w.r.t. Flash. Currently https://isc.sans.edu/tools/adobinator.html specifies 11.2 as the latest and 10.1.85.3 as the vulnerable version.

According to http://www.adobe.com/software/flash/about/ currently the latest version is 11.2.202.235. It is important to mention the entire set of numbers, as at the beginning of this month the latest version was 11.2.202.233 (see http://krebsonsecurity.com/2012/05/critical-flash-update-fixes-zero-day-flaw/).

Furthermore you are mixing 10.x.x.x and 11.x.x.x version numbers. According to http://www.adobe.com/support/security/bulletins/apsb12-07.html a version 10.3.183.18 exists (which can be downloaded from http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html); it replaces 10.3.183.16. Note: 10.1.85.3 was released on 2010-09-20 and many later versions were found vulnerable!

Instead of trying to stay up-to-date with the frequent Adobe patches, you could point to the Adobe pages that provide the latest version info.

Note that the following links usually provide you with the latest versions for Windows ("ax" = ActiveX):
http://download.macromedia.com/pub/flashplayer/current/install_flash_player_ax_32bit.exe
http://download.macromedia.com/pub/flashplayer/current/install_flash_player_32bit.exe
http://download.macromedia.com/pub/flashplayer/current/install_flash_player_ax_64bit.exe
http://download.macromedia.com/pub/flashplayer/current/install_flash_player_64bit.exe
(source: http://helpx.adobe.com/flash-player/kb/installation-problems-flash-player-windows.html)
Erik van Straten

122 Posts
Thanks for the feedback on the plugin detector! We decided keeping up with versioning is going to be way time consuming so we trimmed the data down to the output from the detector and links out for info and latest version download page.
AdamS

86 Posts

Sign Up for Free or Log In to start participating in the conversation!