In the aftermath of the Debian SSH Keys issue, at least there’s a lighter side…

There’s some good analysis, predictable PRNG toys and more funny pictures from HD Moore.

This auxiliary module for Metasploit does a simple HTTP GET or POST and returns the result, be it a file and error – whatever!

Get it here: Metasploit Simple HTTP

Rename the file to .rb and install in the aux directory of your Metasploit installation.

If you need a PUT example, Carnal0wnage has a good module on his blog.

Paros is a great little tool, however it can leave traces of its use due to an altered User-Agent header. (Adding Paros/x.x.x at the end of the UA, where x is the version). This can lead to problems some of which, including this fix, are detailed at Security Ripcord and Armor.

To remove this download the source and edit line 80 of Constant.java from

public static final String USER_AGENT = PROGRAM_NAME + "/" + PROGRAM_VERSION;

to

public static final String USER_AGENT = "";

and recompile.

This should remove the obvious traces!