On 12/22/11 12:35 PM, Jacob Appelbaum wrote: > I really appreciate that you're not working for people who wish to do > the Tor network harm. Please do consider the concerns of people in this > thread and weight your actions against those people. They too are trying > to help the network, the project, and the users.
Yes, i agree, we can find a common point. We just all need to move in the same direction, with conflicts and constructive criticism, but in the same direction. > Hopefully we'll all meet at CCC for a mate to discuss this in person! Let's try to sketch down on a etterpad or trac ticket an idea on how to implement something like this in order to: - evaluating and pushing hardening of system/network security of Tor nodes - avoid/mitigate alerts and risks for Tor Operators That way we can try to match the needs perceived by all different parties, balancing the risk/return of the initiative. I'm gonna dump in this email a set of useful links collected during browsing to do that. We are probably not interested in Nessus & Metasploit AutoPwn, but it's important to know that anyone can just aggregate everything into a chain of automatic portscanning + vulnerability scanning + vulnerability exploiting. Python NMAP (A python library which helps in using nmap port scanner): http://code.google.com/p/python-nmap/ Python NMAP XML Parsing Scripts (nmap xml to sqlite): https://github.com/d1b/python-nmap-xml-output-parser Plugin Spotlight: Import Nmap XML Results Into Nessus http://blog.tenablesecurity.com/2009/08/plugin-spotlight-import-nmap-xml-results-into-nessus.html MetaSploit AutoPwn Integration with Nessus: http://www.defenceindepth.net/2009/11/metasploit-autopwn-hacking-made-simple.html Tor NetworkScanner/ExitAuthority: https://gitweb.torproject.org/torflow.git/tree/HEAD:/NetworkScanners/ExitAuthority Scripts to extract exit-node, relays and their listening port: https://gitweb.torproject.org/tor.git/tree/HEAD:/contrib -naif _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk