AddnEdit Cookies: This add-on allows you to easily add, delete and edit cookies in your browser.  (http://addneditcookies.mozdev.org/) Unfortunately, the latest version does not support the newer Firefox 3, until the maintainer updates the package, I’ve edited the latest XPI to work with the latest versions of Firefox. A copy of it can be found here.

DT Whois – Allows quick domaintools.com lookups for the page you are looking at (http://www.beysim.net/dtwhois/)

Firebug – Allows you to read, debug and locally tweak HTML, Javascript and CSS right in Firefox (http://getfirebug.com/)

HackBar – The toolbar that tries to do it all! (http://devels-playground.blogspot.com/)

Leet Key – an add on that makes it trivial to convert text in various formats back and forth.  For example, URL Encode, Base64, Hex and even morse code. |\|347! (http://leetkey.mozdev.org/)

Live HTTP Headers – Allows you to watch, edit and replay HTTP requests (http://livehttpheaders.mozdev.org/)

SQL Inject Me, XSS Me, Access Me - Those are 3 separate add-ons from Seccom Labs that try to make it easy to test Sql Injection, XSS vulnerabilities and Access vulnerabilities. (http://labs.securitycompass.com/index.php/exploit-me/)

SwitchProxy Tool – If you find yourself switching from no proxy, to burp proxy to paros proxy, etc a lot then you will enjoy switch proxy. It will allow you to switch proxy settings with just a few clicks! (http://mozmonkey.com/switchproxy/)

Tamper Data – It will allow you to selectively intercept HTTP and HTTPS traffic and tamper with the requests via it’s nice user interface. It will let you tamper with http headers, post and get requests. (http://tamperdata.mozdev.org/)

Torbutton – If you need to hide behind Tor, it can be only a click away with Torbutton (https://www.torproject.org/torbutton/)

User Agent Switcher - Need to change your user-agent string in a jiffy? Want to look like a robot? User Agent Switcher is here for that! (http://chrispederick.com/work/user-agent-switcher/)

exploit-db Search – Lets you search the exploit-db database right in the firefox search box (https://addons.mozilla.org/en-US/firefox/addon/50241)

SecurityWire Search – Lets you search the top security sites on the web right in the Firefox search box. All sites in the index have been handpicked by the SecurityWire Team. (https://addons.mozilla.org/en-US/firefox/addon/58686)

For a listing and easy installation of all these  on the mozilla ad-ons site. simply follow this link: https://addons.mozilla.org/en-US/firefox/collection/pentesterstools

Hope you enjoy the add-ons, next post will be about general security add-ons for Firefox.

First you will need to install yum-security like this (as root or with sudo):

yum install yum-security

You can learn some more about yum-security here: http://magazine.redhat.com/2008/01/16/tips-and-tricks-yum-security/

Second, with your favorite text editor, you will want to create a script in /etc/cron.daily (to run the job daily) named “yum-update-security” with this content:


#!/bin/bash
yum update --security -y -d0 -q


Finally, once the script has been created make sure to give it execute permissions by running:

chmod +x /etc/cron.daily/yum-update-security

Then its a good idea to give it a spin by running it manually. ie:


/etc/cron.daily/yum-update-security


If the run is successful, the script should not output any text and  return to the command prompt after waiting a few seconds (or minutes if you are actually out of date on updates).

A copy of the script can be downloaded from http://www.securitywire.com/nse/iscsi-enum-targets.nse

To use the script, it needs to be copied to your NMAP scripts folder (that would be /usr/share/nmap/scripts/ on many installations). After copying the script to the proper location, you need to run “nmap –script-updatedb” for NMAP to reload it’s script table and be aware of the new script.

Here is an example output of the script:

$ nmap -sC localhost -p 3260

Starting Nmap 5.00 ( http://nmap.org ) at 2009-10-10 09:29 EDT
Interesting ports on localhost (127.0.0.1):
PORT     STATE SERVICE
3260/tcp open  iscsi
|  iscsi-enum-targets: iSCSI Targets found
|  TargetName=iqn.2009-10.com.securitywire:storage.lun2
|  TargetAddress=127.0.0.1:3260,1
|  TargetName=iqn.2009-10.com.securitywire:storage.lun1
|_ TargetAddress=127.0.0.1:3260,1

Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds

I only have limited resources to test the script, I would be interested to hear how it works out across a wide variety of iSCSI targets.