goo.gl URL Shortener

I’m a google fan, I admit it fully.  I use lots of their services, I like their stuff and I am at peace with their devling into my personal space.  It’s gonna happen, unless you choose to live your life 100% offline, you are trading personal privacy for access to services.

Their latest creation (which has been around for a while, just not public) is their very own URL shortener called goo.gl.  It does some of the usual things, it tracks metrics and it does one other things I think is really cool.  It creates a QR code for your url.

Here is one I created earlier (ha, sounds like a cooking show).

http://goo.gl/YgTu.qr for the url http://goo.gl/YgTu

Very cool.  I like QR codes.  For those of us with smart phones, a simple scan of the code and you can open the site.

I do wish the service had an easy way to copy the new urls to the clipboard though.

So what else can it do?  Well #1, I want it to tie in with their safe browsing serivce (http://www.google.com/safebrowsing/diagnostic?site=google.com) so that I can’t create a URL to a known bad site.  I’d also like them to regularly scan the urls and disable those that link to malware.  There are lots of URL shorteners and they definately pose a security risk and it’s about time someone took the step of removing bad URL’s.

Thoughts?


Posted in Security, Technology and tagged , , , , , , , , , , by with no comments yet.

Nessus Plugin

I am developing a plugin for Metasploit that will allow you to use your remote Nessus 4.2 server to conduct recon from within the Metasploit console.  It speaks xmlrpc direct to the Nessus server and lets you do things such as import reports directly from Nessus or kick off scans.  More details can be found here : http://blog.zate.org/2010/09/26/nessus-bridge-for-metasploit-intro/

As I develop the plugin more, changes will be merged into the opensource version of Metasploit (not Express or Pro).  So in order to still be able to make many small rapid changes and get them tested by end users, without disrupting the main Metasploit dev team too much I am sticking the plugin and the library up on github.

http://github.com/Zate/Nessus-Bridge-for-Metasploit

Feel free to fork it, hack on it and submit pull requests.  If you want to just test the code, you can always grab the latest from there and stick it in your msf install.  Chances are that the github copy will be always ahead of the main msf dev branch as I’ll be commiting often as I develop.

If you don’t know how github works (I’m not that sure either.. lol) you should google for some docs on it.

I’ve got my setup so that plugins/nessus and lib/nessus/nessus-xmlrpc.rb in my /opt/msf3 directory link over the versions in the github branch I downloaded.  That way I can hack on it remotely and then commit directly very easily.  Not sure if that is how it’s done but thats how I am doing it.

Feel free to submit feature requests and bugs on that site also.


Posted in and tagged , , , , , , , , , , , , , , , , , , , , , by with 1 comment.