goo.gl URL Shortener

I’m a google fan, I admit it fully.  I use lots of their services, I like their stuff and I am at peace with their devling into my personal space.  It’s gonna happen, unless you choose to live your life 100% offline, you are trading personal privacy for access to services.

Their latest creation (which has been around for a while, just not public) is their very own URL shortener called goo.gl.  It does some of the usual things, it tracks metrics and it does one other things I think is really cool.  It creates a QR code for your url.

Here is one I created earlier (ha, sounds like a cooking show).

http://goo.gl/YgTu.qr for the url http://goo.gl/YgTu

Very cool.  I like QR codes.  For those of us with smart phones, a simple scan of the code and you can open the site.

I do wish the service had an easy way to copy the new urls to the clipboard though.

So what else can it do?  Well #1, I want it to tie in with their safe browsing serivce (http://www.google.com/safebrowsing/diagnostic?site=google.com) so that I can’t create a URL to a known bad site.  I’d also like them to regularly scan the urls and disable those that link to malware.  There are lots of URL shorteners and they definately pose a security risk and it’s about time someone took the step of removing bad URL’s.

Thoughts?


Posted in Security, Technology and tagged , , , , , , , , , , by with no comments yet.

Nessus Plugin

I am developing a plugin for Metasploit that will allow you to use your remote Nessus 4.2 server to conduct recon from within the Metasploit console.  It speaks xmlrpc direct to the Nessus server and lets you do things such as import reports directly from Nessus or kick off scans.  More details can be found here : http://blog.zate.org/2010/09/26/nessus-bridge-for-metasploit-intro/

As I develop the plugin more, changes will be merged into the opensource version of Metasploit (not Express or Pro).  So in order to still be able to make many small rapid changes and get them tested by end users, without disrupting the main Metasploit dev team too much I am sticking the plugin and the library up on github.

http://github.com/Zate/Nessus-Bridge-for-Metasploit

Feel free to fork it, hack on it and submit pull requests.  If you want to just test the code, you can always grab the latest from there and stick it in your msf install.  Chances are that the github copy will be always ahead of the main msf dev branch as I’ll be commiting often as I develop.

If you don’t know how github works (I’m not that sure either.. lol) you should google for some docs on it.

I’ve got my setup so that plugins/nessus and lib/nessus/nessus-xmlrpc.rb in my /opt/msf3 directory link over the versions in the github branch I downloaded.  That way I can hack on it remotely and then commit directly very easily.  Not sure if that is how it’s done but thats how I am doing it.

Feel free to submit feature requests and bugs on that site also.


Posted in and tagged , , , , , , , , , , , , , , , , , , , , , by with 1 comment.

Google Wave, so far it’s the answer to a question no one asked.

I want to like it.  I like tons of other Google services.  I’m a Google Fan Boy, but I just dont get Wave.

It reminds me of online multiplayer games.  It sucks to use alone.  I invited some friends, we got on it.. and it’s a chat client?  Well at least thats how we used it, it was a rather kludgy chat client.  Google Chat group chat is better, using communicator at work is better.

I dont see how to email to it, how to connect it to my gmail.

I’m just a bit stumped on what it is good for.  It’s fancy, it’s sexy, but it’s confusing.

Edit:  I found out at least some stuff to do with it.  Type in “with:public” in the search box, ok now stuff starts to make more sense.

I am intrigued by the seemingly total lack of security though.  So is this guy, and he has great points.


Posted in Stuff, Things and tagged , , , , , , , , , by with no comments yet.