Common vulnerability scanning on steroids ☄️

Last update: Jan 8, 2023

Overview

Hogg 🐽

An experimental passive website scanner. Hogg acts as a proxy between you and your DNS server and scans every website you visit for common vulnerabilities.

Installation & Usage

Currently you can only run the daemon. In future, you will be able to use a special CLI or GUI to interact with daemon. The daemon is responsible of sending notifications.

git clone https://github.com/yallxe/hogg
cd hogg
cargo run -p hogg-deamon # requires root on linux & macos

After you run the daemon, you can set you DNS server to localhost:53, so all the DNS requests will be sent to hogg.

Configuration

Checkout your configuration path, which is printed when you start the daemon, or use echo $HOGG_CONFIG_DIR

How does it work?

Your browser or a desktop app resolves a domain name via DNS.
Hogg requests the data from your upstream DNS provider (Cloudflare by default) and sends it back to the app.
Hogg scans the website using Nuclei.

How is it different?

Hogg will help you scan almost every website you visit (not limited to your browser) without causing any disruption to the app's functionality.

Anything besides DNS?

Not yet. Stay tuned for future updates that may include other solutions (like an HTTP proxy).

Limitations

Hogg doesn't yet support DNS over HTTPS, DNS over TLS etc.
Some apps may bypass your system's default DNS resolver. In this case, Hogg will not intercept the app's requests.

Progress

Working DNS proxy and Nuclei scanner
Notifications (OS notifications for now)
Automatic request redirection to DNS Proxy
GUI (a tray icon)
DNS over HTTPS

Credits

Inspired by Trufflehog-Chrome-Extension ❤️

💔 Heartbleed vulnerability exploit written in Rust

Heartbleed 💔 Heartbleed vulnerability exploit written in Rust What is it Heartbleed is a buffer over-read vulnerability in outdated versions of OpenS

4 May 23, 2023

python dependency vulnerability scanner, written in Rust.

🐍 Pyscan A dependency vulnerability scanner for your python projects, straight from the terminal. 🚀 blazingly fast scanner that can be used within l

80 Jun 4, 2023

RustVulnsScan is a powerful system vulnerability scanner written in Rust

RustVulnsScan is a powerful system vulnerability scanner written in Rust. It allows you to perform comprehensive scans of your system to identify potential vulnerabilities and security risks.

2 Jul 2, 2023

Extendable HPC-Framework for CUDA, OpenCL and common CPU

Collenchyma • Collenchyma is an extensible, pluggable, backend-agnostic framework for parallel, high-performance computations on CUDA, OpenCL and comm

460 Oct 31, 2022

A fast and simple command-line tool for common operations over JSON-lines files

rjp: Rapid JSON-lines processor A fast and simple command-line tool for common operations over JSON-lines files, such as: converting to and from text

3 Jul 8, 2022

Common processing blocks used with your Runes.

Common Processing Blocks (API Docs) Processing blocks built by Hammer of the Gods that you can use with your Runes. License This project is licensed u

9 Jul 21, 2022

ctfsak is a tool to speed up common operations needed during CTFs

ctfsak (CTF Swiss Army Knife) This is a tool to help saving time during CTFs, where it's common to have to do a lot of encoding/decoding, encrypting/d

1 Dec 1, 2022

Common Rust Lightning Network types

Common Rust Lightning Network types Warning: while in a good state, this is still considered a preview version! There are some planned changes. This l

5 Nov 8, 2022

A common library and set of test cases for transforming OSM tags to lane specifications

osm2lanes See discussion for context. This repo is currently just for starting this experiment. No license chosen yet. Structure data tests.json—tests

29 Nov 16, 2022

Common data structures and algorithms for competitive programming in Rust

algorithm-rs algorithm-rs is common data structures and algorithms for competitive programming in Rust. Contents TBA How To Contribute Contributions a

16 Dec 21, 2022

Tests a wide variety of N64 features, from common to hardware quirks. Written in Rust. Executes quickly.

n64-systemtest Tests a wide variety of N64 features, from common to hardware quirks. Written in Rust. Executes quickly. n64-systemtest is a test rom t

37 Jan 7, 2023

Hardware Abstraction Layer for AVR microcontrollers and common boards

avr-hal Hardware Abstraction Layer for AVR microcontrollers and common boards (for example Arduino). Based on the avr-device crate. This is a new vers

776 Jan 1, 2023

Rust-clippy - A bunch of lints to catch common mistakes and improve your Rust code

Clippy A collection of lints to catch common mistakes and improve your Rust code. There are over 450 lints included in this crate! Lints are divided i

8.7k Dec 31, 2022

Parity-bridges-common - Collection of Useful Bridge Building Tools 🏗️

Parity Bridges Common This is a collection of components for building bridges. These components include Substrate pallets for syncing headers, passing

223 Jan 4, 2023

Common data structures and algorithms in Rust

Contest Algorithms in Rust A collection of classic data structures and algorithms, emphasizing usability, beauty and clarity over full generality. As

3.3k Dec 27, 2022

Common stop words in a variety of languages

About Stop words are words that don't carry much meaning, and are typically removed as a preprocessing step before text analysis or natural language p

9 Dec 9, 2022

A library to help you sew up your Ethereum project with Rust and just like develop in a common backend

SewUp Secondstate EWasm Utility Program, a library helps you sew up your Ethereum project with Rust and just like development in a common backend. The

48 Dec 18, 2022

Comparing performance of Rust math libraries for common 3D game and graphics tasks

mathbench mathbench is a suite of unit tests and benchmarks comparing the output and performance of a number of different Rust linear algebra librarie

137 Dec 8, 2022

This repo contains crates that are used to create the micro services and keep shared code in a common place.

MyEmma Helper Crates This repo contains crates that can are reused over different services. These crate are used in projects at MyEmma. But these crat

1 Jan 14, 2022

Comments

Rewrite project architecture
New project architecture. Still WIP.

The idea is to create a cargo workspace, composed from next projects:

hogg-daemon, which will be something like a core, which is forever running in the system. It does tasks like DNS Proxy, Daemon API, etc.

hogg-cli, a CLI which will be managing the daemon via daemon API.

hogg-gui, same as hogg-cli, but GUI.

... (?)

The pull request should be pushed into the base branch when the functionality reaches current master branch. For now, this rewrite branch lacks notifications, but I'm thinking of moving notifications out from the daemon.
opened by yallxe 1
Bump tokio from 1.23.0 to 1.23.1
Bumps tokio from 1.23.0 to 1.23.1.

Release notes

Sourced from tokio's releases.

Tokio v1.23.1

This release forward ports changes from 1.18.4.

Fixed

net: fix Windows named pipe server builder to maintain option when toggling pipe mode (#5336).

#5336: tokio-rs/tokio#5336

Commits

1a997ff chore: prepare Tokio v1.23.1 release

a8fe333 Merge branch 'tokio-1.20.x' into tokio-1.23.x

ba81945 chore: prepare Tokio 1.20.3 release

763bdc9 ci: run WASI tasks using latest Rust

9f98535 Merge remote-tracking branch 'origin/tokio-1.18.x' into fix-named-pipes-1.20

9241c3e chore: prepare Tokio v1.18.4 release

699573d net: fix named pipes server configuration builder

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0

Inefficient force-ssl detector

Websites may redirect twice or more, as in an example below

2022-12-26T21:12:41.253 [DEBUG] redirecting 'http://www.facebook.com/' to 'https://www.facebook.com/'
2022-12-26T21:12:41.254 [DEBUG] starting new connection: https://www.facebook.com/     
2022-12-26T21:12:41.256 [TRACE] registering event source with poller: token=Token(419430401), interests=READABLE | WRITABLE
2022-12-26T21:12:41.358 [TRACE] signal: Want
2022-12-26T21:12:41.358 [TRACE] signal found waiting giver, notifying
2022-12-26T21:12:41.358 [TRACE] poll_want: taker wants!
2022-12-26T21:12:41.501 [TRACE] signal: Want
2022-12-26T21:12:41.501 [TRACE] signal: Want
2022-12-26T21:12:41.502 [DEBUG] redirecting 'https://www.facebook.com/' to 'https://www.facebook.com/unsupportedbrowser'
2022-12-26T21:12:41.703 [INFO ] Forced HTTPS redirection detected: www.facebook.com

After first redirect, it was clear website have force-ssl enabled. Handling second redirect wasn't needed.

bug enhancement

opened by yallxe 0

Releases(0.1.1)

0.1.1(Jan 6, 2023)
What's Changed

Daemon GRPC interaction along with CLI app. by @yallxe in https://github.com/yallxe/hogg/pull/5

Full Changelog: https://github.com/yallxe/hogg/compare/0.1.0...0.1.1
Source code(tar.gz)
Source code(zip)
hogg-cli.exe(3.61 MB)
hogg-daemon.exe(5.22 MB)
0.1.0(Dec 28, 2022)

This is a beta pre-release hogg. Use with caution. Note that 0.1.0 include only hogg-daemon.
Source code(tar.gz)
Source code(zip)
hogg-daemon.exe(3.61 MB)

Owner

Yallxe

Software Engineer

GitHub

An example of a common Wi-Fi set up scenario on ESP32 using Rust

UTC IoT fetcher This repo is an example of how to configure a Wi-Fi client on an ESP32-based IoT device using an external device connection to the int

4 Jan 19, 2023

Kepler is a vulnerability database and lookup store and API currently utilising National Vulnerability Database and NPM Advisories as data sources

Kepler — Kepler is a vulnerability database and lookup store and API currently utilising National Vulnerability Database and NPM Advisories as data so

101 Nov 12, 2022

Easy c̵̰͠r̵̛̠ö̴̪s̶̩̒s̵̭̀-t̶̲͝h̶̯̚r̵̺͐e̷̖̽ḁ̴̍d̶̖̔ ȓ̵͙ė̶͎ḟ̴͙e̸̖͛r̶̖͗ë̶̱́ṉ̵̒ĉ̷̥e̷͚̍ s̷̹͌h̷̲̉a̵̭͋r̷̫̊ḭ̵̊n̷̬͂g̵̦̃ f̶̻̊ơ̵̜ṟ̸̈́ R̵̞̋ù̵̺s̷̖̅ţ̸͗!̸̼͋

Rust S̵̓i̸̓n̵̉ I̴n̴f̶e̸r̵n̷a̴l mutability! Howdy, friendly Rust developer! Ever had a value get m̵̯̅ð̶͊v̴̮̾ê̴̼͘d away right under your nose just when

294 Dec 23, 2022