You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Apr 26, 2021. It is now read-only.
Up for discussion: right now we ignore private IP addresses during our reporting process. I'm considering adding them anyway - or, at least, interesting private IP addresses, not broadcast addresses etc.
There have been some samples, e.g., metasploit payloads, that connect to local IP addresses and it would also be useful to see if samples are connecting to the gateway (i.e., 192.168.56.1 with default vboxnet0).
As part of this inclusion we should also add a "private": true/false field for each IP address mentioned in the report and by default not display private IP addresses in the web interface.
The text was updated successfully, but these errors were encountered:
I think this would be a useful feature. One of the first payloads I tested was some of the metasploit reverse payloads and the analysis component couldn't make heads or tails of it. It wouldn't be unreasonable to think a piece of malware detects IP space and starts looking for things on its local subnet to scan/attack/whatever. The feature could definitely be toggleable.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Up for discussion: right now we ignore private IP addresses during our reporting process. I'm considering adding them anyway - or, at least, interesting private IP addresses, not broadcast addresses etc.
There have been some samples, e.g., metasploit payloads, that connect to local IP addresses and it would also be useful to see if samples are connecting to the gateway (i.e.,
192.168.56.1
with defaultvboxnet0
).As part of this inclusion we should also add a
"private": true/false
field for each IP address mentioned in the report and by default not display private IP addresses in the web interface.The text was updated successfully, but these errors were encountered: