Warning when using ProFTPD

This is a security alert, if you are running an FTP server that is using ProFTPD and are using the mod_copy setting.

A serious security issue was found in ProFTPD which allows copying of files such as /etc/passwd or wp-config.php even without authentication. This is a serious issue. Some Servers have already been reported as compromised.

This Vulnerability has been assigned the code CVE-2015-3306.

To check if your FTP Server is vulnerable, I have just added a new Security Check module called “ProFTPD mod_copy exploit (CVE-2015-3306)“.

Just perform a Data Update from the Settings Screen and perform a Data update. After the Update you can select that new test in the Security Check Tool. To run the test, you need to enter the IP address of the server you like to check. The port can be left blank and is optional.

If your server is vulnerable you should either remove the line

LoadModule mod_copy.c

in

/etc/proftpd/modules.conf

or completely stop the ProFTPD service on your server. As per today, there is only a quick patch available for ProFTPD which requires to compile ProFTPD on your server. I would not recommend to use FTP anyway. Instead use SSH/SFTP.

Don’t trust the evil!

Good luck!

Marcus


New version 8 of NetworkToolbox available

Finally, Version 8.1.3 of NetworkToolbox has been released by Apple.

Below is a summary of changes to the previous version. This is quite a long list. There are three new tools (27 in total now) and several parts have been completely re-coded. But this time, once I finished implementing one feature, I can’t wait to implement the next on my list. Maybe next time, I will create smaller updates.

Please support my work on this app by writing an app review. This really keeps this app going so you will also benefit.

If you already wrote an app review, you need to update it as otherwise it will get lost as every review only applies to a certain version.

Many thanks!

List of changes:

■ New Network and Port Scan engines

Network and Port Scanning is now blazing fast and even more accurate than before.

Now, hundreds of addresses and ports will be scanned simultaneously as fast as possible but still with the best possible accuracy. Since scanning is now way faster, all scans are repeated automatically a few times.

Scanning is also now random so that Firewalls and Intrusion detection systems will not immediately identify each scan easily.

■ Bookmarks is now Logbook

A new Logbook functionality has been introduced and the formerly available Bookmarks functionality has been integrated in this new Logbook function.
Logbooks can collect the following type of information

  • Schodan and Morpheus Scan results
  • Network Scan results
  • Port Scan results
  • Links
  • Hosts (= former Bookmarks)

Best of all, Network- and Port- scans can now be compared to each other. This way, you can quickly find out what has been changed in your network between two scans.

Logs can of course also be exported or printed.

■ Custom Device Names

You can now (optionally) assign individual names for your devices on your network. This makes it easier than ever to identify each particular device in the various scans.

These names are tied together with the MAC address. Such a maintained device name will be displayed instead of the network name in a different color.
Custom Device Names can be maintained in three different ways

  • In the Network Scan results. Just open the details of an entry and here you can directly enter an individual name
  • You can export a complete list of a network scan to the list of individual names
  • You can maintain the complete list of individual names from inside the settings screen

■ Improved DNS tool

The DNS Tool has been improved in several ways.

It still provides information about a certain domain with its IP Address, Provider, country and location.

Now, this tool also performs a reverse-DNS lookup with more than one record, if available.
Second, it now provides DNS Server information such as MX, NS, SOA and TXT Records.

■ Devices tool improvements

Now, all available interfaces (not just WiFi, Cell) will be displayed with much more detailed information. This way, you can even investigate your virtual VPN devices.

Proxy information now is also included.

Sensors such as Gyroscope, Accelerometer etc. will now be displayed graphically.

■ HTTP browser

The http tool now contains an improved browser. The browser also now records all requests a website initiate (even requests initiated by scripts) so you can easily inspect scriptfiles, images that are being loaded or even the sources of Ad banners.

The password test also has been improved and can now fill out many more types for login forms.

■ New Security Check tool

This is another new tool which required most of the development time. This tool contains several individual security checks for various exploits or issues. So far, it contains only a few checks but there are more to come over time.

The challenge was to implement a tool that I can use to quickly provide certain tests to you, without the necessity to send out a new app update. This is now possible with this new Security Check tool.
The idea was born when I added the Verizon Supercookie test but that was a quite simple test. Now even more sophisticated tests are possible and I can add all those tests via Data updates.

To use the test, you can either select the test inside the tool from the list or, like with most other tools, when working on results of any tool and using the […] button
I will announce new tests in the news section of the app but not on my website as this is too closely related to this app.

■ New Web-Service Tool

This new Tool allows to explore or debug SOAP and REST Web-Services. All API parameters such as URL Parameters, Header information and Request Body can easily be maintained and even stored under an individual name. The API requests can be executed via a HTTP-GET, -PUT or -POST methods.
JSON and XML results are being displayed in a hierarchical tree browser.

There are a few predefined Web-Service samples included such as the Google Geo API.

■ New Mail Server Tool

This tool checks for POP3, IMAP and SMTP mail services and provides useful information either for your Mail-Client settings and possible improvements for the Mail-Server settings.

■ Resources section has been completely re-coded

The resources section of the app contains a lot of information but wasn’t easy to find and use. It now has a similar user interface like the main app screen. It now also allows me to add more information via Data updates.

■ Various other changes and bug fixes

  • Several design changes throughout the whole app
  • The MAC address bug has been fixed which showed a wrong last byte of the MAC
  • The local IP address has not always been displayed correctly (e.g. was shown as “error”)
  • The MAC address is now displayed in the Network Scan report and no longer only in the details screen
  • IP Calculator improvements
  • Improvements for iPhone 6 and 6+
  • 64-Bit support
  • iOS 8.3 support

Please don’t forget to check for a data-update after the installation.

Please let me know should you find a bug or if you have additional ideas or requests.

Kind regards,

Marcus


WiFi scanning

I received quite a few questions regarding the possibility to add WiFi scanning to NetworkToolbox that displays the SSID (WiFi name) and RSSI (signal strength) of WiFi networks around you.

Unfortunately (or I would call it fortunately) Apple removed the possibility for developers to access the WiFi network device from inside an app (at least for non-Apple apps).

For this reason, there is no app available on the AppStore that can do these kind of things. There used to be a few apps in the past which were able to provide this on a very limited basis but they don’t run anymore on iOS 8 and can’t be updated by the developer as it would then not pass the App Store review process. Such apps have been submitted to Apple by the time when it was still possible to access the network device.

However, what a “regular” developer can’t do seem to be possible by apps developed by Apple.

See how you can still scan WiFi networks

There is still a way to scan your WiFi network although it’s a bit tricky to enable it.

The solution is, to use Apples AirPort Utility app and to enable a hidden feature for it. This works, even if you don’t have an Apple WiFi router.

Here is, how to enable WiFi Scanning:

  1. Install the Apple AirPort Utility app from the App Store
  2. Start the app one time and then close it
  3. Go to Settings (of your iPhone/iPad) on the main screen, scroll down until you see the AirPort app and select it
  4. Enable “Wi-Fi-Sanning”
  5. Start the AirPort Utility app again
  6. Tap on “Wi-Fi Scan”
  7. Tap on “Scan”

WiFi-scan

After a while, you can see all WiFi networks around you even with Channel information, BSSID (Mac address of the device) and RSSI (signal strength). If you tap on an entry you can even see the more information like the signal strength history.

I think that’s a not-too-bad workaround.

Stay tuned!

Best regards,

Marcus