Mageni – Open Source Vulnerability Scanner based on Laravel

https://repository-images.githubusercontent.com/507325096/0d29952d-6795-48fa-9ec1-eaf4ac6cfab8







Introduction

Mageni eases for you the vulnerability management cycle. We believe cybersecurity must be an enjoyable and uplifting experience to be truly fulfilling in your life. Mageni empowers you to identify, prioritize, and respond to vulnerabilities and misconfigurations before they are exploited by hackers. Mageni takes the discomfort and pain out of cybersecurity by easing simple tasks for vulnerability management, such as:

  • Asset Discovery
  • Prioritize Assets
  • Vulnerability Scanning
  • Vulnerability Assessment
  • Reporting
  • Remediation
  • Vulnerability Prioritization
  • Vulnerability Validation
  • Compliance Testing (PCI DSS, NIST, HIPAA, ISO, NERC, FISMA, NIS)
  • Penetration Testing
  • Security Audits
  • And more …

Mageni is accessible, powerful, and will save you time, money, and resources while reducing the risk of non compliance, financial losses, fines, and security breaches. This is what it currently looks like:

Vulnerability Management Statistics

  • 60% of breach victims were breached due to an unpatched known vulnerability (Ponemom Institute)
  • 62% were unaware that they were vulnerable prior to the data breach (Ponemom Institute)
  • $4.24 million cost per data breach on average; highest in 17-year report history (IBM)

Mission

Mageni’s mission is to make your life more enjoyable and peaceful by providing you with a wonderful vulnerability management platform.

Vision

We envision a world where cybersecurity and vulnerability management is an enjoyable and uplifting experience that is truly fulfilling in your life.

What is the Vulnerability Management Cycle?

The Vulnerability Management Cycle is intended to allow organizations and individuals to identify and assess computer system security weaknesses; prioritize assets; assess, report, and remediate the weaknesses; and verify that they have been eliminated. Mageni automates for you the Vulnerability Management Cycle saving you time, money, and resources, and helps you to comply with security standards like PCI DSS, NIST, and others.

Here you can see the Vulnerability Management Cycle according to Gartner:

Mageni takes the pain out of the vulnerability management cycle by easing those tasks.

Audience

  • PenTester
  • Cybersecurity Professionals
  • SOC Analyst
  • Chief Information Security Officer
  • Security Researchers
  • Auditors
  • Red Team
  • Malware Analyst
  • Business owners
  • System Administrators
  • Developers
  • And anyone concerned about cybersecurity and vulnerabilities

Installation

Linux

  1. Download Multipass
sudo snap install multipass
  1. Launch a multipass instance
multipass launch -c 2 -m 6G -d 20G -n mageni 20.04 && multipass shell mageni
  1. Install Mageni
curl -sL https://www.mageni.net/installation | sudo bash

macOS

  1. If you don’t have it already, install Brew. Then, to install Multipass simply execute:
brew install --cask multipass
  1. Launch a multipass instance
multipass launch -c 2 -m 6G -d 20G -n mageni 20.04 && multipass shell mageni
  1. Install Mageni
curl -sL https://www.mageni.net/installation | sudo bash

Windows

  1. Download the Multipass installer for Windows
Note: You need Windows 10 Pro/Enterprise/Education v 1803 or later, or any Windows 10 with VirtualBox
  1. Ensure your network is private
Make sure your local network is designated as private, otherwise Windows prevents Multipass from starting.
  1. Run the installer
You need to allow the installer to gain Administrator privileges.
  1. Launch a multipass instance
multipass launch -c 2 -m 6G -d 20G -n mageni 20.04
  1. Log into the multipass instance
  1. Install Mageni
curl -sL https://www.mageni.net/installation | sudo bash

Sponsorship

We love working on Mageni and give it to you without expecting anything in return. We find great joy in providing you with the best foundation for your vulnerability management program as we possibly can. However, if you choose to show your appreciation by sponsoring this project, know that we are deeply appreciative.

10% of the proceeds go towards reducing climate change on earth and 90% go to funding the infrastructure and full-time staff working on new features, bug fixes, and improvements.

  • Are you using Mageni for your personal projects and side projects and really enjoying it? The sponsorship tier Enthusiast gives you the chance to give back.
  • Has Mageni reinvigorated your love for cybersecurity? The sponsorship tier Lover gives you the chance to give back.
  • Has Mageni helped you in your career and made your cybersecurity experience more enjoyable? The sponsorship tier Professional gives you the chance to give back.
  • Has Mageni helped your small business (less than 100 employees)? The sponsorship tier Small Business gives you the chance to give back.
  • Has Mageni helped your medium business (less than 500 employees)? The sponsorship tier Medium Business gives you the chance to give back.
  • Has Mageni helped your organization (more than 500 employees)? The sponsorship tier Organization gives you the chance to give back.
  • Has Mageni helped your MSP? The sponsorship tier MSP gives you the chance to give back.

Benefits of Sponsorship

  • Access to the private issues repository
  • Access to the private discusion board
  • Priority support to fix bugs
  • Your feature request will be a top priority
  • You have an active role in preserving the software that you use

CompTIA PenTest+ Certification

Mageni is developed by certified CompTIA PenTest+ Professionals. CompTIA PenTest+ is for cybersecurity professionals tasked with penetration testing and vulnerability management, is compliant with ISO 17024 standards and approved by the US DoD.

Mageni helps to reduce climate change

Mageni is a member of the Stripe Climate and contributes 10% of your sponsorship to reduce climate change.

With your sponsorship you are making this world a better place for both present and future generations.

Contributing

You can also contribute with:

  • Bug reports
  • Features request

For more information, read the contribution guide

Thank you, open source

Mageni uses a lot of open source projects and we thank them with all our hearts. We hope that providing Mageni as an free, open source project will help other people the same way those softwares have helped us and in doing so Mageni is also in strict compliance with the open source licenses. In this repository you will find the Software Bill of Materials (SBOM). This website has the list of all open source software that Mageni uses and their respective copyrights. If you believe that we are missing something, drop us an email to opensource@mageni.net and ASAP we will fix it.

Please note that Mageni does not sells the open source software. This software is, and always will be, free and open source.

License

Mageni is released under the GPLv2 license

Legal

This open source software is provided solely for lawful purposes and use. You must use the software in a manner that complies with all applicable national, federal, state and local laws, statutes, ordinances, regulations, codes and other types of government authority.

Laravel News Links

DIY Schlieren Imaging of Bullets In Slow Motion

https://www.thefirearmblog.com/blog/wp-content/uploads/2022/06/Cover-photo-180×180.png

If you have been reading some of my articles this past year, you must have noticed I have been using a Chronos 1.4 slow-motion camera. I have been looking up different ways to use my slow-motion camera in the context of studying firearms. I have helped to film weapon malfunctions that happen too fast for […]

Read More …

The post DIY Schlieren Imaging of Bullets In Slow Motion appeared first on The Firearm Blog.

The Firearm Blog

Uh-Oh: World Economic Forum Banner Slips, Revealing HYDRA Logo

https://media.babylonbee.com/articles/62bdea0ca552b62bdea0ca552c.jpg

GENEVA — The World Economic Forum experienced a major blunder during a recent symposium when the institution’s banner slipped, revealing the tentacled HYDRA logo. The blooper occurred during a symposium in which a small number of elite intellectuals discussed enslaving and depopulating the earth as a humane method for reducing climate change.

Attendees initially felt shock after seeing the six-tentacled HYDRA logo floating above the heads of Professor Klaus Schwab and his associates. But after seeing Schwab continue to drone on about the imperative to control world governments as a means to achieve the group’s agenda, the attendees realized the unnerving logo made perfect sense.

“I gotta say, that tentacled skull glaring down at me from the HYDRA logo really matches the words coming out of that Shwab fella’s mouth,” said one forum attendee, “Including the time he laughed maniacally about how many young people in the US think communism works.”

At publishing time, witnesses reported seeing Klaus Shwab’s human skin mask slip off to reveal a red skull.


Satan held a press conference today responding to the big loss of Roe v. Wade. He’s doing his best to keep his chin up.

Subscribe to The Babylon Bee on YouTube

Babylon Bee

Database Corruption: An Overview

https://www.percona.com/blog/wp-content/uploads/2022/06/Screenshot-2022-06-27-at-7.01.31-PM-300×166.pngoverview of database corruption

overview of database corruptionThough I am writing this post being a PostgreSQL DBA, this page can be read by anyone because the concept of corruption is the same in every database.

After reading this blog post, one should understand what database corruption is and how it may occur.

Being DBAs, corruption is something we do not want to ever see in our system; however, there are a number of systems where corruption revisits very frequently. Whenever it occurs in big databases, it becomes challenging for us to detect and repair it as we may see no sign of it. In my 15 years of experience as a DBA, I saw corruption as the toughest nut to crack because ostensible reasons for any corruption are not actually predictable. In other words, we may not know the actual cause of the issue; hence, it is quite difficult to get the RCA.

In this series of blogs, I am going to cover various types of corruption and methods to find and fix them.

This blog post will throw some light on the basics of database corruption.

Concept and analogy

To explain it in a simple manner, I will take an example of the Spanish language. There is text in the image below.

Here, the above text is in Spanish. For anyone who does not understand Spanish, is it possible for them to read it? The straightforward answer is “No”. 

Anyone would ask “How may a person without having knowledge of Spanish read it?”. To end the curiosity, the image reads “Goodbye” in English.

The same thing happens with software products as well. All software is programmed to read and write in its own pre-defined format, and it may not be able to do so in any other format that is supported by any other software product. For example, Python code can not be compiled or read, or executed, in C, Java, or Perl.

In the case of databases, it is about the format of data being stored on a disk. When a database product, such as PostgreSQL, MySQL, or MongoDB, writes on a disk, it performs the operation by using some format.

While reading from a disk, the database product expects the same format there; any portion of data on disk that is not in an appropriate format is CORRUPTION.

To summarize this, corruption is nothing but an improper format or a sequence of data.

How does it happen?

As mentioned in the last section, corruption is a result of an unreadable data format. As we know, data is stored in the form of bits on a disk. Now, in the case of integer or numeric, the conversion is simple. But for characters, every machine is designed to convert data in the form of bytes, which is a group of eight bits, in such a way that every byte represents a character. There are 256 different combinations of every byte, from 00000000(0) to 11111111(255).

To read bytes in the form of characters, some formats are designed, such as ASCII, EBCDIC, BCD, and so on. They are also known as encoding schemes. Out of all these schemes, ASCII (American Standard Code for Information Interchange) is more popular. In this format, every byte (all 256 combinations) is assigned a particular character.

Like,

01000001(65) – A

00101100(44) – ,

Below is the link to view all the ASCII codes.

https://www.rapidtables.com/code/text/ascii-table.html

Here, if any byte is stored with an unexpected sequence of bits, the machine will read a different character.

For example,

Let’s say character A(65) is stored as 11000001(193) instead of 01000001(65), which is “Á“(not the English letter A).

Now, in these mentioned encoding schemes, some characters are human-readable and the rest are not. But, another point to note is that all the software products are not built to decipher all the characters. So, in any case, if a byte at any position gets changed, it is possible that the database may not be able to read the character, and hence data. Those unreadable or non-parsable data are deemed as corrupted data.

For example,

In case How are you? is stored as How are you¿, character “¿” is not available in English, hence those character sets that can only parse English may not be able to recognize that character. So, it will not be able to read that text and throws an error by marking it unreadable. Here, only one character is unrecognizable, but the whole text will be marked as corrupted data.

Causes

It is truly mysterious because we may never know the actual reason for any kind of corruption. As I mentioned above, the corruption is attributed to changes of bits/bytes, but it is really difficult to make it certain what process/thread leads to that change. This is why any test case related to corruption is not actually reproducible. The only thing we can do is explore possible causes.

Some of the possible causes are as below.

Hardware issue:

When RAID disks are not designed properly or controllers are faulty, it may not be able to write data correctly on disks.  In non-RAID disks, mechanical devices should work properly because bits are not stored properly due to faulty disks as well.

Corruption may also occur due to heavy I/Os.

Bug in the operating system:

On occasions, due to a buggy kernel or code, OS encodes data wrongly, and it is later written to the disk. On occasions, OS produces corrupted data while it is inefficient to stem I/Os.

Bug in the database product:

In many cases, the product itself sometimes stores wrong data on the disk, or due to inefficient algorithms, it saves data in the wrong format.

Types of corruption

Every database comprises different types of files, such as data files, WAL files, commit logs, and so on. These files contain data for various database objects e.g. tables, indexes, materialized views, WAL records, etc. When these database files go corrupt, some queries retrieve wrong data or return errors, or some operations(e.g. recovery, replay) may not work as expected. As a DBA, one needs to identify what particular objects are affected due to that corruption. For ease of understanding, corruption is categorized into different types; some of them are as below.

Index corruption:

In general, an index keeps a pointer(s) for a particular value(or a value set) in a column. Whenever an index is asked to return pointers (ctid in PostgreSQL, rowid in Oracle), it fetches those pointers and returns them to the requestor.

In the case of corruption, a wrong pointer to any value is saved on the disk due to faulty bits on the disk. Consequently, it returns a wrong record.

Data corruption:

When data/toast pages store faulty data(in terms of format), it may become unrecognizable while reading the same data. Hence, they get errored out by the database.

WAL corruption:

WAL/Redo/Transaction log files store data in a particular format, and while reading them, WAL entries are parsed and applied. In the case of WAL corruption, WAL entries are not parsable, which affects the WAL reply operation.

Page header corruption:

The lowest unit of storage in databases is block/page, which actually stores the actual records. To maintain data integrity, some information is stored in a separate section that is called the page header. Any improper information in a page header is header corruption. This affects the data integrity.

Summary

Corruption results from changes in bits/bytes while storing data on the disk. When a database product (e.g. MySQL, PostgreSQL) does not get the data in an expected format, it is corruption.

The data in the database may get corrupted due to various reasons, such as faulty hardware and buggy OS/kernel/database products. Owing to this, the data is accidentally changed before it is stored on the disk. While it is wrongly stored on a disk, and hence files, it affects various functions of the software product; to easily understand what particular areas are affected, the corruption is classified into various types, such as index corruption, data corruption, and so on.

This is the first post in the series of database corruption blogs; other blogs will be posted soon. Stay tuned!

Percona Database Performance Blog

A Package for Onboarding Users in Laravel Apps

https://laravelnews.imgix.net/images/laravel-onboard.png?ixlib=php-3.3.1

Laravel Onboard is a Laravel package to help track user onboarding steps created by Spatie:

Here’s a quick example taken from the project readme on using this package to create onboarding steps:

1use App\User;

2use Spatie\Onboard\Facades\Onboard;

3 

4// You can add onboarding steps in a `boot()` method within a service provider

5Onboard::addStep('Complete Profile')

6 ->link('/profile')

7 ->cta('Complete')

8 ->completeIf(function (User $user) {

9 return $user->profile->isComplete();

10 });

11 

12Onboard::addStep('Create Your First Post')

13 ->link('/post/create')

14 ->cta('Create Post')

15 ->completeIf(function (User $user) {

16 return $user->posts->count() > 0;

17 });

To get a user’s onboarding status—among other things—the package has a nice API for accessing things like percentage complete, in progress, finished, and details about individual steps:

1/** @var \Spatie\Onboard\OnboardingManager $onboarding **/

2$onboarding = Auth::user()->onboarding();

3 

4$onboarding->inProgress();

5 

6$onboarding->percentageCompleted();

7 

8$onboarding->finished();

9 

10$onboarding->steps()->each(function($step) {

11 $step->title;

12 $step->cta;

13 $step->link;

14 $step->complete();

15 $step->incomplete();

16});

Additionally, this package supports features such as:

  • Conditionally excluding steps with custom logic
  • Defining custom attributes on a step
  • Use middleware to ensure a user completes onboarding before they are allowed to use certain features
  • And more

You can get started with this package by checking it out on GitHub at spatie/laravel-onboard. Their blog post can also give you some examples and further details on how you can use this package.

Laravel News

If “Frasier” Was a Psychological Thriller

https://theawesomer.com/photos/2022/06/frasier_t.jpg

If “Frasier” Was a Psychological Thriller

Link

After a two-decade hiatus, Dr. Frasier Crane is back. But the celebrated psychiatrist and radio host has some anger issues to work through, and he’s not leaving Seattle until he gets his tossed salad and scrambled eggs. Click play and enjoy this very clever edit by MP Misc.

The Awesomer

Getting Started With Unreal Engine

https://static1.makeuseofimages.com/wordpress/wp-content/uploads/2022/06/getting-started-with-unreal-engine.jpg

Unreal Engine has been a staple in the world of game development for more than two decades. Known for stunning graphics, easy development tools, and regular updates, Unreal is a wise choice for any developer.

But how do you get started with making your first game in Unreal?

About Unreal Engine

Unreal Engine is a 3D game development engine by Epic Games, the folks behind Fortnite, that debuted in 1998. The tool then grew to become a full game development suite. It offers programming, animation, and a host of other competitive features. The new version of the engine launched in 2022, improving Unreal Engine’s features while also making it more accessible to developers.

MAKEUSEOF VIDEO OF THE DAY

Is Unreal Engine Good for Beginners?

Unreal Engine 5 comes with a range of features aimed at those starting out in game development. You can develop your first game without any code thanks to Unreal’s Visual Scripting features. And you can rely on the detailed documentation available for the engine to kickstart your learning.

Can You Sell Games Made With Unreal Engine?

You can sell the games you make with Unreal Engine under any of the company’s licensing options. It’s important to read your own Unreal Engine EULA when you download the software. Epic allows sales of games made with Unreal and generally only takes royalties when your revenue is more than $1 million.

Is Unreal Engine Free?

The basic version of Unreal Engine 5 is free to all users, whether you are a business, hobbyist, or student. Epic Games also offers an Enterprise Program with premium support and a Custom License option for users with specific needs. Every Unreal Engine 5 license comes with the same engine features and learning materials.

Downloading the Epic Games Launcher

You can download Unreal Engine through the same Epic Games Launcher app you use to download games. You need to download the launcher from Epic Games and install it before you can start working with the engine.

Installing & Setting Up Unreal Engine

You can start to install Unreal Engine once you have Epic Games Launcher installed. Open the launcher and click Unreal Engine on the left side of the window before clicking the Library tab at the top of the window.

Click Install on the latest engine version in the Engine Versions section. Choose the file path you would like for your Unreal Engine 5 installation and click Install.

It will take some time for the installation to complete, giving you the chance to start learning about Unreal before you use it.​​​​​

How to Make a Game in Unreal Engine for Beginners

Epic Games is kind enough to provide sample games to new developers looking to learn how to make games with Unreal Engine. The Lyra sample game is an excellent place to start. Head to the Samples tab in the Epic Games Launcher, select Lyra Starter Game, and click the Free button. This will open a set of terms for you to accept.

Click Create Project and choose the file path you would like for your starter game, then click Create. Wait for the starter game to download before proceeding to the next step.

Now that you have Lyra downloaded, you can start working in Unreal. Launch Unreal Engine from the Epic Games Launcher and Browse for the Lyra project files you saved before opening the development tools.

Exploring the Unreal Engine UI

Everyone will see the same UI layout in Unreal Engine when it loads for the first time. Unreal Engine 5 simplified and improved the general layout in the software, but you can change it as much as you like to suit your own needs.

As you can see from the screenshot above, the main thing on screen in Unreal Engine is the Visual Editor pane. Here you can see the scene you are working on, along with all the objects and other instances within it. Much like tools such as Blender, you can choose from different editing modes within the visual editor.

There are two separate panes on the right-hand side of the screen: the Outliner and Details sections. The Outliner is a text-based hierarchy of the objects within the current level. This gives you access to invisible objects, parent-child relationships, and more. Beneath this is the Details section, showing the properties of the object you have selected.

Unreal Engine Content Drawer, Output Log, and Cmd

Three crucial tools live at the bottom of the Unreal Engine screen. The Content Drawer is home to all the assets used in your game and the Output Log provides information when you debug your game. The Cmd tool allows you to issue commands to your game.

For now, the Content Drawer is the most important part of the UI to focus on. Click Content Drawer to open the content manager, and you’ll see all the files that make the Lyra sample game. You can search and filter the files to make it easier to find what you are looking for.

As you can see from the Lyra example, taking care with file management is always important when you’re working with the Content Drawer.

Adding to Your Unreal Engine UI

As mentioned, you can customize the Unreal Engine UI to meet your needs. Go to Window at the top of the screen to see the list of extra UI elements that you can use. Hovering over each of the panel types will give you a brief description of what you are looking at.

Programming in Unreal Engine

Getting started with programming in Unreal Engine is similar to getting started with Unity. Both tools offer comprehensive options to give you control over your code while minimizing how much you have to write for yourself.

What Programming Languages Work With Unreal Engine?

Unreal Engine uses C++ as its main programing language, with a compiler designed to work with it. Alongside C++, Unreal developers can use the Blueprint Visual Scripting system to create actions and events without having to use real code.

Coding With C++ in Unreal Engine

You can add new C++ classes to your project at any time by going to File and then clicking New C++ Class. From here, the code you write will be like any other project; you can even use tools like Visual Studio to help with your coding in Unreal Engine. You can use the official Unreal Engine 5 Documentation to get you started.

Blueprint Visual Scripting in Unreal Engine 5

Blueprint Visual Scripting is Unreal Engine 5’s answer to block coding and other visual programming methods. Blueprint is a powerful tool that enables you to build games without a single line of code. Lyra, for example, is a game made entirely with visual scripting.

To see an example of Unreal’s visual scripting, take a look at the GA_Weapon_Fire file found under All > Weapons within the content drawer. This file controls weapon fire in Lyra and looks quite daunting when you first open it, but it isn’t too hard to get to grips with.

This Blueprint file has four different sections. The first of these sections performs a weapon trace when the player first hits the fire button. This checks to see if the player is locally controlled, followed by playing animations and controlling the weapon’s rate of fire. The player cannot fire their weapon if they are dead.

Next, the Blueprint visual script processes the target data for the shot performed by the player. This ensures that hits do damage and add effects to players, while also making sure that shots that are off-target don’t do anything to them.

As you can see from Unreal’s visual scripting, the programming you do with this system has a strong emphasis on relationships. Each of the code blocks you put in place will need to have lines drawn to other blocks, forming a flow that will quickly feel familiar to programmers. It’s still worth reading the Unreal Engine 5 documentation about scripting, even if you have experience with code.

Getting Started with Unreal Engine 5

Unreal Engine 5 is a large piece of software with plenty for you to learn. The time you put into it will always be well worth it, giving you the chance to make your dream games become a reality.

MUO – Feed