Project

General

Profile

Actions

Feature #6885

open

references: new "wayback" reference and update others

Added by Brandon Murphy 9 months ago. Updated 7 months ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

I know this isn't the most interesting "issue" to solve, but is one that comes up from time to time.

As an ever increasing amount of URL references are lost, the internet archive's "wayback machine" provides a valuable resource to access to old references.

I'd like to propose that a new reference be introduced called "wayback"

config reference: wayback      https://web.archive.org/web/*/

This will allow an existing url references to be replaced with wayback, while keeping the reference value the same. It would be the intention to only use this reference when a copy of the reference URL is available via the wayback machine's archive.


Additionally the current reference.config file has many non-functioning websites as well.

The current config is as follows (with notes added under each line)

# config reference: system URL

config reference: bugtraq   http://www.securityfocus.com/bid/
    - domain doesn't resolve
config reference: bid        http://www.securityfocus.com/bid/
    - domain doesn't resolve
config reference: cve       http://cve.mitre.org/cgi-bin/cvename.cgi?name=
#config reference: cve       http://cvedetails.com/cve/
config reference: secunia   http://www.secunia.com/advisories/
    - redirects to non-useful page

#whitehats is unfortunately gone
config reference: arachNIDS http://www.whitehats.com/info/IDS
    - domain parked

config reference: McAfee    http://vil.nai.com/vil/content/v_
    - domain doesn't resolve
config reference: nessus    http://cgi.nessus.org/plugins/dump.php3?id=
    - 404s - might just need updated to https://www.tenable.com/plugins/nessus/
config reference: url       http://
config reference: et        http://doc.emergingthreats.net/
    - redirects to non-useful page
config reference: etpro     http://doc.emergingthreatspro.com/
    - redirects to non-useful page
config reference: telus     http://
config reference: osvdb     http://osvdb.org/show/osvdb/
    - domain doesn't resolve
config reference: threatexpert http://www.threatexpert.com/report.aspx?md5=
    - domain doesn't resolve
config reference: md5        http://www.threatexpert.com/report.aspx?md5=
    - domain doesn't resolve
config reference: exploitdb http://www.exploit-db.com/exploits/
    - WORKS!
config reference: openpacket https://www.openpacket.org/capture/grab/
    - Doesn't return a webpage 
config reference: securitytracker http://securitytracker.com/id?
    - Looks to be not functioning (sometime in 2022?) 
config reference: secunia   http://secunia.com/advisories/
    - Redirects to a non-useful page
config reference: xforce    http://xforce.iss.net/xforce/xfdb/
    - domain doesn't resolve
config reference: msft      http://technet.microsoft.com/security/bulletin/

I'd like to propose that some of these be replaced with references to the Internet Archives copy.
Using bid and bugtraq as an example, these could be updated as follows:

config reference: bugtraq   https://web.archive.org/web/*/http://www.securityfocus.com/bid/
config reference: bid        https://web.archive.org/web/*/http://www.securityfocus.com/bid/

I've actually had great luck with using the wayback machine for securityfocus.com.

Actions #1

Updated by Jeff Lucovsky 7 months ago

A sampling of ET open shows these reference uses (note that many are no longer available):

$  awk -F";" '{for(i=1;i<=NF;i++) if($i ~ /reference:/) print $i}' ~/suricata.rules|cut -d ',' -f1|sort -b|uniq -c
    178  reference:arachnids
     69  reference:bid
      5   reference:bugtraq
   2197  reference:bugtraq
   8890  reference:cve
      3  reference:mcafee
  28821  reference:md5
    184  reference:nessus
    469  reference:secunia
      4   reference:url
  42286  reference:url

Actions

Also available in: Atom PDF