OS Detection

This is an informational notice that by investigating the response headers from the remote host, it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system. No source data...

Scan Aborted After Being Logged Out

This plugin is raised when the scanner has been logged out and has not been able to authenticate back against the web application using the options provided in the scan policy. This may be due to some links accessed by the scanner during the scan that could have invalidated the session used by th...

Oracle Database Attacking Tool: ODAT

ODAT Oracle Database Attacking Tool is an open source penetration testing tool that tests the security of Oracle Databases remotely . Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a...

Semrush: SSLv3 Poodle Attack on Ip Of semrush

Summary: POODLE SSLv3 bug on multiple servers Description: CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka...

Masking Vulnerability Scan reports

Continuing the series of posts about Kenna "Analyzing Vulnerability Scan data", "Connectors and REST API" and similar services. Is it actually safe to send your vulnerability data to some external cloud service for analysis? Leakage of such information can potentially cause great damage to your...

Tenable University: Nessus Certificate of Proficiency

Yesterday I finished "Nessus Certificate of Proficiency" learning plan at Tenable University and passed the final test. Here I would like to share my impressions. First of all, few words about my motivation. I use Nessus literally every day at work. So, it was fun to check my knowledge. I already...

JVN#28865183: Insecure DLL Loading issue in multiple Trend Micro products

Multiple products provided by Trend Micro Incorporated contain an insecure DLL loading issue CWE-427. When invoking the installers of other applications while the concerned products are installed to the PC, the DLL placed in the same directory as the the installers of the other applications may b...

Pymap-Scanner - Python Scanner with GUI

Python-based port scanner with Pyqt4 user interface. Features Basic Gui Speed Scan Custom Services User Control Error Control Useful parameters And More. Installation Modules $ Pyqt4 $ Nmap RequirementsThird +xsltproc Download Pymap-Scanner...

roxysploit - Penetration Testing Suite

roxysploit is a community-supported, open-source and penetration testing suite that supports attacks for numerous scenarios. conducting attacks in the field. Some containing Plugins in roxysploit Scan is a automated Information gathering plugin it gives the user the ability to have a rest while t...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.3 kernel was updated to 4.4.114 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to a...

Cisco ASA - Crash PoC Exploit

Exploit for hardware platform in category dos / poc Cisco ASA CVE-2018-0101 Crash PoC We basically just read: https://www.nccgroup.trust/globalassets/newsroom/uk/events/2018/02/reconbrx2018-robin-hood-vs-cisco-asa.pdf @zerosum0x0, @jennamagius, @alephnaught import requests, sys headers =...

Software Defined Radio Attack Tool: RFCrack

RFCrack is my personal RF test bench, it was developed for testing RF communications between any physical device that communicates over sub Ghz frequencies. IoT devices, Cars, Alarm Systems etc… Testing was done with the Yardstick One on OSX, but RFCrack should work fine in linux. Current support...

Domain Analyzer - Analyze The Security Of Any Domain By Finding All the Information Possible

Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way. How Domain analyzer takes a domain name and finds information about it, such as DNS servers, mail servers, IP...

Master IP CAM 01 Vulnerabilities

Some time ago I analized this ipcam with my friend Dzonerzy: var serialNum="VVVIPCSBC150617Z-06929VjmJH54vkK"; var model="RTIPC"; var hardVersion="5900-gc1004"; var softVersion="V3.3.4.2103-S50-SBC-B20150721E"; var ipcname="WIFICAM"; var startdate="2017-8-5 0:0:2"; var runtimes="0 day, 0:54"; var...

Kenna Security: Analyzing Vulnerability Scan data

I've been following Kenna Security before 2015 Risk I/O for a pretty long time. Mainly, because they do the things I do on a daily basis: analyse various vulnerability scan results and feeds, and prioritize detected vulnerabilities for further mitigation. The only difference is that my scripts an...

CVE-2017-13211

In btascanresultscbimpl of btifblescanner.cc, there is possible resource exhaustion if a large number of repeated BLE scan results are received. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not neede...

Design/Logic Flaw

In btascanresultscbimpl of btifblescanner.cc, there is possible resource exhaustion if a large number of repeated BLE scan results are received. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not neede...

Web Application Spider: BlackWidow

BlackWidow is a python based web application spider to gather subdomains, URL’s, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL’s for common OWASP vulnerabilities. Features: Automatically collect all URL’...

Wapiti 3.0.0 - The Web-Application Vulnerability Scanner

Wapiti allows you to audit the security of your websites or web applications. It performs "black-box" scans it does not study the source code of the web application by crawling the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets the list of...

Qualys Cloud Platform 2.31 New Features

This release of the Qualys Cloud Platform version 2.31 includes updates and new features for AssetView, Cloud Agent, EC2 Connector, Web Application Scanning, Web Application Firewall, and Security Assessment Questionnaire, highlights as follows. AssetView Use custom severities in AV searches and...