Lynis 2.6.7 – Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration.Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.Supported operating systemsThe tool has almost no dependencies, therefore it runs on almost all Unix-based systems and versions, including:AIXFreeBSDHP-UXLinuxMac OSNetBSDOpenBSDSolarisand othersIt even runs on systems like the Raspberry Pi and several storage devices!Installation optionalLynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use “./lynis audit system" to start the security scan. It is written in shell script and released as open source software (GPL). How it worksLynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report.StepsDetermine operating systemSearch for available tools and utilitiesCheck for Lynis updateRun tests from enabled pluginsRun security tests per categoryReport status of security scanBesides the data displayed on the screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file.Opportunistic ScanningLynis scanning is opportunistic: it uses what it can find.For example, if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers an SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates so they can be scanned later as well.In-depth security scansBy performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same!Use casesSince Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:Security auditingCompliance testing (e.g. PCI, HIPAA, SOx)Vulnerability detection and scanningSystem hardeningResources used for testingMany other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool.Best practicesCISNISTNSAOpenSCAP dataVendor guides and recommendations (e.g. Debian Gentoo, Red Hat)Lynis PluginsPlugins enable the tool to perform additional tests. They can be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs specific tests only applicable to some standard.ChangelogUpgrade note## Lynis 2.6.7### Changed- BOOT-5104 – Added busybox as a service manager- KRNL-5677 – Limit PAE and no-execute test to AMD64 hardware only- LOGG-2190 – Ignore /dev/zero and /dev/[aio] as deleted files- SSH-7408 – Changed classification of SSH root login with keys- Docker scan uses new format for maintainer value- New URL structure on CISOfy website implemented for Lynis controlsDownload Lynis 2.6.7

Link: http://feedproxy.google.com/~r/PentestTools/~3/cjXe5Qqu-Uw/lynis-267-security-auditing-tool-for.html

JoomScan 0.0.6 – OWASP Joomla Vulnerability Scanner Project

OWASP Joomla! Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations, while leaving a minimal footprint with its lightweight and modular architecture. It not only detects known offensive vulnerabilities, but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited by adversaries to compromise the system. Furthermore, OWASP JoomScan provides a user-friendly interface and compiles the final reports in both text and HTML formats for ease of use and minimization of reporting overheads.OWASP JoomScan is included in Kali Linux distributions.WHY OWASP JOOMSCAN ?Automated …Version enumeratorVulnerability enumerator (based on version)Components enumerator (1209 most popular by default)Components vulnerability enumerator (based on version)(+1030 exploit)Firewall detectorReporting to Text & HTML outputFinding common log filesFinding common backup filesINSTALLgit clone https://github.com/rezasp/joomscan.gitcd joomscanperl joomscan.plJOOMSCAN ARGUMENTSUsage: joomscan.pl [options]–url | -u | The Joomla URL/domain to scan.–enumerate-components | -ec | Try to enumerate components.–cookie <String> | Set cookie.–user-agent | -a <user-agent> | Use the specified User-Agent.–random-agent | -r | Use a random User-Agent.–timeout <time-out> | set timeout.–about | About Author–update | Update to the latest version.–help | -h | This help screen.–version | Output the current version and exit.OWASP JOOMSCAN USAGE EXAMPLESDo default checks…perl joomscan.pl –url www.example.comorperl joomscan.pl -u www.example.com Enumerate installed components…perl joomscan.pl –url www.example.com –enumerate-componentsorperl joomscan.pl -u www.example.com –ecSet cookieperl joomscan.pl –url www.example.com –cookie “test=demo;" Set user-agentperl joomscan.pl –url www.example.com –user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"orperl joomscan.pl -u www.example.com -a "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"Set random user-agentperl joomscan.pl -u www.example.com –random-agentorperl joomscan.pl –url www.example.com -rUpdate Joomscan…perl joomscan.pl –updatePROJECT LEADERSMohammad Reza Espargham [ reza[dot]espargham[at]owasp[dot]org ]Ali Razmjoo [ ali[dot]razmjoo[at]owasp[dot]org ]OWASP JoomScan introduction (Youtube)OWASP JoomScan 0.0.6 [#BHUSA]Updated vulnerability databasesAdded new module: Firewall Detector (supports detection of [CloudFlare, Incapsula, Shieldfy, Mod_Security])Added exploit for com_joomanagerUpdated list of common log pathsA few enhancementsDownload Joomscan

Link: http://feedproxy.google.com/~r/PentestTools/~3/LkQh4-Er0AQ/joomscan-006-owasp-joomla-vulnerability.html

Raccoon – A High Performance Offensive Security Tool For Reconnaissance And Vulnerability Scanning

Offensive Security Tool for Reconnaissance and Information Gathering.FeaturesDNS detailsDNS visual mapping using DNS dumpsterWHOIS informationTLS Data – supported ciphers, TLS versions, certificate details and SANsPort ScanServices and scripts scanURL fuzzing and dir/file detectionSubdomain enumeration – uses Google dorking, DNS dumpster queries, SAN discovery and bruteforceWeb application data retrieval: CMS detectionWeb server info and X-Powered-Byrobots.txt and sitemap extractionCookie inspectionExtracts all fuzzable URLsDiscovers HTML formsRetrieves all Email addressesDetects known WAFsSupports anonymous routing through Tor/ProxiesUses asyncio for improved performanceSaves output to files – separates targets by folders and modules by filesRoadmap and TODOsSupport multiple hosts (read from file)Rate limit evasionOWASP vulnerabilities scan (RFI, RCE, XSS, SQLi etc.)SearchSploit lookup on resultsIP ranges supportCIDR notation supportMore output formatsAboutRaccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity.It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and subdomain enumeration. Every scan outputs to a corresponding file.As most of Raccoon’s scans are independent and do not rely on each other’s results, it utilizes Python’s asyncio to run most scans asynchronously.Raccoon supports Tor/proxy for anonymous routing. It uses default wordlists (for URL fuzzing and subdomain discovery) from the amazing SecLists repository but different lists can be passed as arguments.For more options – see “Usage".InstallationFor the latest stable version:pip install raccoon-scannerOr clone the GitHub repository for the latest features and changes:git clone https://github.com/evyatarmeged/Raccoon.gitcd Raccoonpython raccoon_src/main.pyPrerequisitesRaccoon uses Nmap to scan ports as well as utilizes some other Nmap scripts and features. It is mandatory that you have it installed before running Raccoon.OpenSSL is also used for TLS/SSL scans and should be installed as well.UsageUsage: raccoon [OPTIONS]Options: –version Show the version and exit. -t, –target TEXT Target to scan [required] -d, –dns-records TEXT Comma separated DNS records to query. Defaults to: A,MX,NS,CNAME,SOA,TXT –tor-routing Route HTTP traffic through Tor (uses port 9050). Slows total runtime significantly –proxy-list TEXT Path to proxy list file that would be used for routing HTTP traffic. A proxy from the list will be chosen at random for each request. Slows total runtime –proxy TEXT Proxy address to route HTTP traffic through. Slows total runtime -w, –wordlist TEXT Path to wordlist that would be used for URL fuzzing -T, –threads INTEGER Number of threads to use for URL Fuzzing/Subdomain enumeration. Default: 25 –ignored-response-codes TEXT Comma separated list of HTTP status code to ignore for fuzzing. Defaults to: 302,400,401,402,403,404,503,504 –subdomain-list TEXT Path to subdomain list file that would be used for enumeration -S, –scripts Run Nmap scan with -sC flag -s, –services Run Nmap scan with -sV flag -f, –full-scan Run Nmap scan with both -sV and -sC -p, –port TEXT Use this port range for Nmap scan instead of the default –tls-port INTEGER Use this port for TLS queries. Default: 443 –skip-health-check Do not test for target host availability -fr, –follow-redirects Follow redirects when fuzzing. Default: True –no-url-fuzzing Do not fuzz URLs –no-sub-enum Do not bruteforce subdomains -q, –quiet Do not output to stdout -o, –outdir TEXT Directory destination for scan output –help Show this message and exit.ScreenshotsHTB challenge example scan: Results folder tree after a scan:Download Raccoon

Link: http://feedproxy.google.com/~r/PentestTools/~3/qSSk6PggN6c/raccoon-high-performance-offensive.html

Lynis 2.6.6 – Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration.Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.Supported operating systemsThe tool has almost no dependencies, therefore it runs on almost all Unix-based systems and versions, including:AIXFreeBSDHP-UXLinuxMac OSNetBSDOpenBSDSolarisand othersIt even runs on systems like the Raspberry Pi and several storage devices!Installation optionalLynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use “./lynis audit system" to start the security scan. It is written in shell script and released as open source software (GPL). How it worksLynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report.StepsDetermine operating systemSearch for available tools and utilitiesCheck for Lynis updateRun tests from enabled pluginsRun security tests per categoryReport status of security scanBesides the data displayed on the screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file.Opportunistic ScanningLynis scanning is opportunistic: it uses what it can find.For example, if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers an SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates so they can be scanned later as well.In-depth security scansBy performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same!Use casesSince Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:Security auditingCompliance testing (e.g. PCI, HIPAA, SOx)Vulnerability detection and scanningSystem hardeningResources used for testingMany other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool.Best practicesCISNISTNSAOpenSCAP dataVendor guides and recommendations (e.g. Debian Gentoo, Red Hat)Lynis PluginsPlugins enable the tool to perform additional tests. They can be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs specific tests only applicable to some standard.ChangelogUpgrade note## Lynis 2.6.6### Improvements* New format of changelog (https://keepachangelog.com/en/1.0.0/)* KRNL-5830 – improved log text about running kernel version### Fixed* Under some condition no hostid2 value was reported* Solved ‘extra operand’ issue with tr commandDownload Lynis 2.6.6

Link: http://feedproxy.google.com/~r/PentestTools/~3/Uhut5ppDgZI/lynis-266-security-auditing-tool-for.html

Lynis 2.6.5 – Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration.Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.Supported operating systemsThe tool has almost no dependencies, therefore it runs on almost all Unix-based systems and versions, including:AIXFreeBSDHP-UXLinuxMac OSNetBSDOpenBSDSolarisand othersIt even runs on systems like the Raspberry Pi and several storage devices!Installation optionalLynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use “./lynis audit system" to start the security scan. It is written in shell script and released as open source software (GPL). How it worksLynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report.StepsDetermine operating systemSearch for available tools and utilitiesCheck for Lynis updateRun tests from enabled pluginsRun security tests per categoryReport status of security scanBesides the data displayed on the screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file.Opportunistic ScanningLynis scanning is opportunistic: it uses what it can find.For example, if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers an SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates so they can be scanned later as well.In-depth security scansBy performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same!Use casesSince Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:Security auditingCompliance testing (e.g. PCI, HIPAA, SOx)Vulnerability detection and scanningSystem hardeningResources used for testingMany other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool.Best practicesCISNISTNSAOpenSCAP dataVendor guides and recommendations (e.g. Debian Gentoo, Red Hat)Lynis PluginsPlugins enable the tool to perform additional tests. They can be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs specific tests only applicable to some standard.ChangelogUpgrade noteLynis 2.6.5 (2018-06-26)Tests:——* [MAIL-8804] – Exim configuration test* [NETW-2704] – Use FQDN to test status of a nameserver instead of own IP address* [SSH-7402] – Improved test to allow configurations with a Match blockLynis 2.6.4 (2018-05-02)Changes:——–* Several contributions merged, including grammar improvements* Initial support for Ubuntu 18.04 LTS* Small enhancements for usageTests:——* [AUTH-9308] – Made ‘sulogin’ more generic for systemd rescue shell* [DNS-1600] – Initial work on DNSSEC validation testing* [NETW-2704] – Added support for local resolver 127.0.0.53* [PHP-2379] – Suhosin test disbled* [SSH-7408] – Removed ‘DELAYED’ from OpenSSH Compression setting* [TIME-3160] – Improvements to detect step-tickers file and entriesDownload Lynis 2.6.5

Link: http://feedproxy.google.com/~r/PentestTools/~3/3zL0e-Fj9xA/lynis-265-security-auditing-tool-for.html

Fuxi Scanner – Network Security Vulnerability Scanner

Fuxi Scanner is an open source network security vulnerability scanner, it comes with multiple functions.Vulnerability detection & managementAuthentication TesterIT asset discovery & managementPort scannerSubdomain scannerAcunetix Scanner (Integrate Acunetix API)InstallationDocumentationUsageVulnerability ScannerThe scanner module integrate an open-sourced remote vulnerability testing and PoC development framework – PocsuiteLike Metasploit, it is a development kit for pentesters to develope their own exploits. Based on Pocsuite, you can write the most core code of PoC/Exp without caring about the resulting output etc. There are at least several hundred people writing PoC/Exp based on Pocsuite up to date.You can acquiring PoC scripts from Seebug communityThe target can be IP, network segment or URL.You can manage plugins in the Plugin Manager modules. The plugin must conform to the PoC Coding StyleAsset ManagementIT Asset Registration:Automatic Service Discovery:You can scan the vulnerability by searching and filtering out specific servicesAuthentication TesterThis’s a login cracker that supports many protocols to attack (HTTP Basic Auth, SSH, MySQL, Redis).The target can be IP, network segment or URL.Subdomain ScannerIt helps penetration testers and bug hunters collect and gather subdomains for the domain they are targetingYou can improved wordlist in settings for finding more subdomainsAcunetix ScannerThis module delivers scanning tasks by integrate Acunetix Web Vulnerability Scanner APIYou can scan multiple websites at the same timePort ScannerPort scanner allows you to discover which TCP ports are open on your target host.Port scanning is usually done in the initial phase of a penetration test in order to discover all network entry points into the target systemSettingsLinksHomepage: https://fuxi-scanner.comDownload: .tar or .zipAuthor E-mail: jeffzh3ng@gmail.comAuthor telegram: jeffzhangDownload Fuxi-Scanner

Link: http://feedproxy.google.com/~r/PentestTools/~3/zUX26xie4uc/fuxi-scanner-network-security.html

VOOKI – Web Application Vulnerability Scanner

Vooki is a free web application vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application and find the vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner, and reporting section.Vooki – Web Application Scanner can help you to find the following attacksSql InjectionCommand InjectionHeader InjectionCross site scripting – reflected,Cross site scripting – storedCross site scripting – dom basedMissing security headersMalicious JS script executionUsing components with known vulnerabilitiesJquery VulnerabilitesAngularjs VulnerabilitesBootstrap VulnerabilitiesSensitive Information disclosure in response headersSensitive Information disclosure in error messagesMissing Server Side ValidationJavascript Dyanamic Code ExecutionSensitive Data ExposureHow to use Vooki Web Application ScannerStart Application.Connect the browser proxy to Vooki port.Visit al the pages of your web application.Right click on node appearing on Vooki tool and click on the scan.After scan gets completed click on generate report from the menu bar.Rest API ScannerVooki – Rest API Scanner can help you to find the following attacksSql InjectionCommand InjectionHeader InjectionCross site scripting ( possibilities  )Missing security headersSensitive Information disclosure in response headersSensitive Information disclosure in error messagesMissing Server Side input ValidationUnwanted use of HTTP methodsImproper HTTP ResponseHow to use Vooki Rest ScannerStart Application.Create new Project.Add the new request in created project.Provide proper headers, url and data.Save and run the scan from the menu bar.After scan gets completed click on generate report from the menu bar.Download VOOKI

Link: http://feedproxy.google.com/~r/PentestTools/~3/qpxLUdYSElE/vooki-web-application-vulnerability.html

Prowler – Distributed Network Vulnerability Scanner

Prowler is a Network Vulnerability Scanner implemented on a Raspberry Pi Cluster, first developed during Singapore Infosec Community Hackathon – HackSmith v1.0.CapabilitiesScan a network (a particular subnet or a list of IP addresses) for all IP addresses associated with active network devicesDetermine the type of devices using fingerprintingDetermine if there are any open ports on the deviceAssociate the ports with common servicesTest devices against a dictionary of factory default and common credentialsNotify users of security vulnerabilities through an dashboard. Dashboard tourPlanned CapabilitiesGreater variety of vulnerability assessment capabilities (webapp etc.)Select wordlist based on fingerprintHardwareRaspberry Pi Cluster HAT (with 4 * Pi Zero W)Raspberry Pi 3Networking deviceSoftware StackRaspbian Stretch (Controller Pi)Raspbian Stretch Lite (Worker Pi Zero)Note: For ease of setup, use the images provided by Cluster Hat! InstructionsPython 3 (not tested on Python 2)Python packages see requirements.txtAnsible for managing the cluster as a whole (/playbooks)Key Python Packages:dispy (website) is the star of the show. It allows allows us to create a job queue that will be processed by the worker nodes.python-libnmap is the python wrapper around nmap, an open source network scanner. It allows us to scan for open ports on devices.paramiko is a python wrapper around SSH. We use it to probe SSH on devices to test for common credentials.eel is used for the web dashboard (seperate repository, here)rabbitmq (website) is used to pass the results from the cluster to the eel server that is serving the dashboard page.Ansible PlaybooksFor the playbooks to work, ansible must be installed (sudo pip3 install ansible). Configure the IP addresses of the nodes at /etc/ansible/hosts. WARNING: Your mileage may vary as these were only tested on my setupshutdown.yml and reboot.yml self-explanatoryclone_repos.yml clone prowler and dispy repositories (required!) on the worker nodessetup_node.yml installs all required packages on the worker nodes. Does not clone the repositories!Deploying ProwlerClone the git repository: git clone https://github.com/tlkh/prowler.gitInstall dependencies by running sudo pip3 install -r requirements.txt on the controller PiRun ansible-playbook playbooks/setup_node.yml to install the required packages on worker nodes.Clone the prowler and dispy repositories to the worker nodes using ansible-playbook playbooks/clone_repos.ymlRun clusterhat on on the controller Pi to ensure that all Pi Zeros are powered up.Run python3 cluster.py on the controller Pi to start ProwlerTo edit the range of IP addresses being scanned, edit the following lines in cluster.py:test_range = [] for i in range(0, 1): for j in range(100, 200): test_range.append(“172.22." + str(i) + "." + str(j))Old DemosCluster Scan Demonstration Jupyter NotebookSingle Scan Demonstration Jupyter NotebookTry out the web dashboard hereUseful SnippetsTo run ssh command on multiple devices, install pssh and pssh -h pssh-hosts -l username -A -i "command"To create the cluster (in compute.py): cluster = dispy.JobCluster(compute, nodes=’pi0_ip’, ip_addr=’pi3_ip’)Check connectivity: ansible all -m ping or ping p1.local -c 1 && ping p2.local -c 1 && ping p3.local -c 1 && ping p4.local -c 1Temperature Check: /opt/vc/bin/vcgencmd measure_temp && pssh -h workers -l pi -A -i "/opt/vc/bin/vcgencmd measure_temp" | grep temprpimonitor (how to install):Download Prowler

Link: http://feedproxy.google.com/~r/PentestTools/~3/qOTSZ3YjvmY/prowler-distributed-network.html

Salt-Scanner – Linux Vulnerability Scanner Based On Salt Open And Vulners Audit API

A linux vulnerability scanner based on Vulners Audit API and Salt Open, with Slack notifications and JIRA integration.FeaturesSlack notification and report uploadJIRA integrationOpsGenie integrationRequirementsSalt Open 2016.11.x (salt-master, salt-minion)¹Python 2.7salt (you may need to install gcc, gcc-c++, python dev)slackclientjiraopsgenie-sdkNote: Salt Master and Minion versions should match. Salt-Scanner supports Salt version 2016.11.x. if you are using version 2017.7.x, replace “expr_form" with "tgt_type" in salt-scanner.py.Usage$ ./salt-scanner.py -h ========================================================== Vulnerability scanner based on Vulners API and Salt Open _____ _ _ _____ / ___| | | | / ___| \ `–. __ _| | |_ \ `–. ___ __ _ _ __ _ __ ___ _ __ `–. \/ _` | | __| `–. \/ __/ _` | ‘_ \| ‘_ \ / _ \ ‘__|/\__/ / (_| | | |_ /\__/ / (_| (_| | | | | | | | __/ | \____/ \__,_|_|\__| \____/ \___\__,_|_| |_|_| |_|\___|_| Salt-Scanner 0.1 / by 0x4D31 ==========================================================usage: salt-scanner.py [-h] [-t TARGET_HOSTS] [-tF {glob,list,grain}] [-oN OS_NAME] [-oV OS_VERSION]optional arguments: -h, –help show this help message and exit -t TARGET_HOSTS, –target-hosts TARGET_HOSTS -tF {glob,list,grain}, –target-form {glob,list,grain} -oN OS_NAME, –os-name OS_NAME -oV OS_VERSION, –os-version OS_VERSION$ sudo SLACK_API_TOKEN="EXAMPLETOKEN" ./salt-scanner.py -t "*" ========================================================== Vulnerability scanner based on Vulners API and Salt Open _____ _ _ _____ / ___| | | | / ___| \ `–. __ _| | |_ \ `–. ___ __ _ _ __ _ __ ___ _ __ `–. \/ _` | | __| `–. \/ __/ _` | ‘_ \| ‘_ \ / _ \ ‘__|/\__/ / (_| | | |_ /\__/ / (_| (_| | | | | | | | __/ | \____/ \__,_|_|\__| \____/ \___\__,_|_| |_|_| |_|\___|_| Salt-Scanner 0.1 / by 0x4D31 ==========================================================+ No default OS is configured. Detecting OS…+ Detected Operating Systems: – OS Name: centos, OS Version: 7+ Getting the Installed Packages…+ Started Scanning ‘10.10.10.55’… – Total Packages: 357 – 6 Vulnerable Packages Found – Severity: Low+ Started Scanning ‘10.10.10.56’… – Total Packages: 392 – 6 Vulnerable Packages Found – Severity: Critical+ Finished scanning 2 host (target hosts: ‘*’).2 Hosts are vulnerable!+ Output file created: 20170622-093138_232826a7-983f-499b-ad96-7b8f1a75c1d7.txt+ Full report uploaded to Slack+ JIRA Issue created: VM-16+ OpsGenie alert createdYou can also use Salt Grains such as ec2_tags in target_hosts:$ sudo ./salt-scanner.py –target-hosts "ec2_tags:Role:webapp" –target-form grainSlack AlertDownload Salt-Scanner

Link: http://feedproxy.google.com/~r/PentestTools/~3/Ox5vp0e8ctQ/salt-scanner-linux-vulnerability.html

Acunetix v12 – More Comprehensive, More Accurate and now 2X Faster

In-depth analysis of JavaScript-rich sites and Single Page ApplicationsAcunetix, the pioneer in automated web application security software, has announced the release of version 12. This new version provides support for JavaScript ES7 to better analyse sites which rely heavily on JavaScript such as SPAs. This coupled with a new AcuSensor for Java web applications, sets Acunetix ahead of the curve in its ability to comprehensively and accurately scan all types of websites. With v12 also comes a brand new scanning engine, re-engineered and re-written from the ground up, making Acunetix the fastest scanning engine in the industry.“Acunetix was always in the forefront when it came to accuracy and speed, however now with the re-engineered scanning engine and sensors that support the latest JavaScript and Java technologies, we are seeing websites scanned up to 2x faster without any compromise on accuracy.” announced Nicholas Sciberras, CTO. Support for latest JavaScript Acunetix DeepScan and the Acunetix Login Sequence Recorder have been updated to support  ECMAScript version 6 (ES6) and ECMAScript version 7 (ES7). This allows Acunetix to better analyse JavaScript-rich sites which make use of the latest JavaScript features. The modularity of the new Acunetix architecture also makes it much easier now for the technology to stay ahead of the industry curve.AcuSensor for JavaAcunetix version 12 includes a new AcuSensor for Java web applications. This improves the coverage of the web site and the detection of web vulnerabilities, decreases false positives and provides more information on the vulnerabilities identified. While already supporting PHP and ASP .NET, the introduction of Java support in AcuSensor means that Acunetix coverage for interactive gray box scanning of web applications is now possibly the widest in the industry.Speed and efficiency with Multi-EngineCombining the fastest scanning engine with the ability to scan multiple sites at a time, in a multi-engine environment, allows users to scan thousands of sites in the least time possible. The Acunetix Multi-engine setup is suitable for Enterprise customers who need to scan more than 10 websites or web applications at the same time. This can be achieved by installing one Main Installation and multiple Scanning Engines, all managed from a central console.Pause / Resume FeatureAcunetix Version 12 allows the user to pause a Scan and Resume the scan at a later stage. Acunetix will proceed with the scan from where it had left off. There is no need to save any scan state files or similiar – the information about the paused scan is automatically retained in Acunetix.A trial version can be downloaded hereAbout AcunetixUser-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry leading crawler fully supports HTML5 and JavaScript and AJAX-heavy websites, allowing auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on premise solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritise and control vulnerability threats – ordered by business criticality. Acunetix, the companyFounded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader, and a pioneer in automated web application security technology. Acunetix products and technologies are depended on globally by individual pen-testers and consultants all the way to large organizations. It is the tool of choice for many customers in the Government, Military, Educational, Telecommunications, Banking, Finance, and E-Commerce sectors, including many Fortune 500 companies, such as the Pentagon, Nike, Disney, Adobe and many more. For more information, visit www.acunetix.com.

Link: http://feedproxy.google.com/~r/PentestTools/~3/1J3ZpBqn9fY/acunetix-v12-more-comprehensive-more.html