Monthly Archives: February 2016

Have you heard about vulners.com?

Vulners.com is a new search engine for security content.

Vulners.com searching engine

Guys from vulners.com collect vendor security bulletins, lists of vulnerabilities found by researchers,  content of open vulnerability and exploit databases, posts on hack forums and even detection rules from vulnerability scanners. They investigate dependencies among all this entities and provide fast and efficient searching interface. Moreover, you can even automate searching process with Vulners Search API. All for free!

Vulners.com 'Heartbleed' search results

You can read Russian translation of this post on seclab. I can also recommend a great article “Vulners.com, a Shodan of vulnerability data” by Denis Gorchakov.

Why might you need it? Continue reading

An introduction to Rapid7 Nexpose API

Another nice thing about Nexpose is that this vulnerability scanner has an open API. And even free Nexpose Community Edition supports it.

Rapid7 Nexpose API

It’s a really generous gift from Rapid7. That means that you can use Nexpose to scan your environment, easily manage it from your scripts and make any vulnerability assessment and remediation logic you need.

I haven’t found manuals about using Nexpose API to automate basic vulnerability management tasks and decided to write my own. Hope somebody will find it useful. All examples will be in form of curl requests.

Working with Nexpose API is nothing more than sending xml Post-requests to the https://[Nexpose Host]:3780/api/[API Version]/xml and receiving xml responses.
Continue reading