“Neither Rapid7”. It’s from the interview of HD Moore, founder of the Metasploit and ex-CRO of Rapid7, that he recently gave to Paul Asadoorian, ex-Product Strategist Tenable, in the latest episode of “Startup Security Weekly”. It’s a great show, strongly recommend it, as well as “Enterprise Security Weekly” and others. See all subscription options available here.
The most interesting part for me is 00:05:00 till 00:10:00. Talking about the best areas for security startups, HD Moore recommended to take a close look on cloud-based WAFs, like Signal Sciences, Cloudflare. It’s relatively easy to find customers for such projects. However it’s very expansive to build it up and investments are required.
HD Moore doesn’t see lot’s of folks building new content-based security products, such as Tenable, Rapid7, Metasploit. It makes him sad and me either. Instead of regular updates of security content and signatures, new companies rely more on things like machine learning. It’s a good start, but it won’t solve all the problems.
Vulners collection is a zip archive containing all available objects of some type (e.g. CentOS security bulletins or OpenVAS detection plugins) from the Vulners Knowledge Base. Let’s see how to work with this data using powerful Python scripting language. You can read more about Vulners itself at “Vulners – Google for hacker“.
If you need to get all objects for further analysis, you don’t need to make huge amount simmilar Search API requests. You just need to download one file. It’s takes less time and efforts and makes less load on Vulners service. Continue reading →
This post will be about API of F-Secure Radar. API become a crucial feature when you have to scan a range of thousands hosts and you can’t just add it in one Vulnerability Scanning task. As I mentioned earlier in “F-Secure Radar Vulnerability Management solution” Vulnerability Scanning in Radar is for known active IPs only, for ranges – Discovery Scans. Basically, in F-Secure Radar there is always one vulnerability scan for one host. Unusual concept, but it have some advantages. And it’s quite convenient when you work with Radar via API.
So, my plan for this post is to get active IPs from discovery scan report, create vulnerability scans, run them and get reports. All using API.
To use API you need to get API key at “F-Secure Radar -> Settings -> My profile”.
To check that API is working we may send a request:
To get vulnerability report you should open Reporting Tab. As you can see, Radar supports reports for single scan results and summary reports. I don’t actually a big fan of standard vulnerability summary reports, because in practice you will always need to change something in them, and it’s impossible in most cases.
I have filtered only Linux OS scans using filter. You can also filter by friendly name (some id, that you can set manually), host name/ip , time of scanning, responsible person, severity level, scan group or even by scan tags.
This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at email@example.com or contact me any other way.