ERPScan SAP security scanner. 
I had a chance to see presentation and live demo of ERPScan – automated SAP scanning solution, and it made quite an impression on me. ERPScan has interesting scanning features. The most spectacular, in my opinion, is ability to run exploits for found vulnerabilities directly from the scanner.
Have you heard about vulners.com? Vulners.com is a new search engine for security content.
Guys from vulners.com collect vendor security bulletins, lists of vulnerabilities found by researchers, content of open vulnerability and exploit databases, posts on hack forums and even detection rules from vulnerability scanners. They investigate dependencies among all this entities and provide fast and efficient searching interface. Moreover, you can even automate searching process with Vulners Search API. All for free!
You can read Russian translation of this post on seclab. I can also recommend a great article “Vulners.com, a Shodan of vulnerability data” by Denis Gorchakov.
Why might you need it? Continue reading
An introduction to Rapid7 Nexpose API. Another nice thing about Nexpose is that this vulnerability scanner has an open API. And even free Nexpose Community Edition supports it.
It’s a really generous gift from Rapid7. That means that you can use Nexpose to scan your environment, easily manage it from your scripts and make any vulnerability assessment and remediation logic you need.
I haven’t found manuals about using Nexpose API to automate basic vulnerability management tasks and decided to write my own. Hope somebody will find it useful. All examples will be in form of curl requests.
Working with Nexpose API is nothing more than sending xml Post-requests to the https://[Nexpose Host]:3780/api/[API Version]/xml and receiving xml responses.
Continue reading
Testing Rapid7 Nexpose CE vulnerability scanner. Today I want to write about another great vulnerability management solution – Nexpose Community Edition by Rapid7. What makes it special? Nexpose CE is a fully functional network vulnerability scanner that can be used for free not only by home users (Nessus Home, for example, has such restrictions), but also by the companies.
However, the company should be quite small. By using Nexpose Community Edition you have a permission to scan only 32 ip addresses. But it could be any kind of host: Linux and Windows, Unix and network equipment. And you can scan it as often as you like, with different profiles and produce wide range of reports.
Altx-Soft ComplianceCheck against cryptolockers and ransomware. ComplianceChecker is a free Compliance Management tool made by Altx-Soft, a security product company from Moscow Region, Russia. Altx-Soft is known abroad mainly as a Top OVAL Contributor, they have been on award-list every quarter since 2012. Their flagman product, RedCheck, is a SCAP-compatible vulnerability and compliance scanner. They also produce family of “Check”-products for controlling and managing Windows operating systems.
ComplianceChecker is a promo product for the potential RedCheck buyers. It similar to RedCheck with the most management features cutted off. It can scan only the localhost.
ComplianceChecker is positioned mainly as an utility for SOHO/Home users and it’s not a secret, that on this market Compliance Management solutions are still an exotic. How could they attract the attention of an ordinary people? Altx-Soft took the hottest security topic of 2014-2015 – cryplockers and ransomware, that nowadays are the real threat for literally all kind of platform and especially Windows desktops. Altx-Soft tried to spread the message, that the best way to protect operating system from this kind of malware is to configure it properly. And it’s hard to disagree. So, they made a tool for the security assessment – ComplianceChecker, and made some other tools configure to operating systems (free for RedCheck users). Continue reading
Testing Secpod Saner Personal vulnerability scanner. SecPod Technologies is an information security products company located in Bangalore, India. They are also known as top OVAL Contributor and NVT vendor for OpenVAS. Besides the products designed for a big enterprises (vulnerability scanner Saner Business and threat intelligence platform Ancor), they have either vulnerability and compliance management solution for personal use – Saner Personal. And personal means that this scanner will scan only localhost. It’s free, SCAP-compatible, it has remediation capabilities. And it works. =)
This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.