Category Archives: Vulnerability Database

OpenVAS plugins in Vulners.com

3 Replies

Great news! Vulners.com vulnerability search engine now supports OpenVAS detection plugins.

OpenVAS plugins Vulners

Why OpenVAS is important?

OpenVAS is the most advanced open source vulnerability scanner and is the base for many Vulnerability Management products.

Key vendors that produce OpenVAS-based products are Greenbone and Acunetix. There are some local vendors, such as Scaner VS by Russian company NPO Echelon.

“Vanilla” OpenVAS is also widely used when there is no budget for a commercial solution or it’s necessary to solve some specific problems, including developing own plugins for vulnerability detection. OpenVAS is integrated with wide range of information security systems, for example it is a default VM solution for AlienVault SIEM.

OpenVAS is well suited for education purposes as it is well documented and uses only open source code. For OpenVAS it’s always clear how the it works.

Continue reading

New Vulners.com services for Linux Security Audit and Vulnerability Alerting

9 Replies

Upd. This post is out of date! Check out “Vulners Linux Audit API for Host Vulnerability Detection: Manual Auditing, Python Scripting and Licensing” from 2021.

A few weeks ago I was describing how to perform Linux Vulnerability Assessment without a Vulnerability Scanner. I also wrote in “Vulnerability scanners: a view from the vendor and end user side” that vulnerability scanning is not rocket science and it is easy to make your own scanner for vulnerabilities for a particular OS. Especially it is a popular Linux Distribution.

But. It’s one thing to write that you can do it, and another thing to develop a script for home use, and quite another thing to make a publicly available and efficient service…

Vulners Team guys have actually created such free Linux Vulnerability Audit service!

Linux Vulnerability Audit Service

First of all, they made a GUI where you can specify OS version (usually it is in the /etc/os-release file), list of packages installed on the host and get the list of vulnerabilities.

For example, here are the vulnerabilities for my Ubuntu Laptop, which I update frequently:

Ubuntu Vulners Linux Audit Input

One vulnerability was found:

Ubuntu Vulners Linux Audit Results

But GUI is good for demonstration. In real life, you can use Vulners Audit API. It will return list of vulnerabilities in JSON.

Continue reading

Vulnerability Assessment without Vulnerability Scanner

12 Replies

This will be a practical confirmation of my thesis from “Vulnerability scanners: a view from the vendor and end user side“: the scanner for one operating system is easy to make. I also want to demonstrate that data collection and data analysis for Vulnerability Assessment may be successfully performed separately. There is no need to take the data directly from the vulnerable hosts, when it is already stored somewhere else, for example in IT monitoring systems.

Assessment without vulnerability scanner

The opacity of data collection and the need to have a privileged account on the remote host, traditionally causes conflicts between IS and IT departments and complicates implementation of VM process.

So, to detect vulnerabilities on our Linux host we need to know what version of the packages contain vulnerabilities, which versions of packages are installed on our hosts, and learn how to compare versions.

How do I know which versions of packages are vulnerable?

Vulnerable versions of packages are listed in official security bulletins:
RHEL – https://access.redhat.com/errata/RHSA-2016:0304
CentOS – https://lists.centos.org/pipermail/centos-announce/2015-April/021064.html
Debian – http://www.debian.org/security/2015/dsa-3197
Ubuntu – http://www.ubuntu.com/usn/usn-2537-1/

CESA bulletin example

Of course, you will need to parse them first. Or you can just download the same content already parsed and presented in JSON format with Vulners.
download CESA bulletins from Vulners
Continue reading

Vulners – Google for hacker. How the best vulnerability search engine works and how to use it

11 Replies

Original article was published in Xakep Magazine #06/2016 (in Russian)

vulners.com logo

The common task. Уou need to find all information about some vulnerability: how critical the bug is, whether there is a public exploit, which vendors already released patches, which vulnerability scanner can detect this bug in the system. Previously, you had to search it all manually in dozens of sources (CVEDetails, SecurityFocus, Rapid7 DB, Exploit-DB, CVEs from MITRE / NIST, vendor newsletters, etc.) and analyze the collected data. Today, this routine can be (and should be!) automated with specialized services. One of these services – Vulners.com, the coolest search engine for bugs. And what is the most important – it’s free and has an open API. Let’s see how it can be useful for us.

What is it?

Vulners is a very large constantly updating database of Information Security content. This site lets you search for vulnerabilities, exploits, patches, bug bounty programs the same way a web search engine lets you search for websites. Vulners aggregates and presents in convenient form seven major types of data:

  • Popular vulnerability databases, containing general descriptions of vulnerabilities and links. For example, well-known NVD CVEs of MITRE US agency and NIST Institute. In addition to this, Vulners supports vulnerability descriptions from various research centers and response teams: Vulnerability Lab, XSSed, CERT, ICS, Zero Day Initiative, Positive Technologies, ERPScan.
  • Vendor’s security bulletins. This bug-reports are published by software vendors and contain information about vulnerabilities in their own products. At current moment Vulners supports various Linux distributions (Red Hat, CentOS, Oracle Linux, Arch Linux, Debian, Ubuntu, SUSE), FreeBSD, network devices (F5 Networks, Cisco, Huawei, Palo Alto Networks), popular and critical software (OpenSSL, Samba, nginx, Mozilla, Opera), including CMS (WordPress, Drupal).
  • Exploits from Exploit-DB, Metasploit and 0day.today. Exploits are parsed and stored in full-text form and you can read the sources in a convenient text editor.
  • Nessus plugins for vulnerability detection. It makes easy to find out whether a particular vulnerability can be detected using this popular network scanner. Why is it important? Read in my article “When a free scanning service detects vulnerabilities better“.
  • Bug disclousers for bug bounty programs. At current moment Vulners supports HackerOne and Open Bug Bounty.
  • Potential vulnerabilities of mobile applications and CMS. It is possible in cooperation with the static application security testing (SAST) vendors Hackapp and InfoWatch APPERCUT.
  • Posts from hacking resources. Vulners collects Threatpost and rdot.org publications, which often cover vulnerability related topics.

All this information is handled, cataloged, structured and is always available for the search.

Continue reading

PCI DSS 3.2 and Vulnerability Intelligence

2 Replies

Establish a process to identify security vulnerabilities, using reputable outside sources for security vulnerability information… It’s one of the requirements of PCI DSS v3.2 (The Payment Card Industry Data Security Standard). It’s not about regular scans, as you could think. It is actually about monitoring web-sites and mailing lists where information about vulnerabilities is published. It’s very similar to what Vulnerability Intelligence systems have to do, isn’t it? A great opportunity for me to speculate about this class of products and deal with related PCI requirement. In this post I will mention following solutions: Flexera VIM, Rapid7 Nexpose NOW, Vulners.com and Qualys ThreatPROTECT.

PCI DSS 3.2 and Vulnerability Intelligence

Term “Vulnerability Intelligence” is almost exclusively used by only one security company – Secunia, or how it is called now Flexera Software. But I like this term more than “Threat Intelligence”, a term that many VM vendor use, but historically it is more about traffic and network attacks. Let’s see how Vulnerability Intelligence solutions was developed, and how they can be used (including requirements of PCI Compliance).

Continue reading

Vulners.com search API

4 Replies

Upd. Vulners released updated Vulners API. What is written below is still working. But now it’s all this can be done much easier.

The greatest thing is “references=true”. It makes possible to get all the referenced objects (exploits, detection plugins, etc.) and bulletin description in ONE search request.

So, for example bellow this query will be enough: https://vulners.com/api/v3/search/lucene/?query=cvss.score:10%20type:centos%20order:published&references=true

Life is getting better! 😉

In a previous post I made a brief review of Vulners.com security content database and search engine. Today let’s see how to automate searching of vulnerabilities, exploits, patches, bugbounty results, etc, with vulners.com search API.

Vulners Search API

It is really easy. We just need to send POST-request to https://vulners.com/api/v1/luceneSearch/ with JSON structure containing search query, size of results you want to get (10000 is maximum), and number of search result entities you would like to skip (optional). Huge size parameter limit makes possible, for example, getting all 2267 CentOS security bulletins with only one request. At the moment, no authorization is required to make requests and no limits for API use exist. Of course, the service is in active development phase and this functionality may be changed soon.

So, let’s get latest CentOS bulletin with most critical vulnerability:

curl -H "Content-Type: application/json" -X POST -d '{"query":"cvss.score:10 type:centos order:published", "size":1}' https://vulners.com/api/v1/luceneSearch/ | python -m json.tool
Continue reading

Have you heard about vulners.com?

2 Replies

Vulners.com is a new search engine for security content.

Vulners.com searching engine

Guys from vulners.com collect vendor security bulletins, lists of vulnerabilities found by researchers,  content of open vulnerability and exploit databases, posts on hack forums and even detection rules from vulnerability scanners. They investigate dependencies among all this entities and provide fast and efficient searching interface. Moreover, you can even automate searching process with Vulners Search API. All for free!

Vulners.com 'Heartbleed' search results

You can read Russian translation of this post on seclab. I can also recommend a great article “Vulners.com, a Shodan of vulnerability data” by Denis Gorchakov.

Why might you need it? Continue reading