Tag Archives: scan

Can a Vulnerability Scan break servers and services?

The most serious problem of Vulnerability Scanners is that they are too complex and unpredictable. Usually they don’t affect the target hosts, but when they do, welcome to hell! And if you scan huge infrastructure, tens thousands hosts and more, it’s not “if” the scanner will break the server it’s “when” it will do it.

As a responsible person for Vulnerability Management you will be also responsible for all the troubles that VM product can make in the IT infrastructure. And what will you say to the angry mob of your colleagues from IT and Business when they will be quite curious to know why did the service/server go down after the scan? Actually, it’s not much to say.

Continue reading

Tenable SecurityCenter and its API

SecurityCenter is an enterprise level vulnerability management product of Tenable Network Security. As the name implies, the it is designed to be the center of Tenable security infrastructure. SecurityCenter takes data from other Tenable products: Passive Vulnerability Scanner (PVS), Log Correlation Engine (LCE), Nessus, and provides a powerful GUI interface for searching and reporting. Sounds familiar? Well, yes, it is something like SIEM, but with a strong emphasis on Vulnerability Management.

Tenable SecurityCenter 5

I’ve took this screenshot from SC5 video presentation in Spanish.

In this post, I certainly will not fully cover SC functionality and all the features of its API. I just would like to pay tribute to a convenient asset mechanism of SecurityCenter and show very basic operation of SecurityCenter API: retrieving the results of the vulnerability scanning (as I did it for Nessus in “Retrieving scan results through Nessus API“).
Continue reading

An introduction to Rapid7 Nexpose API

Another nice thing about Nexpose is that this vulnerability scanner has an open API. And even free Nexpose Community Edition supports it.

Rapid7 Nexpose API

It’s a really generous gift from Rapid7. That means that you can use Nexpose to scan your environment, easily manage it from your scripts and make any vulnerability assessment and remediation logic you need.

I haven’t found manuals about using Nexpose API to automate basic vulnerability management tasks and decided to write my own. Hope somebody will find it useful. All examples will be in form of curl requests.

Working with Nexpose API is nothing more than sending xml Post-requests to the https://[Nexpose Host]:3780/api/[API Version]/xml and receiving xml responses.
Continue reading