Tag Archives: WordPress

Free High-Tech Bridge ImmuniWeb Application Discovery service

Today I would like to talk about another service for application security analysis by High-Tech Bridge. It’s called ImmuniWeb Application Discovery.

This service can get information about your web and mobile applications available from the Internet. Believe me, this is not so obvious for a large organization. And, what is especially pleasant, it works automatically and free of charge. 😉

High-Tech Bridge ImmuniWeb Free Application Discovery

ImmuniWeb Application Discovery will also show the basic security problems with SSL connection, web-server headers, potential phishing issues for all founded web services. You can read more about this part in my posts about High-Tech Bridge services and APIs for SSL/TLS server testing and for searching cybersquatting, typosquatting and phishing domains.

From the same interface you can order an advanced audit of your web applications by High-Tech Bridge as well.

Continue reading

Outpost24 Appsec Scale for Web Application Scanning

Today I would like to write about yet another Outpost24 product – cloud Web Application Scanner Appsec Scale.

Outpost24 Appsec Scale scan results

It is available in the same interface as Outpost24 Outscan, that I reviewed earlier. Select APPSEC SCALE in the start menu and you can scan web applications:

Outpost24 Appsec Scale

Continue reading

Vulchain scan workflow and search queries

This post will be about my Vulnerability Scanner project – Vulchain. Recently I’ve spent couple of my weekends almost exclusively on coding: refactoring the scan engine, creating API and GUI.

Vulchain scan workflow and search queries

I was doing it because of the conferences, where I will be speaking soon:

Pretty intense schedule for a guy who spends most of his time in PyCharm and Linux console. 😉 Very excited! So, it seemed right to add a couple of slides about my project and show that something is already working.

Continue reading

getsploit from Vulners.com

Kirill Isox Ermakov, the founder of Vulners, has recently presented a new open-source tool for searching and downloading exploits – getsploit.

Let’s say we want to pentest some WordPress blog. For example, this website avleonov.com. We can get WordPress version simply using curl:

$ curl -s https://avleonov.com | grep "generator"
<meta name="generator" content="WordPress 4.7.1" />

Ok, let’s get some sploits using this version:

$ sudo apt-get install git
$ git clone https://github.com/vulnersCom/getsploit
Cloning into 'getsploit'...
remote: Counting objects: 32, done.
remote: Compressing objects: 100% (21/21), done.
remote: Total 32 (delta 13), reused 30 (delta 11), pack-reused 0
Unpacking objects: 100% (32/32), done.
Checking connectivity... done.
$ cd getsploit/
$ ./getsploit.py "title:WordPress AND title:4.7.1"

getsploit

As you can see on the screen shot, getsploit makes a search request to vulners.com: bulletinFamily:exploit AND title:WordPress AND title:4.7.1 and matches objects in Immunity Canvas, DSquare Exploit Pack, Exploit-DB, Metasploit, Packet Storm, Malware exploit database, SAINTexploit™, seebug.org, Vulnerability Lab, 0day.today and Zero Science Lab.

Continue reading

Vulnerability Quadrants

Hi everyone! Today I would like talk about software vulnerabilities. How to find really interesting vulnerabilities in the overall CVE flow. And how to do it automatically.

Vulnerability Quadrant

First of all, let’s talk why we may ever need to analyze software vulnerabilities? How people usually do their Vulnerability Management and Vulnerability Intelligence?

VM strategies

  • Some people have a Vulnerability scanner, scan infrastructure with it, patch founded vulnerabilities and think that this will be enough.
  • Some people pay attention to the vulnerabilities that are widely covered by media.
  • Some people use vulnerability databases and search for the most critical vulnerabilities by some criteria.

Each of these ways have some advantages and some disadvantages.

Continue reading