Vulnerability Intelligence amp Assessment

with vulnerscom

Alexander LeonovPentestit Lab 2016

2

whoami

- Security Analyst at MailRu Group- Texts and Analytics for vulnerscom- Security Automation blog at avleonovcom

2

whoami

- Security Analyst at MailRu Group- Texts and Analytics for vulnerscom- Security Automation blog at avleonovcom

3

Vulners Project

- Was created by QIWI security team- Vulnerability source data aggregator- Normalized machine-readable content- API-driven development- Absolutely free

4

Vulners Project

5

Definition

Vulnerability is a weakness in an information system system security procedures internal controls or implementation that could be exploited or triggered by a threat source

Glossary of Key Information Security Terms NISTIR 7298 R2

4

Vulners Project

5

Definition

Vulnerability is a weakness in an information system system security procedures internal controls or implementation that could be exploited or triggered by a threat source

Glossary of Key Information Security Terms NISTIR 7298 R2

5

Definition

Vulnerability is a weakness in an information system system security procedures internal controls or implementation that could be exploited or triggered by a threat source

Glossary of Key Information Security Terms NISTIR 7298 R2

6

Risks

- Information systems takeover- Revocation of the licenses- Business continuity- Money loss- and more

7

Vulnerability management process

- Mandatory component of information security- Need2be for a security-aware companies- Necessary to perform in accordance with the PCIDSS

and others- Best practice for survival in the Internet

8

Vulnerability management lifecycle

Discover

Prioritize Assets

AssessReport

Remediate

Verify

9

Some problems of Vulnerability Scanners

- When the scan is finished the results may already be outdated

- Per-host licensingKnowledge base

- How quickly vendor adds new vulnerability checks- Some vulnerabilities may be found only with

authorization or correct service banner- No scanners will find all vulnerabilities of any software- You will never know real limitations of the product

10

Nessus vs Openvas

All CVEs 80196Nessus CVE links 35032OpenVAS CVE links 29240OpenVAS vs Nessus 3787254539579

11

Nessus vs Openvas

All CVEs 80196Nessus CVE links 35032OpenVAS CVE links 29240OpenVAS vs Nessus 3787254539579

2673 OpenVAS plugins

6639 Nessus plugins

38207 OpenVAS plugins and 50896 Nessus plugins

All NASL pluginsOpenVAS 49747Nessus 81349

12

Why

- ldquoOldrdquo vulnerabilities- Vendor forgot to add links to CVE id- Vulnerabilities in plugins (WordPress VideoWhisper)- Donrsquot support ldquoLocalrdquo software (openMairie)- Stopped adding new vulnerabilities (vBulletin)

13

Examples OpenVAS detects Nessus not

- D-Link DIR-100 Router Multiple Vulnerabilities- Cisco Firepower Management Center Privilege Escalatio

n Vulnerability- vBulletin 36x to 422423 Forumrunner requestphp

SQL Injection- WordPress VideoWhisper Live Streaming Integration Mu

ltiple Vulnerabilities

7

Vulnerability management process

- Mandatory component of information security- Need2be for a security-aware companies- Necessary to perform in accordance with the PCIDSS

and others- Best practice for survival in the Internet

8

Vulnerability management lifecycle

Discover

Prioritize Assets

AssessReport

Remediate

Verify

9

Some problems of Vulnerability Scanners

- When the scan is finished the results may already be outdated

- Per-host licensingKnowledge base

- How quickly vendor adds new vulnerability checks- Some vulnerabilities may be found only with

authorization or correct service banner- No scanners will find all vulnerabilities of any software- You will never know real limitations of the product

10

Nessus vs Openvas

All CVEs 80196Nessus CVE links 35032OpenVAS CVE links 29240OpenVAS vs Nessus 3787254539579

11

Nessus vs Openvas

All CVEs 80196Nessus CVE links 35032OpenVAS CVE links 29240OpenVAS vs Nessus 3787254539579

2673 OpenVAS plugins

6639 Nessus plugins

38207 OpenVAS plugins and 50896 Nessus plugins

All NASL pluginsOpenVAS 49747Nessus 81349

12

Why

- ldquoOldrdquo vulnerabilities- Vendor forgot to add links to CVE id- Vulnerabilities in plugins (WordPress VideoWhisper)- Donrsquot support ldquoLocalrdquo software (openMairie)- Stopped adding new vulnerabilities (vBulletin)

13

Examples OpenVAS detects Nessus not

- D-Link DIR-100 Router Multiple Vulnerabilities- Cisco Firepower Management Center Privilege Escalatio

n Vulnerability- vBulletin 36x to 422423 Forumrunner requestphp

SQL Injection- WordPress VideoWhisper Live Streaming Integration Mu

ltiple Vulnerabilities

8

Vulnerability management lifecycle

Discover

Prioritize Assets

AssessReport

Remediate

Verify

9

Some problems of Vulnerability Scanners

- When the scan is finished the results may already be outdated

- Per-host licensingKnowledge base

- How quickly vendor adds new vulnerability checks- Some vulnerabilities may be found only with

authorization or correct service banner- No scanners will find all vulnerabilities of any software- You will never know real limitations of the product

10

Nessus vs Openvas

All CVEs 80196Nessus CVE links 35032OpenVAS CVE links 29240OpenVAS vs Nessus 3787254539579

11

Nessus vs Openvas

All CVEs 80196Nessus CVE links 35032OpenVAS CVE links 29240OpenVAS vs Nessus 3787254539579

2673 OpenVAS plugins

6639 Nessus plugins

38207 OpenVAS plugins and 50896 Nessus plugins

All NASL pluginsOpenVAS 49747Nessus 81349

12

Why

- ldquoOldrdquo vulnerabilities- Vendor forgot to add links to CVE id- Vulnerabilities in plugins (WordPress VideoWhisper)- Donrsquot support ldquoLocalrdquo software (openMairie)- Stopped adding new vulnerabilities (vBulletin)

13

Examples OpenVAS detects Nessus not

- D-Link DIR-100 Router Multiple Vulnerabilities- Cisco Firepower Management Center Privilege Escalatio

n Vulnerability- vBulletin 36x to 422423 Forumrunner requestphp

SQL Injection- WordPress VideoWhisper Live Streaming Integration Mu

ltiple Vulnerabilities

9

Some problems of Vulnerability Scanners

- When the scan is finished the results may already be outdated

- Per-host licensingKnowledge base

- How quickly vendor adds new vulnerability checks- Some vulnerabilities may be found only with

authorization or correct service banner- No scanners will find all vulnerabilities of any software- You will never know real limitations of the product

10

Nessus vs Openvas

All CVEs 80196Nessus CVE links 35032OpenVAS CVE links 29240OpenVAS vs Nessus 3787254539579

11

Nessus vs Openvas

All CVEs 80196Nessus CVE links 35032OpenVAS CVE links 29240OpenVAS vs Nessus 3787254539579

2673 OpenVAS plugins

6639 Nessus plugins

38207 OpenVAS plugins and 50896 Nessus plugins

All NASL pluginsOpenVAS 49747Nessus 81349

12

Why

- ldquoOldrdquo vulnerabilities- Vendor forgot to add links to CVE id- Vulnerabilities in plugins (WordPress VideoWhisper)- Donrsquot support ldquoLocalrdquo software (openMairie)- Stopped adding new vulnerabilities (vBulletin)

13

Examples OpenVAS detects Nessus not

- D-Link DIR-100 Router Multiple Vulnerabilities- Cisco Firepower Management Center Privilege Escalatio

n Vulnerability- vBulletin 36x to 422423 Forumrunner requestphp

SQL Injection- WordPress VideoWhisper Live Streaming Integration Mu

ltiple Vulnerabilities

10

Nessus vs Openvas

All CVEs 80196Nessus CVE links 35032OpenVAS CVE links 29240OpenVAS vs Nessus 3787254539579

11

Nessus vs Openvas

All CVEs 80196Nessus CVE links 35032OpenVAS CVE links 29240OpenVAS vs Nessus 3787254539579

2673 OpenVAS plugins

6639 Nessus plugins

38207 OpenVAS plugins and 50896 Nessus plugins

All NASL pluginsOpenVAS 49747Nessus 81349

12

Why

- ldquoOldrdquo vulnerabilities- Vendor forgot to add links to CVE id- Vulnerabilities in plugins (WordPress VideoWhisper)- Donrsquot support ldquoLocalrdquo software (openMairie)- Stopped adding new vulnerabilities (vBulletin)

13

Examples OpenVAS detects Nessus not

- D-Link DIR-100 Router Multiple Vulnerabilities- Cisco Firepower Management Center Privilege Escalatio

n Vulnerability- vBulletin 36x to 422423 Forumrunner requestphp

SQL Injection- WordPress VideoWhisper Live Streaming Integration Mu

ltiple Vulnerabilities

11

Nessus vs Openvas

All CVEs 80196Nessus CVE links 35032OpenVAS CVE links 29240OpenVAS vs Nessus 3787254539579

2673 OpenVAS plugins

6639 Nessus plugins

38207 OpenVAS plugins and 50896 Nessus plugins

All NASL pluginsOpenVAS 49747Nessus 81349

12

Why

- ldquoOldrdquo vulnerabilities- Vendor forgot to add links to CVE id- Vulnerabilities in plugins (WordPress VideoWhisper)- Donrsquot support ldquoLocalrdquo software (openMairie)- Stopped adding new vulnerabilities (vBulletin)

13

Examples OpenVAS detects Nessus not

- D-Link DIR-100 Router Multiple Vulnerabilities- Cisco Firepower Management Center Privilege Escalatio

n Vulnerability- vBulletin 36x to 422423 Forumrunner requestphp

SQL Injection- WordPress VideoWhisper Live Streaming Integration Mu

ltiple Vulnerabilities

12

Why

- ldquoOldrdquo vulnerabilities- Vendor forgot to add links to CVE id- Vulnerabilities in plugins (WordPress VideoWhisper)- Donrsquot support ldquoLocalrdquo software (openMairie)- Stopped adding new vulnerabilities (vBulletin)

13

Examples OpenVAS detects Nessus not

- D-Link DIR-100 Router Multiple Vulnerabilities- Cisco Firepower Management Center Privilege Escalatio

n Vulnerability- vBulletin 36x to 422423 Forumrunner requestphp

SQL Injection- WordPress VideoWhisper Live Streaming Integration Mu

ltiple Vulnerabilities

13

Examples OpenVAS detects Nessus not

- D-Link DIR-100 Router Multiple Vulnerabilities- Cisco Firepower Management Center Privilege Escalatio

n Vulnerability- vBulletin 36x to 422423 Forumrunner requestphp

SQL Injection- WordPress VideoWhisper Live Streaming Integration Mu

ltiple Vulnerabilities

14

Examples Nessus detects OpenVAS not

- Solaris vulnerabilities since 2010- Apple Quicktime - MOV File Parsing Memory Corruption

Vulnerability

15

In other words

- Vulnerability Scanner is a necessity- Dont depend too much on them- Scanner does not detect some vulnerability mdash itrsquos YOUR problem not your VM vendor- Choose solution you can control and vendors you can

trust- Have alternative sources of Vulnerability Data

16

Vulnerability Intelligence and PCI DSS

17

Vulnerability Data Sources

- Born in 90rsquos- Every product has itrsquos own source of vulnerability data- Most information is not acceptable for automatic

vulnerability scanners- MITRE NVD SCAP OVAL and others failed to

standardize it- Everyone is working on their own- Searchrdquo Forget about it Use Google instead

18

vulnerscom Information security ldquoGooglerdquo

- Vulnerability source data aggregator- Created by security specialists for security specialists- Incredibly fast search engine- Normalized machine-readable content- Audit features out-of-the-box- API-driven development- Absolutely free

19

ContentBug BountyHacker OneopenbugbountyorgVulnerability LabXSSed

Bulletins Network VendorCiscoF5 NetworksHuaweiOpenWrtPalo Alto Networks

Bulletins SoftwareApache HttpdDrupalMozillaNginxOpenSSLOperaownCloudPostgreSQLSambaTYPO3WPScan DatabaseXen Project

Bulletins Virtualization VendorVMware

Bullitens BSDFreeBSD

Bullitens HardwareLenovo

Bullitens LinuxAmazon Linux AMIArch LinuxCentOS LinuxDebian LinuxGentoo LinuxOracle LinuxRedHat LinuxSlackware LinuxSUSE LinuxUbuntu Linux

Detection VendorNMAPOpenVASTenable NessusW3AF

Exploit Base0daytodayDSquare Exploit PackExploit-DBImmunity CanvasMalware exploit databaseMetasploitSAINTexploittrade

MediardotorgThreatPost

Possible 0dayHackappInfoWatch APPERCUT

Vulnerability BaseCERTERPScanICSMicrosoft Vulnerability ResearchNDV CVEPositive TechnologiesseebugorgSymantecZero Day Initiative

58 Sources

20

Stats

21

Under the hood

22

Search

- Google-style search string- Dorks advanced queries and many more- UX-driven- Human-oriented- References and data linkage- Extremely fast

23

Search results

24

Object

25

Search requests

- Any complex query titlehttpd typecentos orderpublished last year

- Sortable by any field of the model (type CVSS dates etc)

- Apache Lucene syntax (AND OR and so on)- Exploit search by sources and CVErsquos

cvelistCVE-2014-0160 typeexploitdbsourceDatabash_profilesourceDatamagic bytesrdquo

16

Vulnerability Intelligence and PCI DSS

17

Vulnerability Data Sources

- Born in 90rsquos- Every product has itrsquos own source of vulnerability data- Most information is not acceptable for automatic

vulnerability scanners- MITRE NVD SCAP OVAL and others failed to

standardize it- Everyone is working on their own- Searchrdquo Forget about it Use Google instead

18

vulnerscom Information security ldquoGooglerdquo

- Vulnerability source data aggregator- Created by security specialists for security specialists- Incredibly fast search engine- Normalized machine-readable content- Audit features out-of-the-box- API-driven development- Absolutely free

19

ContentBug BountyHacker OneopenbugbountyorgVulnerability LabXSSed

Bulletins Network VendorCiscoF5 NetworksHuaweiOpenWrtPalo Alto Networks

Bulletins SoftwareApache HttpdDrupalMozillaNginxOpenSSLOperaownCloudPostgreSQLSambaTYPO3WPScan DatabaseXen Project

Bulletins Virtualization VendorVMware

Bullitens BSDFreeBSD

Bullitens HardwareLenovo

Bullitens LinuxAmazon Linux AMIArch LinuxCentOS LinuxDebian LinuxGentoo LinuxOracle LinuxRedHat LinuxSlackware LinuxSUSE LinuxUbuntu Linux

Detection VendorNMAPOpenVASTenable NessusW3AF

Exploit Base0daytodayDSquare Exploit PackExploit-DBImmunity CanvasMalware exploit databaseMetasploitSAINTexploittrade

MediardotorgThreatPost

Possible 0dayHackappInfoWatch APPERCUT

Vulnerability BaseCERTERPScanICSMicrosoft Vulnerability ResearchNDV CVEPositive TechnologiesseebugorgSymantecZero Day Initiative

58 Sources

20

Stats

21

Under the hood

22

Search

- Google-style search string- Dorks advanced queries and many more- UX-driven- Human-oriented- References and data linkage- Extremely fast

23

Search results

24

Object

25

Search requests

- Any complex query titlehttpd typecentos orderpublished last year

- Sortable by any field of the model (type CVSS dates etc)

- Apache Lucene syntax (AND OR and so on)- Exploit search by sources and CVErsquos

cvelistCVE-2014-0160 typeexploitdbsourceDatabash_profilesourceDatamagic bytesrdquo

17

Vulnerability Data Sources

- Born in 90rsquos- Every product has itrsquos own source of vulnerability data- Most information is not acceptable for automatic

vulnerability scanners- MITRE NVD SCAP OVAL and others failed to

standardize it- Everyone is working on their own- Searchrdquo Forget about it Use Google instead

18

vulnerscom Information security ldquoGooglerdquo

- Vulnerability source data aggregator- Created by security specialists for security specialists- Incredibly fast search engine- Normalized machine-readable content- Audit features out-of-the-box- API-driven development- Absolutely free

19

ContentBug BountyHacker OneopenbugbountyorgVulnerability LabXSSed

Bulletins Network VendorCiscoF5 NetworksHuaweiOpenWrtPalo Alto Networks

Bulletins SoftwareApache HttpdDrupalMozillaNginxOpenSSLOperaownCloudPostgreSQLSambaTYPO3WPScan DatabaseXen Project

Bulletins Virtualization VendorVMware

Bullitens BSDFreeBSD

Bullitens HardwareLenovo

Bullitens LinuxAmazon Linux AMIArch LinuxCentOS LinuxDebian LinuxGentoo LinuxOracle LinuxRedHat LinuxSlackware LinuxSUSE LinuxUbuntu Linux

Detection VendorNMAPOpenVASTenable NessusW3AF

Exploit Base0daytodayDSquare Exploit PackExploit-DBImmunity CanvasMalware exploit databaseMetasploitSAINTexploittrade

MediardotorgThreatPost

Possible 0dayHackappInfoWatch APPERCUT

Vulnerability BaseCERTERPScanICSMicrosoft Vulnerability ResearchNDV CVEPositive TechnologiesseebugorgSymantecZero Day Initiative

58 Sources

20

Stats

21

Under the hood

22

Search

- Google-style search string- Dorks advanced queries and many more- UX-driven- Human-oriented- References and data linkage- Extremely fast

23

Search results

24

Object

25

Search requests

- Any complex query titlehttpd typecentos orderpublished last year

- Sortable by any field of the model (type CVSS dates etc)

- Apache Lucene syntax (AND OR and so on)- Exploit search by sources and CVErsquos

cvelistCVE-2014-0160 typeexploitdbsourceDatabash_profilesourceDatamagic bytesrdquo

18

vulnerscom Information security ldquoGooglerdquo

- Vulnerability source data aggregator- Created by security specialists for security specialists- Incredibly fast search engine- Normalized machine-readable content- Audit features out-of-the-box- API-driven development- Absolutely free

19

ContentBug BountyHacker OneopenbugbountyorgVulnerability LabXSSed

Bulletins Network VendorCiscoF5 NetworksHuaweiOpenWrtPalo Alto Networks

Bulletins SoftwareApache HttpdDrupalMozillaNginxOpenSSLOperaownCloudPostgreSQLSambaTYPO3WPScan DatabaseXen Project

Bulletins Virtualization VendorVMware

Bullitens BSDFreeBSD

Bullitens HardwareLenovo

Bullitens LinuxAmazon Linux AMIArch LinuxCentOS LinuxDebian LinuxGentoo LinuxOracle LinuxRedHat LinuxSlackware LinuxSUSE LinuxUbuntu Linux

Detection VendorNMAPOpenVASTenable NessusW3AF

Exploit Base0daytodayDSquare Exploit PackExploit-DBImmunity CanvasMalware exploit databaseMetasploitSAINTexploittrade

MediardotorgThreatPost

Possible 0dayHackappInfoWatch APPERCUT

Vulnerability BaseCERTERPScanICSMicrosoft Vulnerability ResearchNDV CVEPositive TechnologiesseebugorgSymantecZero Day Initiative

58 Sources

20

Stats

21

Under the hood

22

Search

- Google-style search string- Dorks advanced queries and many more- UX-driven- Human-oriented- References and data linkage- Extremely fast

23

Search results

24

Object

25

Search requests

- Any complex query titlehttpd typecentos orderpublished last year

- Sortable by any field of the model (type CVSS dates etc)

- Apache Lucene syntax (AND OR and so on)- Exploit search by sources and CVErsquos

cvelistCVE-2014-0160 typeexploitdbsourceDatabash_profilesourceDatamagic bytesrdquo

19

ContentBug BountyHacker OneopenbugbountyorgVulnerability LabXSSed

Bulletins Network VendorCiscoF5 NetworksHuaweiOpenWrtPalo Alto Networks

Bulletins SoftwareApache HttpdDrupalMozillaNginxOpenSSLOperaownCloudPostgreSQLSambaTYPO3WPScan DatabaseXen Project

Bulletins Virtualization VendorVMware

Bullitens BSDFreeBSD

Bullitens HardwareLenovo

Bullitens LinuxAmazon Linux AMIArch LinuxCentOS LinuxDebian LinuxGentoo LinuxOracle LinuxRedHat LinuxSlackware LinuxSUSE LinuxUbuntu Linux

Detection VendorNMAPOpenVASTenable NessusW3AF

Exploit Base0daytodayDSquare Exploit PackExploit-DBImmunity CanvasMalware exploit databaseMetasploitSAINTexploittrade

MediardotorgThreatPost

Possible 0dayHackappInfoWatch APPERCUT

Vulnerability BaseCERTERPScanICSMicrosoft Vulnerability ResearchNDV CVEPositive TechnologiesseebugorgSymantecZero Day Initiative

58 Sources

20

Stats

21

Under the hood

22

Search

- Google-style search string- Dorks advanced queries and many more- UX-driven- Human-oriented- References and data linkage- Extremely fast

23

Search results

24

Object

25

Search requests

- Any complex query titlehttpd typecentos orderpublished last year

- Sortable by any field of the model (type CVSS dates etc)

- Apache Lucene syntax (AND OR and so on)- Exploit search by sources and CVErsquos

cvelistCVE-2014-0160 typeexploitdbsourceDatabash_profilesourceDatamagic bytesrdquo

20

Stats

21

Under the hood

22

Search

- Google-style search string- Dorks advanced queries and many more- UX-driven- Human-oriented- References and data linkage- Extremely fast

23

Search results

24

Object

25

Search requests

- Any complex query titlehttpd typecentos orderpublished last year

- Sortable by any field of the model (type CVSS dates etc)

- Apache Lucene syntax (AND OR and so on)- Exploit search by sources and CVErsquos

cvelistCVE-2014-0160 typeexploitdbsourceDatabash_profilesourceDatamagic bytesrdquo

21

Under the hood

22

Search

- Google-style search string- Dorks advanced queries and many more- UX-driven- Human-oriented- References and data linkage- Extremely fast

23

Search results

24

Object

25

Search requests

- Any complex query titlehttpd typecentos orderpublished last year

- Sortable by any field of the model (type CVSS dates etc)

- Apache Lucene syntax (AND OR and so on)- Exploit search by sources and CVErsquos

cvelistCVE-2014-0160 typeexploitdbsourceDatabash_profilesourceDatamagic bytesrdquo

22

Search

- Google-style search string- Dorks advanced queries and many more- UX-driven- Human-oriented- References and data linkage- Extremely fast

23

Search results

24

Object

25

Search requests

- Any complex query titlehttpd typecentos orderpublished last year

- Sortable by any field of the model (type CVSS dates etc)

- Apache Lucene syntax (AND OR and so on)- Exploit search by sources and CVErsquos

cvelistCVE-2014-0160 typeexploitdbsourceDatabash_profilesourceDatamagic bytesrdquo

23

Search results

24

Object

25

Search requests

- Any complex query titlehttpd typecentos orderpublished last year

- Sortable by any field of the model (type CVSS dates etc)

- Apache Lucene syntax (AND OR and so on)- Exploit search by sources and CVErsquos

cvelistCVE-2014-0160 typeexploitdbsourceDatabash_profilesourceDatamagic bytesrdquo

24

Object

25

Search requests

- Any complex query titlehttpd typecentos orderpublished last year

- Sortable by any field of the model (type CVSS dates etc)

- Apache Lucene syntax (AND OR and so on)- Exploit search by sources and CVErsquos

cvelistCVE-2014-0160 typeexploitdbsourceDatabash_profilesourceDatamagic bytesrdquo

25

Search requests

- Any complex query titlehttpd typecentos orderpublished last year

- Sortable by any field of the model (type CVSS dates etc)

- Apache Lucene syntax (AND OR and so on)- Exploit search by sources and CVErsquos

cvelistCVE-2014-0160 typeexploitdbsourceDatabash_profilesourceDatamagic bytesrdquo

26

Requests

- CentOS bulletins with remotely exploited vulnerabilities

(typecentos AND (titleCritical OR titleImportant) AND cvssvectorAVNETWORK) orderpublished- Important CVE vulnerabilities in Microsoft software(typecve AND cvssscore[6 TO 10] AND descriptionMicrosoft) orderpublished

Search requests

27

Search requests

- Nessus plugins for remotely exploited vulnerabilities exclude Windows

typenessus AND cvssscore[6 TO 10] AND cvssvectorAVNETWORK AND (NOT naslFamilyLocal AND NOT naslFamilyWindows Microsoft Bulletins AND NOT naslFamilyWindows) orderpublished- OpenSSL and OpenSSH vulnerabilities(typeopenssl OR ( typecve AND cpeopenssh ) ) orderpublished

28

Parameters

httpsvulnerscomapiv3searchidid=CISCO-SA-20161005-OTV-NXOSNASL

29

Search API

- GETPOST REST API with JSON output- Searchhttpsvulnerscomapiv3searchlucenequery=typecentos20cvssscore[820TO2010]20orderpublished- Informationhttpsvulnerscomapiv3searchidid=CESA-20161237ampreferences=true- Exporthttpsvulnerscomapiv3archivecollectiontype=exploitdb

30

RSS

- Fully customizable news feed in RSS format- Powered by Apache Lucene queryhttpsvulnerscomrssxmlquery=typedebian- No cache it builds right when you ask it to- Atom Webfeeds mrss compatible

31

Telegram Bot

- Up to 3 subscriptions- In-app search- Broadcast for

emergency newshttpstelegrammevulnersBot

32

Email Subscriptions

- Up to 5 subscriptions- Awareness service- Absolutely

customizablehttpsvulnerscomsubscriptions

33

Email Subscriptions

34

Linux Audit GUI

- Linux OS vulnerability scan

- Immediate results- Dramatically simplehttpsvulnerscomaudit

34

Linux Audit GUI

- Linux OS vulnerability scan

- Immediate results- Dramatically simplehttpsvulnerscomaudit

35

- RedHat- CentOS- Fedora- Oracle Linux- Ubuntu- Debian

Linux Audit GUI

36

Linux Audit GUI

37

Linux Audit API

curl -H Accept applicationjson -H Content-Type applicationjson -X POST -d oscentospackage[pcre-832-15el7x86_64 samba-common-423-11el7_2noarch gnu-free-fonts-common-20120503-8el7noarch libreport-centos-2111-32el7centosx86_64 libacl-2251-12el7x86_64]version7 httpsvulnerscomapiv3auditaudit

38

Linux Audit API

- JSON resultVulnerabilities listReason of the decisionReferences list (exploits and so on)

- Ready to go for Red Hat and Debian family- Typical call time for 500+ packages list = 160ms- Itrsquos fast Really fast

39

Linux Audit API

result OK data reasons [ providedPackage sos-32-35el7centosnoarch operator lt bulletinID CESA-20160188 providedVersion 032-35el7centos bulletinPackage sos-32-35el7centos3noarchrpm bulletinVersion 32-35el7centos3 package sos-32-35el7centosnoarch

40

Agent-Based Scanner$ git clone httpsgithubcomvidensvulners-scanner$ cd vulners-scanner$ linuxScannerpy

___ ___ _| |_ __ ___ _ __ ___ | | | | _ _ __ __| V | |_| | | | | | __ | __ _ ___|_|_| |_|___|_| |___

==========================================Host info - Host machineOS Name - centos OS Version - 7Total found packages 1026Vulnerable packages krb5-libs-1132-10el7x86_64 CESA-20160532 - Moderate krb5 Security Update cvssscore - 68 openssh-server-661p1-23el7_2x86_64 CESA-20160465 - Moderate openssh Security Update cvssscore - 77 libtdb-136-2el7x86_64 CESA-20160612 - Critical ipa Security Update cvssscore - 00 kernel-tools-3100-32745el7x86_64 CESA-20161033 - Important kernel Security Update cvssscore - 00 CESA-20161633 - Important kernel Security Update cvssscore - 43 CESA-20160185 - Important kernel Security Update cvssscore - 72 CESA-20161539 - Important kernel Security Update cvssscore - 72 CESA-20161277 - Important kernel Security Update cvssscore - 72 openssl-libs-101e-51el7_22x86_64

- Available at GitHub- Example of

integration- Free to fork

41

Itrsquos absolutely free

- Free for commercial and enterprise use DB and API- Make your own solutions using our powers

Security scannersThreat intelligenceSubscriptionsSecurity automation

- Just please post references if you can -)

42

Integration Example

43

Thanks

- aleonovvulnerscom- Scanner httpsgithubcomvidensvulners-scanner- Vulners Blog httpsblogvulnerscom- My Blog httpavleonovcomtagvulners-com

36

Linux Audit GUI

37

Linux Audit API

curl -H Accept applicationjson -H Content-Type applicationjson -X POST -d oscentospackage[pcre-832-15el7x86_64 samba-common-423-11el7_2noarch gnu-free-fonts-common-20120503-8el7noarch libreport-centos-2111-32el7centosx86_64 libacl-2251-12el7x86_64]version7 httpsvulnerscomapiv3auditaudit

38

Linux Audit API

- JSON resultVulnerabilities listReason of the decisionReferences list (exploits and so on)

- Ready to go for Red Hat and Debian family- Typical call time for 500+ packages list = 160ms- Itrsquos fast Really fast

39

Linux Audit API

result OK data reasons [ providedPackage sos-32-35el7centosnoarch operator lt bulletinID CESA-20160188 providedVersion 032-35el7centos bulletinPackage sos-32-35el7centos3noarchrpm bulletinVersion 32-35el7centos3 package sos-32-35el7centosnoarch

40

Agent-Based Scanner$ git clone httpsgithubcomvidensvulners-scanner$ cd vulners-scanner$ linuxScannerpy

___ ___ _| |_ __ ___ _ __ ___ | | | | _ _ __ __| V | |_| | | | | | __ | __ _ ___|_|_| |_|___|_| |___

==========================================Host info - Host machineOS Name - centos OS Version - 7Total found packages 1026Vulnerable packages krb5-libs-1132-10el7x86_64 CESA-20160532 - Moderate krb5 Security Update cvssscore - 68 openssh-server-661p1-23el7_2x86_64 CESA-20160465 - Moderate openssh Security Update cvssscore - 77 libtdb-136-2el7x86_64 CESA-20160612 - Critical ipa Security Update cvssscore - 00 kernel-tools-3100-32745el7x86_64 CESA-20161033 - Important kernel Security Update cvssscore - 00 CESA-20161633 - Important kernel Security Update cvssscore - 43 CESA-20160185 - Important kernel Security Update cvssscore - 72 CESA-20161539 - Important kernel Security Update cvssscore - 72 CESA-20161277 - Important kernel Security Update cvssscore - 72 openssl-libs-101e-51el7_22x86_64

- Available at GitHub- Example of

integration- Free to fork

41

Itrsquos absolutely free

- Free for commercial and enterprise use DB and API- Make your own solutions using our powers

Security scannersThreat intelligenceSubscriptionsSecurity automation

- Just please post references if you can -)

42

Integration Example

43

Thanks

- aleonovvulnerscom- Scanner httpsgithubcomvidensvulners-scanner- Vulners Blog httpsblogvulnerscom- My Blog httpavleonovcomtagvulners-com

37

Linux Audit API

curl -H Accept applicationjson -H Content-Type applicationjson -X POST -d oscentospackage[pcre-832-15el7x86_64 samba-common-423-11el7_2noarch gnu-free-fonts-common-20120503-8el7noarch libreport-centos-2111-32el7centosx86_64 libacl-2251-12el7x86_64]version7 httpsvulnerscomapiv3auditaudit

38

Linux Audit API

- JSON resultVulnerabilities listReason of the decisionReferences list (exploits and so on)

- Ready to go for Red Hat and Debian family- Typical call time for 500+ packages list = 160ms- Itrsquos fast Really fast

39

Linux Audit API

result OK data reasons [ providedPackage sos-32-35el7centosnoarch operator lt bulletinID CESA-20160188 providedVersion 032-35el7centos bulletinPackage sos-32-35el7centos3noarchrpm bulletinVersion 32-35el7centos3 package sos-32-35el7centosnoarch

40

Agent-Based Scanner$ git clone httpsgithubcomvidensvulners-scanner$ cd vulners-scanner$ linuxScannerpy

___ ___ _| |_ __ ___ _ __ ___ | | | | _ _ __ __| V | |_| | | | | | __ | __ _ ___|_|_| |_|___|_| |___

==========================================Host info - Host machineOS Name - centos OS Version - 7Total found packages 1026Vulnerable packages krb5-libs-1132-10el7x86_64 CESA-20160532 - Moderate krb5 Security Update cvssscore - 68 openssh-server-661p1-23el7_2x86_64 CESA-20160465 - Moderate openssh Security Update cvssscore - 77 libtdb-136-2el7x86_64 CESA-20160612 - Critical ipa Security Update cvssscore - 00 kernel-tools-3100-32745el7x86_64 CESA-20161033 - Important kernel Security Update cvssscore - 00 CESA-20161633 - Important kernel Security Update cvssscore - 43 CESA-20160185 - Important kernel Security Update cvssscore - 72 CESA-20161539 - Important kernel Security Update cvssscore - 72 CESA-20161277 - Important kernel Security Update cvssscore - 72 openssl-libs-101e-51el7_22x86_64

- Available at GitHub- Example of

integration- Free to fork

41

Itrsquos absolutely free

- Free for commercial and enterprise use DB and API- Make your own solutions using our powers

Security scannersThreat intelligenceSubscriptionsSecurity automation

- Just please post references if you can -)

42

Integration Example

43

Thanks

- aleonovvulnerscom- Scanner httpsgithubcomvidensvulners-scanner- Vulners Blog httpsblogvulnerscom- My Blog httpavleonovcomtagvulners-com

38

Linux Audit API

- JSON resultVulnerabilities listReason of the decisionReferences list (exploits and so on)

- Ready to go for Red Hat and Debian family- Typical call time for 500+ packages list = 160ms- Itrsquos fast Really fast

39

Linux Audit API

result OK data reasons [ providedPackage sos-32-35el7centosnoarch operator lt bulletinID CESA-20160188 providedVersion 032-35el7centos bulletinPackage sos-32-35el7centos3noarchrpm bulletinVersion 32-35el7centos3 package sos-32-35el7centosnoarch

40

Agent-Based Scanner$ git clone httpsgithubcomvidensvulners-scanner$ cd vulners-scanner$ linuxScannerpy

___ ___ _| |_ __ ___ _ __ ___ | | | | _ _ __ __| V | |_| | | | | | __ | __ _ ___|_|_| |_|___|_| |___

==========================================Host info - Host machineOS Name - centos OS Version - 7Total found packages 1026Vulnerable packages krb5-libs-1132-10el7x86_64 CESA-20160532 - Moderate krb5 Security Update cvssscore - 68 openssh-server-661p1-23el7_2x86_64 CESA-20160465 - Moderate openssh Security Update cvssscore - 77 libtdb-136-2el7x86_64 CESA-20160612 - Critical ipa Security Update cvssscore - 00 kernel-tools-3100-32745el7x86_64 CESA-20161033 - Important kernel Security Update cvssscore - 00 CESA-20161633 - Important kernel Security Update cvssscore - 43 CESA-20160185 - Important kernel Security Update cvssscore - 72 CESA-20161539 - Important kernel Security Update cvssscore - 72 CESA-20161277 - Important kernel Security Update cvssscore - 72 openssl-libs-101e-51el7_22x86_64

- Available at GitHub- Example of

integration- Free to fork

41

Itrsquos absolutely free

- Free for commercial and enterprise use DB and API- Make your own solutions using our powers

Security scannersThreat intelligenceSubscriptionsSecurity automation

- Just please post references if you can -)

42

Integration Example

43

Thanks

- aleonovvulnerscom- Scanner httpsgithubcomvidensvulners-scanner- Vulners Blog httpsblogvulnerscom- My Blog httpavleonovcomtagvulners-com

39

Linux Audit API

result OK data reasons [ providedPackage sos-32-35el7centosnoarch operator lt bulletinID CESA-20160188 providedVersion 032-35el7centos bulletinPackage sos-32-35el7centos3noarchrpm bulletinVersion 32-35el7centos3 package sos-32-35el7centosnoarch

40

Agent-Based Scanner$ git clone httpsgithubcomvidensvulners-scanner$ cd vulners-scanner$ linuxScannerpy

___ ___ _| |_ __ ___ _ __ ___ | | | | _ _ __ __| V | |_| | | | | | __ | __ _ ___|_|_| |_|___|_| |___

==========================================Host info - Host machineOS Name - centos OS Version - 7Total found packages 1026Vulnerable packages krb5-libs-1132-10el7x86_64 CESA-20160532 - Moderate krb5 Security Update cvssscore - 68 openssh-server-661p1-23el7_2x86_64 CESA-20160465 - Moderate openssh Security Update cvssscore - 77 libtdb-136-2el7x86_64 CESA-20160612 - Critical ipa Security Update cvssscore - 00 kernel-tools-3100-32745el7x86_64 CESA-20161033 - Important kernel Security Update cvssscore - 00 CESA-20161633 - Important kernel Security Update cvssscore - 43 CESA-20160185 - Important kernel Security Update cvssscore - 72 CESA-20161539 - Important kernel Security Update cvssscore - 72 CESA-20161277 - Important kernel Security Update cvssscore - 72 openssl-libs-101e-51el7_22x86_64

- Available at GitHub- Example of

integration- Free to fork

41

Itrsquos absolutely free

- Free for commercial and enterprise use DB and API- Make your own solutions using our powers

Security scannersThreat intelligenceSubscriptionsSecurity automation

- Just please post references if you can -)

42

Integration Example

43

Thanks

- aleonovvulnerscom- Scanner httpsgithubcomvidensvulners-scanner- Vulners Blog httpsblogvulnerscom- My Blog httpavleonovcomtagvulners-com

40

Agent-Based Scanner$ git clone httpsgithubcomvidensvulners-scanner$ cd vulners-scanner$ linuxScannerpy

___ ___ _| |_ __ ___ _ __ ___ | | | | _ _ __ __| V | |_| | | | | | __ | __ _ ___|_|_| |_|___|_| |___

==========================================Host info - Host machineOS Name - centos OS Version - 7Total found packages 1026Vulnerable packages krb5-libs-1132-10el7x86_64 CESA-20160532 - Moderate krb5 Security Update cvssscore - 68 openssh-server-661p1-23el7_2x86_64 CESA-20160465 - Moderate openssh Security Update cvssscore - 77 libtdb-136-2el7x86_64 CESA-20160612 - Critical ipa Security Update cvssscore - 00 kernel-tools-3100-32745el7x86_64 CESA-20161033 - Important kernel Security Update cvssscore - 00 CESA-20161633 - Important kernel Security Update cvssscore - 43 CESA-20160185 - Important kernel Security Update cvssscore - 72 CESA-20161539 - Important kernel Security Update cvssscore - 72 CESA-20161277 - Important kernel Security Update cvssscore - 72 openssl-libs-101e-51el7_22x86_64

- Available at GitHub- Example of

integration- Free to fork

41

Itrsquos absolutely free

- Free for commercial and enterprise use DB and API- Make your own solutions using our powers

Security scannersThreat intelligenceSubscriptionsSecurity automation

- Just please post references if you can -)

42

Integration Example

43

Thanks

- aleonovvulnerscom- Scanner httpsgithubcomvidensvulners-scanner- Vulners Blog httpsblogvulnerscom- My Blog httpavleonovcomtagvulners-com

41

Itrsquos absolutely free

- Free for commercial and enterprise use DB and API- Make your own solutions using our powers

Security scannersThreat intelligenceSubscriptionsSecurity automation

- Just please post references if you can -)

42

Integration Example

43

Thanks

- aleonovvulnerscom- Scanner httpsgithubcomvidensvulners-scanner- Vulners Blog httpsblogvulnerscom- My Blog httpavleonovcomtagvulners-com

42

Integration Example

43

Thanks

- aleonovvulnerscom- Scanner httpsgithubcomvidensvulners-scanner- Vulners Blog httpsblogvulnerscom- My Blog httpavleonovcomtagvulners-com

43

Thanks

- aleonovvulnerscom- Scanner httpsgithubcomvidensvulners-scanner- Vulners Blog httpsblogvulnerscom- My Blog httpavleonovcomtagvulners-com