Nessus Output: Description The remote host is missing one or more of the following Microsoft updates: KB2871997, KB2973351, KB2975625, KB2982378, KB2984972, KB2984976, KB2984981, KB2973501, or KB3126593. These updates are needed to improve the protection against possible credential theft. - For Windows 7 / 2008 R2 : KB2984972, KB2871997, KB2982378, and KB2973351 are required; also, KB2984976 […]
Read More »
Best practice for systems running IIS, part of Hardening IIS:
Read More »
Nessus Output: Description The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws. An attacker can exploit these flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected service and clients. NIST has determined that SSL 3.0 is no longer acceptable […]
Read More »
Best practice for systems running IIS, part of Hardening IIS:
Read More »
Nessus Output: Description The remote host supports SSLv2 and therefore may be affected by a vulnerability that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS […]
Read More »
Best practice for systems running IIS, part of Hardening IIS:
Read More »
Nessus Output: Description The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time (depending on modulus size and attacker resources). This may allow an attacker to recover […]
Read More »
Objective: Check your webserver SSL/TLS configuration via online tools.
Read More »
Nessus Output Description The remote Windows host supports Server Message Block (SMB) Protocol version 1. It is, therefore, affected by an unspecified remote code execution vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code. Note that this vulnerability is one of multiple Equation Group vulnerabilities and exploits disclosed by a group known as […]
Read More »
Objective Resolve this finding
Read More »
Objective Resolve this finding
Read More »
Objective Resolve this finding
Read More »
Objective Perform a credentialed scan without errors
Read More »
Nessus Output Description The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 56 bits and less than 112 bits, or else that uses the 3DES encryption suite. Note that it is considerably easier to circumvent medium strength […]
Read More »
Objective Account lockouts can happen when you perform a vulnerability scan with credentials. Account lockouts can happen when you perform brute force password guessing. Monitor the lockout status is crucial in these situations.
Read More »
Objective Identify and remediate failed scans in Nessus / Security Center.
Read More »
Nessus Output Synopsis : The remote web server does not take steps to mitigate a class of web application vulnerabilities. Description : The remote web server in some responses sets a permissive Content-Security-Policy (CSP) response header or does not set one at all. The CSP header has been proposed by the W3C Web Application Security […]
Read More »
Nessus Output The remote web server reveals the physical path of the webroot when a nonexistent page is requested. While printing errors to the output is useful for debugging applications, this feature should be disabled on production servers.
Read More »
Nikto Output OSVDB-630: IIS may reveal its internal or real IP in the Location header via a request to the /images directory. The value is "http://<ipaddress>/images/".
Read More »
Often, during a penetration test on web applications, we come up against many error codes generated from applications or web servers. It’s possible to cause these errors to be displayed by using a particular requests, either specially crafted with tools or created manually. These codes are very useful to penetration testers during their activities, because […]
Read More »
Nikto Output DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
Read More »
You probably gonna find this issue in your manual browsing and spidering phase of your assessment and when performing the Fingerprint Web Server (Passive) and Fingerprint Web Server (Active) Tests.
Read More »
Nikto Output The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
Read More »
Nikto Output The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
Read More »
Nikto output The site uses SSL and the Strict-Transport-Security HTTP header is not defined
Read More »
Nessus Output Description The remote DNS server responds to queries for third-party domains that do not have the recursion bit set. This may allow a remote attacker to determine which domains have recently been resolved via this name server, and therefore which hosts have been recently visited. For instance, if an attacker was interested in […]
Read More »
Nessus Output Synopsis : The remote device supports LLMNR. Description : The remote device answered to a Link-local Multicast Name Resolution (LLMNR) request. This protocol provides a name lookup service similar to NetBIOS or DNS. It is enabled by default on modern Windows versions. Reported Risk factor by Nessus: None In my option the severity should […]
Read More »
Nessus Output It appears KB3123479 has not been installed since the following registry key does not exist and/or does not contain any of the following values : HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\default WeakSha1ThirdPartyFlags WeakSha1ThirdPartyAfterTime
Read More »
Objective Verify the HTTP Response headers of your Web Site/Apps.
Read More »
You probably gonna find this issue in your manual browsing and spidering phase of your assessment. But also Netsparker will report this issue during your scanning phase.
Read More »
You probably gonna find this issue in your manual browsing and spidering phase of your assessment. But also Nessus will report this issue during your scanning phase.
Read More »
You probably gonna find this issue in your manual browsing and spidering phase of your assessment. But also Nessus will report this issue during your scanning phase.
Read More »
You probably gonna find this issue in your manual browsing and spidering phase of your assessment. But also Nikto and Nessus will report this issue during your scanning phase.
Read More »
You probably gonna find this issue in your manual browsing and spidering phase of your assessment. But also Nikto and Nessus will report this issue during your scanning phase.
Read More »
You probably gonna find this issue in your manual browsing and spidering phase of your assessment. But also Nikto and Nessus will report this issue during your scanning phase.
Read More »
Nessus Output Description Some daemon processes on the remote host are associated with programs that have been installed manually. System administration best practice dictates that an operating system’s native package management tools be used to manage software installation, updates, and removal whenever possible.
Read More »
Nessus Output Description The remote SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak. Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.
Read More »
Nessus Output Description The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext. Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.
Read More »
Nessus Output Description Nessus has detected that the remote SSH server is configured to use the Arcfour stream cipher or no cipher at all. RFC 4253 advises against using Arcfour due to an issue with weak keys.
Read More »
Error Description The following error is shown in Greenbone Security Assistant when creating a credential in OpenVas:
Read More »
Nessus Output Description The version of Windows running on the remote host is affected by a vulnerability in the HTTP protocol stack (HTTP.sys) due to improperly parsing crafted HTTP requests. A remote attacker can exploit this to execute arbitrary code with System privileges.
Read More »
Tools … that can be used to perform SMB enumeration.
Read More »
Resources used for auditing and hardening of Netapp devices:
Read More »
Resources used for auditing and hardening of Brocade devices:
Read More »
What is vFeed Cross Linked and Aggregated Local Vulnerability Database https://github.com/toolswatch/vFeed http://www.vfeed.io/
Read More »
Nessus Output Description The remote host supports IPMI v2.0. The Intelligent Platform Management Interface (IPMI) protocol is affected by an information disclosure vulnerability due to the support of RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication. A remote attacker can obtain password hash information for valid user accounts via the HMAC from a RAKP message 2 response […]
Read More »
Description VMware vRealize Suite is a software product suite designed to enable IT professionals to create and manage hybrid clouds. The vRealize Suite bundles existing management software, including IT Business Management Suite, vCloud Automation Center (vCAC), vCenter Operations Management Suite and vCenter LogInsight.
Read More »
Nessus Output Description The copy of ‘sethc.exe’ in the Windows ‘System32’ directory on the remote host appears to have been modified, perhaps for use as a backdoor. Either or both of the ‘InternalName’ or ‘OriginalFilename’ file attributes no longer match the original file.
Read More »
Nessus Output Description Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct man-in-the-middle attacks against the SMB server.
Read More »
I’ve noticed a few changes after installing the Windows 10 Anniversary Update that breaks the credentialed scans with Nessus. The local administrator account is disabled (it was enabled before the update). The remote registry service is disabled (it was enabled before the update). I’ve run a credentialed scan after enabling both settings again. The anniversary update restored […]
Read More »
Objective Resolve the error “POWERSHELL_REG_FAILURE: Could not determine powershell location in the registry” when running a compliance scan on Windows
Read More »
Objective Nessus has many plugins but it is not checking all applications that are installed. So we want to be able to create a simple version check with a Nessus auditfile for Windows applications.
Read More »
Objective Read a .nessus file (hosts properties, vulnerability and compliance scan results) into excel.
Read More »
Objective Determine which new Nessus plugins where downloaden during the last sync Determine what has changed in the Nessus plugins Having a backup of all the Nessus plugins before synchronization
Read More »
Nessus Scanning a Cisco ACS with credentials (ssh) is currently not fully supported:
Read More »
Description IBM Domino (formerly IBM Lotus Domino) is an platform for hosting social business applications.
Read More »
Description Postfix Admin is a Web Based Management tool created for Postfix.
Read More »
Description PHP is a programming language commonly used for web applications.
Read More »
Description QEMU is a processor emulator that is available for various platforms.
Read More »
Objective Find systems running 7-zip. Identify the running version. Determine if the running version has known vulnerabilities.
Read More »
Nessus You can use Nessus to detect PuTTY installations and vulnerabilities: PuTTY Detection (57364) The plugin output shows the path and the version.
Read More »
Nessus You can use Nessus to detect VMware Tools: Microsoft Windows Installed Software Enumeration (credentialed check) (20811) SNMP Query Installed Software Disclosure (19763) There are currently no version checking / vulnerability plugins. A manual vulnerability assessment is required.
Read More »
Nessus You can use Nessus to detect TortoiseSVN: Subversion Client/Server Detection (Windows) (40619) Microsoft Windows Installed Software Enumeration (credentialed check) (20811) SNMP Query Installed Software Disclosure (19763) There are currently no version checking / vulnerability plugins. A manual vulnerability assessment is required.
Read More »
Nessus Output KB 3000483 or a related, subsequent update was successfully installed, but the GPO setting "Hardened UNC Paths" has not been enabled.
Read More »
Nessus Output Nessus determined the workaround is not being used because the following registry value does not exist : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar\TurnOffSidebar
Read More »
Nessus Output The workaround to disable SSL 3.0 for all server software installed on the remote host has not been applied. The workaround to disable SSL 3.0 for all client software installed on the remote host has not been applied.
Read More »
Nessus Plugin Output The remote host contains one or more unsupported versions of the Microsoft XML Parser (MSXML) or XML Core Services. Downloading and Installing Microsoft Core XML Services (MSXML) 6.0 does not fix this issue.
Read More »
References Nessus Cloud Documentation Nessus Cloud Login Portal
Read More »
References: Tenable Security Center Release Notes Tenable Security Center Product Page Tenable Security Center API Tenable Support Portal Tenable Discussion Forum Tenable Security Advisories Vulnerabilities: CVE Details
Read More »
References: Nessus Release Notes Nessus Support Portal Nessus Product Page Nessus Plugins Tenable Discussion Forum Tenable Security Advisories Vulnerabilities: CVE Details
Read More »
Bash: sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 Powershell: gc .\ips.txt | sort {"{0:d3}.{1:d3}.{2:d3}.{3:d3}" -f @([int[]]$_.split(‘.’)) }gc .\ips.txt | sort {"{0:d3}.{1:d3}.{2:d3}.{3:d3}" -f @([int[]]$_.split(‘.’)) } Excel: Use the following formula to calculate a number which we can sort on (cell […]
Read More »
A few code snippets to perform ping sweeps:
Read More »
