A piece of software and or hardware designed to detect the presence of vulnerabilities in an IT system.
Questions tagged [vulnerability-scanners]
395 questions
2
votes
3 answers
Where to place a vulnerability scanner within a data center
There is currently a debate in my office on the best location to place a vulnerability scanner (a distributed scanner - Rapid7 Nexpose, using scan engines) within a data center.
I see two options:
Place the virtual appliance in a secured VLAN, open…
![](../../users/profiles/50610.webp)
appsecguy
- 435
- 4
- 12
2
votes
3 answers
How to determine if someone is scanning my server?
How is possible to determine if someone make requests with tools for pentesting?
Is there any linux command?
![](../../users/profiles/56215.webp)
Vladimir
- 209
- 1
- 3
- 4
2
votes
1 answer
Do heuristics exist for modeling the "harmlessness" of a file?
There's a file processing service that looks for some know attacks and sometimes returns messages like:
Probably harmless! There are strong indicators suggesting that this
file is safe to use.
Are there heuristics that model the likelihood that…
![](../../users/profiles/2742.webp)
blunders
- 5,052
- 4
- 28
- 45
2
votes
3 answers
Effectively Pentest a Wordpress Site
When it comes to blackbox pentesting of a Wordpress site, the first thing to come to mind is WPScan [http://wpscan.org/].
While pentesting some sites, I faced a common issue i.e it shows that Wordpress SEO 1.14.15 is vulnerable to Cross Site…
![](../../users/profiles/40239.webp)
justtrying123
- 181
- 2
- 13
2
votes
2 answers
Internal / external Penetration testing a webserver - PCI
the PCI DSS document states:
11.3.2
Perform internal penetration testing at least annually and after any significant
infrastructure or application upgrade or modification (such as an operating system
upgrade, a sub network added to the…
![](../../users/profiles/39487.webp)
user1398287
- 161
- 1
- 4
2
votes
1 answer
Is there any useful Android app for security assessments?
I've been thinking for a while about whether or not ask this, as it may be a opinion-based question, but as I have seen a couple of non-closed questions about recommended books, so I think this is the same case.
Is there any app for Android which be…
![](../../users/profiles/15194.webp)
The Illusive Man
- 10,487
- 16
- 56
- 88
2
votes
2 answers
False positive Apache version in scanner results on Centos
Recently I need to care a lot of false positive vulnerabilities in scanner results on Apache version.
Example of false positive vulnerability:
Apache 2.2 < 2.2.16 Multiple Vulnerabilities
Our customers run scanners and they check Apache version…
![](../../users/profiles/24842.webp)
Michael
- 1,457
- 1
- 18
- 36
2
votes
1 answer
Nessus No host data is available for this scan error
I encountered an error in a Nessus result.
Error:
No host data is available for this scan.
I want to scan IP 192.16x.x.x with Nessus. I scan this IP with nmap and only 2 TCP ports are open. Essentially, the results say the host is up. I…
![](../../users/profiles/27356.webp)
dgn
- 124
- 2
- 4
- 13
2
votes
2 answers
Import nmap scan results into OpenVAS
I have recently been introduced to OpenVAS for scanning our network at work. I am familiar with nmap, and I am happy with it's performance when used stand-alone from the cli, through iptraf I can see it is scanning at speeds upwards of a thousand…
![](../../users/profiles/32723.webp)
Jeffrey L. Roberts
- 173
- 2
- 6
2
votes
2 answers
Organizing scheduled vulnerability scans
I am wondering what others do in regards to setting up their enterprise scheduled vulnerability scan policies. For example do you prefer to create a single scan policy and scan all networks regardless of the hosts platforms (windows, linux, SQL…
![](../../users/profiles/34522.webp)
m3ta
- 174
- 2
- 8
2
votes
1 answer
how to access to arachni scanner web interface?
I have downloaded Arachni package. It is said in the README file to run bin/arachni_web to access to web interface of this scanner.
I run it but no web page appears. I just see these lines:
>> Thin web server (v1.5.1 codename Straight Razor)
>>…
![](../../users/profiles/26916.webp)
hd.
- 131
- 1
- 1
- 4
2
votes
2 answers
Suspect Exchange Server appears to be hacked. How to determine if it was a false positive?
Our security vendor detected that our client's CAS server was doing a nessus scan in the internal network.
It's not uncommon for this vendor to issue a false positive, but I'm looking for general guidance on how I should analyze this Windows based…
![](../../users/profiles/396.webp)
makerofthings7
- 50,090
- 54
- 250
- 536
2
votes
2 answers
Why Nessus freezes at 0% and how to fix it?
Does anybody know why Nessus freezes at 0%?
I am not sure that I've done the right configuration, but it is becoming painful
How long approximately takes to scan one machine?
![](../../users/profiles/7827.webp)
Alex
- 412
- 1
- 8
- 14
2
votes
3 answers
How do you test security tools
I am planning to purchase a security tool like fortify, or sonarqube or snyk.
How do you evaluate if the scanner really picks up static vulnerabilities and malware, as well runtime attacks?
Any good docker image sample which contains good malware…
![](../../users/profiles/245847.webp)
user12158726
- 121
- 3
2
votes
4 answers
Antivirus Engine based MD5 or SHA1 hash?
I'm trying to understand more about MD5 and SHA1 hashes algorithms and their behavior in serious security software(found this but not helped me more).
Why does ClamAV use additional scanning techniques(MD5 for a specific section in a PE file,…
![](../../users/profiles/16769.webp)
Marwen Trabelsi
- 133
- 1
- 9