A piece of software and or hardware designed to detect the presence of vulnerabilities in an IT system.
Questions tagged [vulnerability-scanners]
395 questions
2
votes
1 answer
How fix warnings from Debsecan
I'm new in linux admin and security approach, and need some tips about warnings from Debsecan scanner tool.
I have some warnings returned by simple check, like this below:
CVE-2017-1000158 python2.7-minimal (remotely exploitable, high…
MagicHat
- 121
- 6
2
votes
2 answers
What features should I look in vulnerability testing services?
Given the bad press in data breaches, my company is looking at pen testing options. We went through pen test guide but what else can you suggest so we don't get hacked?
Ishan Mathur
- 2,603
- 2
- 10
- 9
2
votes
2 answers
Appending multiple Google dorks in a single query
My goal is to look up multiple vulns in a single google search for a particular site. (Because google makes me pay for more than 100 search api calls per day).
Let's say I have 3 dorks: index of /htdocs and "Below is a rendering of the page up to…
ramailo sathi
- 271
- 1
- 4
- 18
2
votes
1 answer
What OpenVAS tasks (scans) should I be running?
I have recently set up OpenVAS on my local office network. I have run a few tasks but I was curious on what tasks I should really be running and within what timeframes?
clarification
I'm currently going through Cyber Essentials and essentially just…
OliverBS
- 445
- 5
- 14
2
votes
1 answer
Scanning for GXHLGSL.txt in server logs
I have found in my server access logs that someone is trying to access GXHLGSL.txt file. It looks like automated test (it was right after trying wp-login.php).
When I googled that file I found it on several sites. It contains word TEST.
What is a…
user145678
- 21
- 2
2
votes
1 answer
Running a single NVT via OpenVAS?
OpenVAS has many NVTs, and running regular scans is very noisy.
Is it possible to run a single NVT on a target (e.g., IP address and port)?
If possible, how can I do it?
Gari BN
- 485
- 1
- 6
- 14
2
votes
2 answers
Best guide/reference/roadmap for server penetration testing
I have been assigned to pen test some servers and have been provided the IPs of the same. In my past I have worked on application security testing projects and am aware of OWASP 10, SANS 25 etc. but from the server perspective I am still new. I have…
user1299086
- 29
- 1
2
votes
2 answers
Vulnerability scanner tools to use with Snort
We plan to add Snort with the firewall for our network to have improved security. The purpose, apart from protection from malicious traffic, is to customize Snort to detect and block specific traffic as per our needs. So basically i will be writing…
pnp
- 1,818
- 2
- 26
- 42
2
votes
2 answers
How can a website block IPs behind a NAT?
Will a website be able to block my IP address alone somehow, while I am running a security tool behind my NAT? Or will it block my ISPs gateway IP?
No_Name__
- 23
- 6
2
votes
5 answers
Can you hide your device from network scanner
My router password has changed many times, so I am wondering if someone changed it. I used Fing to scan some device and no suspicious device was detected. But I'm still not sure if someone didn't hack it.
pelochan
- 31
- 1
- 1
- 3
2
votes
2 answers
Do the Greenbone scan reports actually differ from a typical OpenVAS scan report?
My company is planning to use a Greenbone appliance in the near future and wants to analyze the results with another tool. I have access to OpenVAS with GSA so I am able to test the analysis now with existing scans. But I'm not sure if I can…
Tom K.
- 7,913
- 3
- 30
- 53
2
votes
1 answer
Bizarre series of web errors from vulnerability scanner OpenVAS - is this malicious?
A short series of errors just came in from Elmah. They are very peculiar, and I'm unsure as to what they represent and whether they might be malicious.
It amounted to a series of 16 sequential calls to a non-existent web address. In each case the…
Bob Tway
- 549
- 1
- 4
- 12
2
votes
2 answers
Should an automated vulnerability test actually delete or modify data in production?
We hired an outside company to perform a vulnerability test on one of our sites. Within a few hours, we had problems. Entire tables wiped clean. Entire tables deleted. Hundreds of records in other tables gone. Some table data had been modified. This…
Learning Security
- 21
- 1
2
votes
5 answers
Scan the codebase for username passwords
What would be the best way to scan a codebase to ensure there are no production-level credentials included in the codebase? We have tried doing Static Scans via some major tools but I do still see some credentials that are still lingering around and…
pal4life
- 177
- 1
- 8
2
votes
3 answers
Where does nikto tool store its default reports?
I ran the nikto security scan tool against one of our dev sites.
perl nikto.pl -h mydevsitename
The output mentioned
7646 requests: 14 error(s) and 3 item(s) reported on remote host
None of the errors were printed on the screen, where can I find…
pal4life
- 177
- 1
- 8