security talk & philosophizing



Tag: scanner

  • Easier Ways to install GVM (OpenVAS)

    Easier Ways to install GVM (OpenVAS)

    Early in the year a leader in the DevOps team at my job asked me if I wouldn’t mind taking on a project in my free time. The project was to install GVM (formerly known as OpenVAS) on a VM, which would target key systems for security audits. Our goal was also to setup an…

    Read more...

  • SSLSCAN- SSLYZE and IDS

    SSLSCAN- SSLYZE and IDS

    Kali Linux comes with some useful SSL/TLS scanners which can help determine misconfigurations and vulnerabilities. Examples Results While sslscan does a great job of returning information on what TLS version and cyphers are accepted (highlighting in orange versions that are outdated), sslyze provides a bit more detail in regards to vulnerabilities. SSLSCAN does provide a…

    Read more...

  • OWASP ZAP: Be Mindful of DOM Level XSS

    OWASP ZAP: Be Mindful of DOM Level XSS

    In testing some internal projects I came across a problem with ZAP where it ran off the rails, so-to-speak. While I had given ZAP a specific target, when it reached the Active Scan portion, it stated hitting other servers in the system that where not in scope. The test was kicked off using Zap 2.12’s…

    Read more...

  • OpenVAS (GVM) – Installation and Running

    OpenVAS (GVM) – Installation and Running

    If you’re like me and find the OpenVAS installation to be a challenge, then this guide might be of some use to you. Keep in mind that the process outlined below is relevant as of its writing and newer versions of OpenVAS are subject to change the flow laid out below. The Problem I’ve been…

    Read more...