Tag: scanner
-
Easier Ways to install GVM (OpenVAS)
Early in the year a leader in the DevOps team at my job asked me if I wouldn’t mind taking on a project in my free time. The project was to install GVM (formerly known as OpenVAS) on a VM, which would target key systems for security audits. Our goal was also to setup an…
-
SSLSCAN- SSLYZE and IDS
Kali Linux comes with some useful SSL/TLS scanners which can help determine misconfigurations and vulnerabilities. Examples Results While sslscan does a great job of returning information on what TLS version and cyphers are accepted (highlighting in orange versions that are outdated), sslyze provides a bit more detail in regards to vulnerabilities. SSLSCAN does provide a…
-
OWASP ZAP: Be Mindful of DOM Level XSS
In testing some internal projects I came across a problem with ZAP where it ran off the rails, so-to-speak. While I had given ZAP a specific target, when it reached the Active Scan portion, it stated hitting other servers in the system that where not in scope. The test was kicked off using Zap 2.12’s…
-
OpenVAS (GVM) – Installation and Running
If you’re like me and find the OpenVAS installation to be a challenge, then this guide might be of some use to you. Keep in mind that the process outlined below is relevant as of its writing and newer versions of OpenVAS are subject to change the flow laid out below. The Problem I’ve been…
Recent Posts
- Wazuh: When things go wrong
- CSRF Exploitation
- ZAP and it’s terrifying problems
- Getting Data on Usernames
- Installing GHunt
Tags
App Archive.org CSRF dashboard EDR elasticsearch elk email Exercise EXIF filebeat GHunt Google Earth gvm IDS kibana logic Maltego OpenCTI openvas OSINT owasp philosophy Reporting Reverse Image Search scanner suricata Wazuh ZAP