Online Security Scanner » Site Updates

WPScan added to WordPress Security Scan

admin — Tue, 15 May 2012 09:53:27 +0000

For all you wordpress lovers we have added wpscan to our existing WordPress Security Scan. WPScan is a handy wordpress focused vulnerability scanner developed by Ryan Dewhurst (ethicalhack3r.co.uk).

The scan uses techniques that include brute forcing the plugins directory of a wordpress installation to find installed plugins. This is an accurate way to find plugins and can even pinpoint plugins that are disabled within the site but still installed in the wp-content/plugins directory and possibly a security risk.

Features of the active WPScan component include:

Username discovery; with usernames an attacker can then start brute forcing account passwords
Enhanced version enumeration, from both the meta generator tag and client side files
Vulnerability identification, comparing current version with known vulnerabilities
Timbthumb file discovery – this is a vulnerability affecting hundreds of thousands of WordPress sites
Plugin enumeration (over 2000 plugins tested)
Plugin vulnerability identification (from plugin name)
Test for directory indexing on any discovered plugins

Due to the aggressive nature of the plugin and username discovery techniques we have decided to make the WPScan component of our online scanner available only to members.

If you would like to run WPScan from your own installation there are excellent getting started guides on the google-code site and in the README file. Getting it installed and running on Ubuntu or Back-track does not take much effort; so fire up your Linux distro and start testing.

Did you known that wordpress runs more than 11% of the worlds top web sites.

Monitor Internet facing systems with regular port scanning

admin — Mon, 30 Apr 2012 08:45:20 +0000

How do you know if something changes on your external services?

We have launched our new monitoring tool; use it to alert you to changes that occur on your network perimeter or Internet facing servers. Systems administrators and security teams should be aware of what services are available from the Internet.

With regular monitoring you can be alerted when something changes; here are a few examples:

Detect firewall changes

Was a firewall reconfigured during testing and not returned to a production state?
Why was the local firewall stopped on our web server?
Do you have IT staff who do not always follow change control?
Did a malicious party open a port in your firewall for unauthorised access?
Who forwarded ports on the router to access some torrents / and or games?

Detect Internet facing service changes

Why was your FTP service shutdown?
Who opened remote desktop (RDP) or VNC services to the Internet?
Was the Web server upgrade fully tested before deployment (detect version changes)?
Why is there two different versions of SSH running on the web server (22 and 1337)?
FTP service changes, who installed a vulnerable version of the FTP server?

These questions will not be answered by the new monitoring service; but you will know a change has occurred and at least be able to ask the question.

Features of the new monitoring service include:

Daily or Weekly Port Scans
Receive an email after every scan or only if something has changed
Uses the stable Nmap Port Scanner to ensure quality results
Scan IPv4 or IPv6 targets
Scan a range of IPv4 addresses (up to 254 IP’s or a class C network)
Scan is from a static IP address; whitelist your security monitoring (IDS / IPS).

These screen shots, give a brief overview of what the service looks like. There is essentially two components from an end user perspective; a dashboard giving a summary of enabled scans and a form to schedule new tests.

Screenshot 1: Dashboard

Screenshot 2: Schedule New Monitor

Gold or Silver membership is required to use the scheduled port scanning. Immediate access is available to new members or login now if you have a valid membership.

IPv6 added to online port scanner

admin — Sat, 03 Mar 2012 11:39:25 +0000

Our online nmap port scanner is now IPv6 capable. Nmap has had the ability to scan IPv6 ip addresses for some time now and recently Linode also added IPv6 to its VPS offerings. These additions mean we can now provide on-line port scanning of both IPv4 and IPv6 addresses or Host names that have an appropriate AAAA DNS record.

It is important to understand what ports are open and listening on your perimeter network or hosted Internet servers. With the updated tool you can now quickly determine what ports are listening on both your IPv4 based address and your IPv6 address. As people move towards IPv6 (will 2012 be the year of IPv6?), it is necessary to ensure that network protection devices and software are configured and capable of protecting both IPv4 and IPv6 traffic.

An AAAA DNS record has been added to our main site, and if you try our powered by tool (part of the IP Tools), you will be able to see that we are serving pages to both IPv4 and IPv6 addresses.

If 2012 is going to be year of IPv6 we are ready to go.

Top 100K Sites WordPress Usage Infographic

admin — Mon, 22 Aug 2011 13:08:12 +0000

WordPress.org have a post up detailing the “state of the word”.

Around the same time we have been putting a wordpress infographic that highlights some of the findings from our analysis of wordpress usage among the top 100K sites (as rated by Alexa).

WordPress Usage in the Top 100K Infographic

Winter Updates

admin — Wed, 13 Jul 2011 03:49:10 +0000

Being mid-winter down here in Sydney, its been a time to hunker down and drink copious amounts of coffee.

While doing that we have also pushed out many changes and updates to the scanning system and site.

Backend, bug fixes in some of the backend scans. Improvements to other scans including improved results layout and more security checks.
Theme Refresh, we have stuck with the same Wootheme but have tidied up and done some updates. Hopefully the options and information is now clearer making it easier for you to get on with scanning and securing your systems.
Look out for upcoming exploitation demonstration posts and tutorials for the security newbies.

If you find any bugs, drop us a line.

Secure WordPress

admin — Thu, 26 May 2011 00:18:49 +0000

WordPress Scanner is the latest tool added to our kit. It can be used to test the security of your wordpress installation from an external perspective. No plugin installation is required, our systems will do an external passive analysis of your wordpress installation and highlight wordpress security issues along with recommendations to improve the security of your installation.

Did you know that wordpress is the most popular web publishing platform? When looking at the Top 1 Million sites it is well ahead of other big players such as the Google owned Blogger and open source frameworks such as Joomla and Drupal. In March HackerTarget.com produced a report on the popularity of technologies in the Alexa Top 1 Million Sites.

Operating a secure WordPress installation is not a difficult task, it does require a small amount of work to stay on top of things, afterall with WordPress being so popular the security is constantly being tested.

Tips for securing your WordPress CMS

Back It Up – Be ready to lose it all at anytime. If you have an up to date backup restoring is much easier

Keep WordPress System up to date

Keep all Plugins up to date

Beware of untrusted Themes

Rename admin account to a non-generic name

Use strong passwords ( a dictionary word with a number after it is not a strong password! )

Keep your password safe! Do not re-use it on other sites.

Ensure you have up to date AV on your Windows Machine. Malware collects passwords.

The underlying server must be well managed and in a secure state

VPS or Dedicated server? Set up server monitoring (ossec.net is a good start)

There are a multitude of guides to securing your WordPress installation, in the mean time why not test your sites security now with our easy to use online scanner.

New OpenVas Report Option

admin — Thu, 05 May 2011 03:14:54 +0000

OpenVas is one the most popular tools we have online, and is an excellent way to perform a thorough vulnerability scan of a system to determine if there are any security issues or holes present.

We have in the past couple of weeks added a new “Enhaned PDF” reporting option to our scanner, that is a simple wrapper script around the html report. The idea is that it provides an easy to read and more understandable format for some of our less technical users, or those who would like to pass the report with the nice charts onto management.

In addition it does some basic data and geoip collection around the IP address and includes this in a map format.

If you have any further ideas or comments let us know.

Online OpenVas Scan

sqlmap 0.9 added to online security scans

admin — Wed, 20 Apr 2011 09:22:39 +0000

Latest update to the site tools is the addition of the new SqlMap 0.9 release to the sql injection test page.

This is a tool that takes SQL Injection to the next level and beyond. While our online scan tests for Sql Injection in HTTP GET requests, this is only the beginning. This tool can exploit sql injection to give the tester an full operating system access either via an inserted shell or by external command execution. Does not matter if you are on Windows or Linux it can do both.

All the details are on the main site. Or here is a quick list of improvements:

Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
Full support for five SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query and stacked queries.
Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
Support to enumerate database users, users’ password hashes, users’ privileges, users’ roles, databases, tables and columns.
Automatic recognition of password hashes format and support to crack them with a dictionary-based attack.
Support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry.
Support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns’ names contain string like name and pass.
Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user’s choice.
Support for database process’ user privilege escalation via Metasploit’s getsystem command which inclhttp://testphp.vulnweb.com/artists.php?artist=2ude, among others, the kitrap0d technique ( MS10-015).

Have a look at the help file on the scan page for a sample run against the Acunetix Test Site.

Web Tech 2011 – Part 2

admin — Thu, 07 Apr 2011 06:42:21 +0000

Now available is Part 2 of our Web Tech Report 2011 data mining project. We have compared the results of the most popular web technologies of the Top 1 Million Web Sites with the most popular Technologies in use by the Forbes Fortune 1000 US Corporations.

There is a clear preference by the largest corporations to build systems around proprietary technology, as opposed to top million where the preference is for open source based solutions. See the full reports for details.

See the following chart for a comparison of our numbers comparing the results from the Alexa Top 1 Million Survey, the results from this report and the results from the ongoing web server report from Netcraft.

Full details are in the linked report:
Download from HackerTarget.com
or
View online at Scribd

Web Tech 2011 Report

admin — Mon, 28 Mar 2011 10:27:02 +0000

The HackerTarget.com Web Tech 2011 Report has just been released. This is the first edition of the report and aims to provide insight into the web technologies in use by the worlds most popular websites. Based on the Alexa top 1 million sites; content management system popularity, web servers, server side scripting, web development frameworks, client side scripting and other detected technologies have all been assessed.

Data was collected by running whatweb from morningstar security against the Alex 1 million top sites.

* Note the report was updated on 7/4/11 due to a data parsing error that resulted in some sites with no English characters in the Title having some data missed. Links below have been updated.

Full details are in the linked report:
Download from HackerTarget.com
or
View online at Scribd.