Quietly Mapping the Network Attack Surface

When assessing the network security of an organization it is important to understand the breadth of the attack surface. A single forgotten host or web application in the network will often become the initial foothold for an attacker. Passively Mapping the Network Attack Surface Using open source intelligence (OSINT) techniques and tools it is possible […]

Continue Reading

tshark tutorial and filter examples

tshark is a packet capture tool that also has powerful reading and parsing features for pcap analysis. Rather than repeat the information in the extensive man page and on the wireshark.org documentation archive, I will focus on providing practical examples for how you can get started using tshark and begin carving valuable information from the […]

Continue Reading

WordPress Security Testing with Nmap

With the popularity of WordPress as a publishing platform, security testing is an important part of ensuring the installation is secure. Nmap has a couple of NSE scripts specifically for the testing of WordPress installations. Using those scripts as a base I have developed a couple more that expand the capabilities of using Nmap to […]

Continue Reading

28 Days After Drupal Exploit

Last month a critical Drupal security exploit was released. Critical vulnerabilities in the core of content management systems are not as common as they once were, as can be seen in the amount of media coverage that this one generated. Using a custom Nmap NSE script I surveyed the top 10 thousand sites that are […]

Continue Reading

7 Nmap NSE Scripts for Recon

As with any security testing, make sure you fully understand what the script will do and how it might affect a target system. Only test systems you have permission to scan! Information Gathering 1. DNS Brute Force Find sub-domains with this script. Detecting sub-domains associated with an organizations domain can reveal new targets when performing […]

Continue Reading

Parse Nmap XML to get SSL Certificate details

Extract SSL certificate details from a range of IP addresses using Nmap XML and a simple python script. The python script parses the Nmap XML output from the ssl-cert.nse script and produces csv output with the target SSL certificate details. When compiling Nmap you will need to have the libssl-dev package installed as Nmap nse […]

Continue Reading

List all IPs in Subnet with Nmap

testsystem:~$ nmap -sL -n 192.168.1.0/30 Starting Nmap 6.25 ( http://nmap.org ) at 2014-05-17 23:33 EST Nmap scan report for 192.168.1.0 Nmap scan report for 192.168.1.1 Nmap scan report for 192.168.1.2 Nmap scan report for 192.168.1.3 Nmap done: 4 IP addresses (0 hosts up) scanned in 0.00 seconds In the second example the results are piped […]

Continue Reading

500K HTTP Headers

Recently we crawled the Top 500K sites (as ranked by Alexa). Following requests from readers we are making available the HTTP Headers for research purposes. Download Headers (75MB) The publication of the statistics of WordPress usage is an example of the research that can be conducted. It is possible to determine Web Applications, Web Servers, […]

Continue Reading

WordPress Statistics for the Top 500K Sites

Results in the charts below are derived from examining the Alexa top 500K sites. WordPress sites were identified through discovery of /wp-content/plugins/ and / or /wp-content/themes/ in the HTML source of the page. 104684 / 500K = 20.9%sites were found to be running WordPress Other studies of WordPress have found total number of WordPress sites […]

Continue Reading

Install OpenVAS 7 on Ubuntu 14.04

Get started with OpenVAS version 7 with this straight forward installation guide. Ubuntu 14.04 is a LTS release meaning it is a good option for any server including an OpenVAS vulnerability scanning server. A nice change in the latest version of OpenVAS is the simplification of the structure. There are now four components that make […]

Continue Reading