Yesterday we celebrated second birthday of Vulners.com project. It was a very interesting and productive year! We were constantly improving our core feature: search engine for security content. We were actively experimenting with new technologies to process vulnerability data and bring additional value. Finally, we have successfully released our first fully functional cloud-based Vulnerability Management solution and we are working hard on an on-premise version.
At the same time, we are still going our own way. We do not want to compete directly with other Vulnerability Management and Vulnerability Intelligence vendors. We do not tie the cost of our solutions to the number of hosts in the organization. All our products are as open as possible and we believe in freemium model. 🙂
In honor of Vulners birthday we have released a free plugin for Burp web applications vulnerability scanner. It can detect software names, versions, paths and shows vulnerabilities.
Continue reading “2 years of Vulners and new plugin for Burp Scanner”
Vulners Team have recently released a new functionality for Linux vulnerability audit – Agent Scans. It’s not an API that you have to use somehow in your own scripts, but a complete enterprise ready product.
Try it for free! To audit CentOS 7 with Vulners Agents server you need to make this steps:
- Add Vulners repostory repository. Create /etc/yum.repos.d/vulners.repo file:
- Install Vulners agent
yum install vulners-agent.noarch
- Get an API key
You will get key like “HXKM3OMDIYGJLJ60MPM1X51AKC3XTD9Z28J78X12T2OC2MXSTKMMBN70EBBIQUAA”
- Add key to /opt/vulners/conf/vulners.conf
- Wait for two hours or run /opt/vulners/agent.py manually
- Go to https://vulners.com/audit and see the results:
Continue reading “Vulnerability Management with Vulners Agents”
Kirill Ermakov and Vulners project just won third prize in prestigious Skolkovo Cybersecurity Challenge 2016! 5 mln rub and 3 tours from sponsors to San Francisco, Las Vegas and Saint Martin. Jackpot! =)
Since Vulners.com stores formalized security bulletins for all major Linux-distributions, it was logical decision to make a vulnerability assessment service. It takes informations about OS and installed packaged and returns list of vulnerabilities. Like regular vulnerability scanners do, but way more effective and for free.
Currently Vulners provides web-interface, which you can use to check your server, API for automation and PoC of agent for future cloud vulnerability management solutions. The following Linux distributions are supported: RedHat, CentOS, Fedora, Oracle Linux, Ubuntu, Debian.
Continue reading “Linux Vulnerability Audit in Vulners”
Here in Vulners development team we are trying hard to keep you informed about new vulnerabilities and do it in a most convenient way.
In addition to RSS and Telegram subscriptions, we implemented advanced capabilities for managing email subscriptions.
You may configure it in Subscriptions tab.
Type a query, click on a question mark and you will see an example of response. Then adjust your query, if it is needed, add your email address and save the subscription.
When new bulletins will appear in response of your query, you will automatically get an email. This will happen immediately after Vulners base update: every 4 hours for most robots, and every 2 hours for CVE robot.
In basic version only 5 subscriptions are available. Enterprise users does not have such restrictions.
In addition, they can subscribe other people on relevant feeds. For example, send emails to the system administrators about critical software vulnerabilities in systems they manage or send email with fresh public exploits to information security team experts.
Vulners.com developers are very pleased to present a new long-awaited feature – RSS feeds for vulners search results.
Let’s say you want to track HackerOne updates (query “type:hackerone”). RSS feed will have an URL: https://vulners.com/rss.xml?query=type:hackerone
Now you can add this link to your favorite rss-reader, and receive alerts on new results. And Telegram-bot subscription are still working.
By the way, last Saturday, we celebrated Vulners.com one-year anniversary!
43 sources (vulnerabilities, exploits, security bulletins, news sites), the API for searching and exporting data, special projects for searching vulnerabilities in Android-applications and popular CMS. Not bad for one year? But it will be cooler.
Thank you for being with us!
You can now search for potential vulnerabilities in the popular CMS and plugins with Vulners.com. Application source codes are checked by InfoWatch APPERCUT static source code analyzer.
It is generally known that the most exploited vulnerabilities are not in CMS engines, but in thousands of third-party plugins. Developers rarely fix this vulnerabilities quickly or even don’t fix them at all. You can find examples of such vulnerabilities and exploits with “wordpress plugin bulletinFamily:exploit” request.
Appercut bulletin contains all information about found vulnerabilities, including vulnerability decription, criticality and a piece of code where the vulnerability was detected. Vulnerable version of the application is aslo indicated, e.g. “WordPress CMS <= 4.5.2”.
At current moment, 9 bulletins were added for WordPress, Drupal, Joomla, Regular Labs, Apache Apex and Apache Camel.
In future we are planning to scan all the popular plugins for all popular CMS. Thus, end-users will be able to get information about the potential vulnerabilities in CMS and plugins, before this vulnerability will get any id. We believe that together with Appercut we can make popular CMS much safer!