Tools Automated Threat Intelligent System integrated with McAfee Advanced Threat Defense and Malware Information Sharing Platform 02/09/2019 Anastasis Vasileiadis Automated Threat Intelligent System An improvised automated threat intelligent system with advanced vulnerability scanners and Opensource Intelligence Information gathering python scripts when integrated with McAfee Advanced Threat Defense and Malware Information Sharing Platform can defend against new and futuristic cyber attacks. ATD-MISP with OpenDXL This integration is focusing on the automated threat intelligence collection with McAfee ATD, OpenDXL, and MISP. McAfee Advanced Threat Defense (ATD) will produce local threat intelligence that will be pushed via DXL. An OpenDXL wrapper will subscribe and parse indicators ATD produced and will import indicators into a threat intelligence management platform (MISP). Component Description McAfee Advanced Threat Defense (ATD) ...
nmap-vulners v1.4 beta releases: NSE script based on Vulners.com API
NSE script using some well-known service to provide info on vulnerabilities
The only thing you should always keep in mind is that the script depends on having software versions at hand, so it only works with -sV flag. For each available CPE the script prints out known vulns (links to the correspondent info) and correspondent CVSS scores.
Its work is pretty simple:
+ take all the known CPEs for that software (from the standard nmap -sV output)
+ make a request to a remote server (vulners.com API) to learn whether any known vulns exist for that CPE
+ if no info is found this way – try to get it using the software name alone
+ print the obtained info out
+Since the size of the DB with all the vulns is more than 250GB there is no way to use a local db.
+So we do make requests to a remote service. Still, all the requests contain just two fields – the
+software name and its version (or CPE), so one can still have the desired privacy.
+ make a request to a remote server (vulners.com API) to learn whether any known vulns exist for that CPE
+ if no info is found this way – try to get it using the software name alone
+ print the obtained info out
+Since the size of the DB with all the vulns is more than 250GB there is no way to use a local db.
+So we do make requests to a remote service. Still, all the requests contain just two fields – the
+software name and its version (or CPE), so one can still have the desired privacy.
Changelog v1.4 beta
- – make use of http-regex script to run with additional CPEs
- — take CPEs from separate registry as well as from port.version
Installation
Requirement
nmap libraries:
- http
- json
- string
Install
Clone the repo:
git clone https://github.com/vulnersCom/nmap-vulners.git
locate, where your nmap scripts are located in your system
- for *nix system it might be ~/.nmap/scripts/ or $NMAPDIR
- for Mac it might be /usr/local/Cellar/nmap/<version>/share/nmap/scripts/
- for Windows, you have to find it yourself
copy the provided script (vulners.nse) into that directory
Usage
Use it as straightforward as you can:
nmap -sV –script vulners <target>
ความคิดเห็น
แสดงความคิดเห็น