Third prize in Skolkovo Cybersecurity Challenge 2016

Kirill Ermakov and Vulners project just won third prize in prestigious Skolkovo Cybersecurity Challenge 2016! 5 mln rub and 3 tours from sponsors to San Francisco, Las Vegas and Saint Martin. Jackpot! =)

Prizes

Awards Ceremony

Cyberday conference

 

Advertisements

Linux Vulnerability Audit in Vulners

Since Vulners.com stores formalized security bulletins for all major Linux-distributions, it was logical decision to make a vulnerability assessment service. It takes informations about OS and installed packaged and returns list of vulnerabilities. Like regular vulnerability scanners do, but way more effective and for free.

Audit interface

Currently Vulners provides web-interface, which you can use to check your server, API for automation and PoC of agent for future cloud vulnerability management solutions. The following Linux distributions are supported: RedHat, CentOS, Fedora, Oracle Linux, Ubuntu, Debian.
Continue reading “Linux Vulnerability Audit in Vulners”

Highly customizable email notifications about new vulnerabilities

Here in Vulners development team we are trying hard to keep you informed about new vulnerabilities and do it in a most convenient way.
In addition to RSS and Telegram subscriptions, we implemented advanced capabilities for managing email subscriptions.
You may configure it in Subscriptions tab.
Vulners Subscriptions
Type a query, click on a question mark and you will see an example of response. Then adjust your query, if it is needed, add your email address and save the subscription.
Subscription previev
When new bulletins will appear in response of your query, you will automatically get an email. This will happen immediately after Vulners base update: every 4 hours for most robots, and every 2 hours for CVE robot.

In basic version only 5 subscriptions are available. Enterprise users does not have such restrictions.

In addition, they can subscribe other people on relevant feeds. For example, send emails to the system administrators about critical software vulnerabilities in systems they manage or send email with fresh public exploits to information security team experts.

Vulners RSS feeds

Vulners.com developers are very pleased to present a new long-awaited feature – RSS feeds for vulners search results.

Let’s say you want to track HackerOne updates (query “type:hackerone”). RSS feed will have an URL: https://vulners.com/rss.xml?query=type:hackerone

Vulners RSS Feed

Now you can add this link to your favorite rss-reader, and receive alerts on new results. And Telegram-bot subscription are still working.

By the way, last Saturday, we celebrated Vulners.com one-year anniversary!

1 year cake

43 sources (vulnerabilities, exploits, security bulletins, news sites), the API for searching and exporting data, special projects for searching vulnerabilities in Android-applications and popular CMS. Not bad for one year? But it will be cooler.

Thank you for being with us!

InfoWatch and Vulners cooperation: search for vulnerabilities in popular CMS

You can now search for potential vulnerabilities in the popular CMS and plugins with Vulners.com. Application source codes are checked by InfoWatch APPERCUT static source code analyzer.

It is generally known that the most exploited vulnerabilities are not in CMS engines, but in thousands of third-party plugins. Developers rarely fix this vulnerabilities quickly or even don’t fix them at all. You can find examples of such vulnerabilities and exploits with “wordpress plugin bulletinFamily:exploit” request.

Appercut is well suited for CMS analysis. AppercutĀ® Custom Code Scanner supports a wide range of programming languages: 1C 8x, Delphi, Java, JavaScript, LotusScript, PHP, C#, PLSQL, SAP Abap4, T-SQL. One of the main Appercut features is concentration on developer’s undocumented features (backdoors) detection. It is very important in the case of open source software.

APPERCUT bulletin

Appercut bulletin contains all information about found vulnerabilities, including vulnerability decription, criticality and a piece of code where the vulnerability was detected. Vulnerable version of the application is aslo indicated, e.g. “WordPress CMS <= 4.5.2”.

At current moment, 9 bulletins were added for WordPress, Drupal, Joomla, Regular Labs, Apache Apex and Apache Camel.

Appercut bulletins list

In future we are planning to scan all the popular plugins for all popular CMS. Thus, end-users will be able to get information about the potential vulnerabilities in CMS and plugins, before this vulnerability will get any id. We believe that together with Appercut we can make popular CMS much safer!

Vulners API update: download database in one click

Vulners development team added a new call to Vulners API v.3, which provides an easy way to export collections of security bulletins.

For example, to download all CVEs you need to

wget “https://vulners.com/api/v3/archive/collection/?type=cve&#8221; -O cve.zip

The result will be cve.zip with cve.json inside.

The same file can be downloaded with GUI at Stats tab

Vulners Stats

Moreover, with new API call you can download security bulletins for a particular OS version:

wget “https://vulners.com/api/v3/archive/distributive/?os=centos&version=6&#8221; -O centos.zip

It makes possible to get the data, which you won’t find anywhere else: the archives of exploits, hackerone history, all CentOS vulnerabilities, etc. This functionality might be useful if you want to make your own tools and data synchronization, if you already use some knowledge base.

No problem if you forgot “type” values. Just enter a nonexistent type, and you get a full list of available values:

https://vulners.com/api/v3/archive/collection/?type=FAKE

“Error”: “There is no type ‘FAKE’ Available collection types:. [ ‘Nessus’, ‘cve’, ‘exploitdb’, ‘xssed’, ‘zdt’, ‘hackapp’, ‘threatpost’, ‘redhat’, ‘debian’, ‘ubuntu’, ‘cert’, ‘metasploit’, ‘freebsd’, ‘zdi’, ‘oraclelinux’, ‘suse’, ‘centos’,’ cisco ‘,’ hackerone ‘,’ vulnerlab ‘,’ f5 ‘,’ mozilla ‘,’ ics’, ‘archlinux’, ‘ptsecurity’, ‘rdot’, ‘erpscan’, ‘huawei’, ‘xen’, ‘openssl’, ‘opera’, ‘vmware’, ‘wpvulndb’, ‘samba’, ‘postgresql’, ‘drupal’, ‘lenovo’, ‘msvr’, ‘paloalto’, ‘nginx’] “

It is also possible to obtain these results through the search queries. Unfortunately now it was not so easy, the maximum size for a single request is reduced from 10 000 to 500. It’s a forced measure, since the load on a server and the traffic volumes increased significantly.

Now we have a separation: search for the search, and archive/collection for content export.