GET YOUR VULNERABILITY AND THREAT DATABASE SUBSCRIPTION
EKOLABS 2016


Tools no image

Published on October 8th, 2013 | by NJ Ouchn

0

vulnerability-check The simple script to perform Vulnerability Assessment

This simple script uses open source software (nmap, vFeed and DPE) and performs almost same task as Nessus or AVDS.

install

Debian/Ubuntu required packages:

$ sudo apt-get install nmap python2.7 php5-cli php5-sqlite -y
$ git clone https://code.google.com/p/vulnerability-check/
$ git clone https://github.com/toolswatch/vFeed.git && cd vFeed/ && python vfeed_update.py && cd ..
$ mkdir dpe && cd dpe && wget http://www.toolswatch.org/dpe/dpeparser.py && python dpeparser.py -u && cd ../vulnerability-check/

vulnerability check

$ nmap -sV scanme.nmap.org -oX scanme.xml
$ php vc.php ../vFeed/vfeed.db ../dpe/dpe_db.xml scanme.xml
http://code.google.com/p/vulnerability-check/
(C) 2013 Adam Ziaja <adam@adamziaja.com> http://adamziaja.com

74.207.244.221
cpe:/a:openbsd:openssh:5.3p1
cpe:/a:apache:http_server:2.2.14
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6750
The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2939
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0408
The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
[...]
$ php vc.php ../vFeed/vfeed.db ../dpe/dpe_db.xml 192.168.13.37.xml
http://code.google.com/p/vulnerability-check/
(C) 2013 Adam Ziaja <adam@adamziaja.com> http://adamziaja.com

192.168.13.37
cpe:/a:apache:axis2:1.5.2
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0219
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5785
Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
username=admin password=axis2

(username and password from CVE-2010-0219)

Download[/button]

Tool submitted by Adam Ziaja (Author itself)

 

 

Tags: , , , , ,


About the Author

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to Top ↑