Critical CVE-2022-27596, SQL Injection in QNAP NAS appliances, CVSSv3: 9,8 π«£
The fix is available. Security advisory: https://www.qnap.com/en/security-advisory/qsa-23-01
Check if your networks are affected on Netlas.io (just correct an IP range): https://tinyurl.com/4pb4aaz9
The fix is available. Security advisory: https://www.qnap.com/en/security-advisory/qsa-23-01
Check if your networks are affected on Netlas.io (just correct an IP range): https://tinyurl.com/4pb4aaz9
QNAP Systems, Inc. - Network Attached Storage (NAS)
Vulnerability in QTS and QuTS hero - Security Advisory
QNAP designs and delivers high-quality network attached storage (NAS) and professional network video recorder (NVR) solutions to users from home, SOHO to small, medium businesses.
β‘4β€1π1π1
JARM Support
Are you a threat hunter? If so, we are pleased to announce that the latest scan has brought JARM support for HTTPS protocol!
ππΌ Use it in responses search: jarm:*
More about JARM fingerprinting: https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a/
Are you a threat hunter? If so, we are pleased to announce that the latest scan has brought JARM support for HTTPS protocol!
ππΌ Use it in responses search: jarm:*
More about JARM fingerprinting: https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a/
Salesforce Engineering Blog
Easily Identify Malicious Servers on the Internet with JARM - Salesforce Engineering Blog
JARM is an active Transport Layer Security server fingerprinting tool that provides the ability to identify and group malicious servers.
π₯7π3
A couple of interesting facts about π₯Jenkins CVE-2023-27898, CVE-2023-27905:
β οΈ Jenkins releases from March, 2021 to March 2023 are affected
β οΈ Even unreachable from the Internet instances could be exploited
β οΈ At least 47,5K vulnerable instances available (directly reachable)
How to search vulnerable Jenkins instances on Netlas.io:
ππΌ Dork: http.headers.x_jenkins:[2.270 TO 2.393]
ππΌ Search link: https://tinyurl.com/487t5s8f
Here is the blog post by Aqua Nautilus Security Research Team about these CVE:
https://blog.aquasec.com/jenkins-server-vulnerabilities
β οΈ Jenkins releases from March, 2021 to March 2023 are affected
β οΈ Even unreachable from the Internet instances could be exploited
β οΈ At least 47,5K vulnerable instances available (directly reachable)
How to search vulnerable Jenkins instances on Netlas.io:
ππΌ Dork: http.headers.x_jenkins:[2.270 TO 2.393]
ππΌ Search link: https://tinyurl.com/487t5s8f
Here is the blog post by Aqua Nautilus Security Research Team about these CVE:
https://blog.aquasec.com/jenkins-server-vulnerabilities
π₯5π1
This media is not supported in your browser
VIEW IN TELEGRAM
Netlas v.0.21.0 Released!
This new release brings a long awaited feature β Bookmarks. Now you can save your favorite search queries by clicking on the star icon in the search string.
Search by favicon feature is significantly improved. Now can search not only exact matches, but also nearest matches. We use perceptual hash for this. Perceptual hash algorithms are opposite to standard cryptographic hashes β they are optimized to change as little as possible for similar inputs. So you can find answers with favicons that look pretty close to a given input, but use a different color, for example.
This new release brings a long awaited feature β Bookmarks. Now you can save your favorite search queries by clicking on the star icon in the search string.
Search by favicon feature is significantly improved. Now can search not only exact matches, but also nearest matches. We use perceptual hash for this. Perceptual hash algorithms are opposite to standard cryptographic hashes β they are optimized to change as little as possible for similar inputs. So you can find answers with favicons that look pretty close to a given input, but use a different color, for example.
π₯10β€2π2
Netlas.io is now integrated with tines.io
Want to use netlas API in your tines.io automations? Just sign in to tines, open the template library and search "Netlas". You can get any IP or domain summary, whois data, scan results and other information from any netlas.io library.
Now it's easy to use netlas.io data within tines.io stories using hundreds of automation templates with no code!
Want to use netlas API in your tines.io automations? Just sign in to tines, open the template library and search "Netlas". You can get any IP or domain summary, whois data, scan results and other information from any netlas.io library.
Now it's easy to use netlas.io data within tines.io stories using hundreds of automation templates with no code!
π€5π1
Pumps are under attack!!!
Ten vulnerabilities in Osprey pump controllers discovered by Zero Science Lab in February remain unpatched. The list of disclosed vulnerabilities includes RCE and Administrator Backdoor Access. Osprey: door-mounted, irrigation and landscape pump controllers.
Osprey pumps on Netlas.io:
ππΌ Search: nt.ls/upZRN
ππΌ Dork: http.title:(Osprey Controller)
https://www.zeroscience.mk/en/vulnerabilities/
#Friday_Horrors
Ten vulnerabilities in Osprey pump controllers discovered by Zero Science Lab in February remain unpatched. The list of disclosed vulnerabilities includes RCE and Administrator Backdoor Access. Osprey: door-mounted, irrigation and landscape pump controllers.
Osprey pumps on Netlas.io:
ππΌ Search: nt.ls/upZRN
ππΌ Dork: http.title:(Osprey Controller)
https://www.zeroscience.mk/en/vulnerabilities/
#Friday_Horrors
π±3
Adobe ColdFusion RCE vulnerabilities:
Adobe ColdFusion 2018 Update 15 and earlier and 2021 Update 5 and earlier affected to critical CVE-2023-26359 and CVE-2023-26360. Arbitrary code execution exploited in the wild.
Netlas.io gives about 180,000 instances:
ππΌ Dork: tag.name:"adobe_coldfusion"
ππΌ Search link: nt.ls/adbcf
Technical analysis by Rapid7: https://attackerkb.com/topics/1iRdvtUgtW/cve-2023-26359/rapid7-analysis
Adobe ColdFusion 2018 Update 15 and earlier and 2021 Update 5 and earlier affected to critical CVE-2023-26359 and CVE-2023-26360. Arbitrary code execution exploited in the wild.
Netlas.io gives about 180,000 instances:
ππΌ Dork: tag.name:"adobe_coldfusion"
ππΌ Search link: nt.ls/adbcf
Technical analysis by Rapid7: https://attackerkb.com/topics/1iRdvtUgtW/cve-2023-26359/rapid7-analysis
π₯5β‘1
An awesome guide to create a fast passive one-shot recon script with Netlas CLI tools.
Do not miss the github link at the end of the article!
https://link.medium.com/q5F85TIESyb
Do not miss the github link at the end of the article!
https://link.medium.com/q5F85TIESyb
π3πΎ3π₯2
Both Domain Whois and IP Whois Datasets are finally published at https://app.netlas.io/datastore/.
Carefully collected and parsed by Netlas.io from major internet routing registries and domain registrants.
β IP WHOIS Database covers all existing IPv4 addresses (more than 4 billion addresses). Each entry contains both parsed data structure and raw text records.
β Domain WHOIS Database covers more than 270 millions active domains, including just registered, published and parked domains, domains on redeption grace period (waiting for renewal), and domains pending delete.
βοΈAll datasets and updates to them are available to Corporate and Enterprise subscribers for free.
Carefully collected and parsed by Netlas.io from major internet routing registries and domain registrants.
β IP WHOIS Database covers all existing IPv4 addresses (more than 4 billion addresses). Each entry contains both parsed data structure and raw text records.
β Domain WHOIS Database covers more than 270 millions active domains, including just registered, published and parked domains, domains on redeption grace period (waiting for renewal), and domains pending delete.
βοΈAll datasets and updates to them are available to Corporate and Enterprise subscribers for free.
π5πΎ5
SecurePoint Authentication vulnerability
"If you sit on the river bank for a long time, you can see how the sessionId of the administrator floats by"
- Sun Tzu.
CVE-2023-22620 requires a bit of patience as the attacker has to wait for the administrator to log in, catch his sessionId, and brute force the User-Agent. However, after that, this will give full control over the root panel of the firewall.
Look at Netlas.io:
ππ» Dork: http.favicon.hash_sha256:ebaaed8ab7c21856f888117edaf342f6bc10335106ed907f95787b69878d9d9e
ππ» Search: nt.ls/k9W35
Original article: https://www.rcesecurity.com/2023/04/securepwn-part-1-bypassing-securepoint-utms-authentication-cve-2023-22620/
"If you sit on the river bank for a long time, you can see how the sessionId of the administrator floats by"
- Sun Tzu.
CVE-2023-22620 requires a bit of patience as the attacker has to wait for the administrator to log in, catch his sessionId, and brute force the User-Agent. However, after that, this will give full control over the root panel of the firewall.
Look at Netlas.io:
ππ» Dork: http.favicon.hash_sha256:ebaaed8ab7c21856f888117edaf342f6bc10335106ed907f95787b69878d9d9e
ππ» Search: nt.ls/k9W35
Original article: https://www.rcesecurity.com/2023/04/securepwn-part-1-bypassing-securepoint-utms-authentication-cve-2023-22620/
π₯4β€1πΎ1
CVE-2023-25135: pre-authentication RCE in vBulletin with 9.8 rating π₯
More than a month ago specialists from LexfoSecurite discovered an interesting vulnerability. It is still highly relevant.
βΌοΈPOC was published two days ago βΌοΈ
Search on Netlas.io:
ππ» Dork: tag.vbulletin.version:<=5.6.9
ππ» Search: https://nt.ls/14sXQ
Original article: https://www.ambionics.io/blog/vbulletin-unserializable-but-unreachable
More than a month ago specialists from LexfoSecurite discovered an interesting vulnerability. It is still highly relevant.
βΌοΈPOC was published two days ago βΌοΈ
Search on Netlas.io:
ππ» Dork: tag.vbulletin.version:<=5.6.9
ππ» Search: https://nt.ls/14sXQ
Original article: https://www.ambionics.io/blog/vbulletin-unserializable-but-unreachable
π₯4
A big list of dorks for Netlas.io has been published on GitHub!
Link: https://github.com/netlas-io/netlas-dorks
βοΈ Use it to find IoT elements, monitoring systems, and more.
Over time, this list will grow. You can also send us your dorks, and we will add them. Good hunting! π
Link: https://github.com/netlas-io/netlas-dorks
βοΈ Use it to find IoT elements, monitoring systems, and more.
Over time, this list will grow. You can also send us your dorks, and we will add them. Good hunting! π
πΎ4π3π1
π₯π¨π₯ PaperCut MF/NG RCE, rating 9.8
Vulnerabilities CVE-2023-27350 and CVE-2023-27351 discovered a few days ago allows unauthorized code execution in the SYSTEM context for PaperCut print management software. The software is used internally in most cases. And yet there are 1,1K instances exposed to the Internet.
Search on Netlas.io:
ππ» Link: https://nt.ls/ZGjrR
Vendorβs advisory: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219
Vulnerabilities CVE-2023-27350 and CVE-2023-27351 discovered a few days ago allows unauthorized code execution in the SYSTEM context for PaperCut print management software. The software is used internally in most cases. And yet there are 1,1K instances exposed to the Internet.
Search on Netlas.io:
ππ» Link: https://nt.ls/ZGjrR
Vendorβs advisory: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219
πΎ4π1π₯1
Netlas Plugin for Maltego
We are happy to announce that Netlas data is now available in Maltego!
Toturial and demo in the article:
https://netlas.medium.com/using-maltego-with-netlas-io-plugin-b3b17bd0881b
We are happy to announce that Netlas data is now available in Maltego!
Toturial and demo in the article:
https://netlas.medium.com/using-maltego-with-netlas-io-plugin-b3b17bd0881b
Medium
Using Maltego with Netlas.io plugin
The article is written solely to familiarize Maltego users with the capabilities of the Netlas.io plugin for Maltego. Maltego Communityβ¦
π₯8
CVE-2023-27524: session validation attacks on Apache Superset with 8.9 ratings βΌοΈ
Search vuln on Netlas.io:
ππ» Dork: (http.title:superset http.body:SUPERSET_WEBSERVER*) OR http.favicon.hash_sha256:e186603e51173d86bfc680eee24345d67c7a1d945a8e76dc4b218bbfabed666e
ππ» Link: https://nt.ls/XdO7p
Check if your software is vulnerable with a script from Horizon3 researchers: https://github.com/horizon3ai/CVE-2023-27524
Search vuln on Netlas.io:
ππ» Dork: (http.title:superset http.body:SUPERSET_WEBSERVER*) OR http.favicon.hash_sha256:e186603e51173d86bfc680eee24345d67c7a1d945a8e76dc4b218bbfabed666e
ππ» Link: https://nt.ls/XdO7p
Check if your software is vulnerable with a script from Horizon3 researchers: https://github.com/horizon3ai/CVE-2023-27524
πΎ4β€1π1
Netlas module for Uncover
We hasten to share with you a short instruction on using the Netlas.io module integrated into Uncover from ProjectDiscovery.
ππ» Read how to use it here:
https://netlas.medium.com/using-uncover-with-netlas-io-module-77b82157ccc4
We hasten to share with you a short instruction on using the Netlas.io module integrated into Uncover from ProjectDiscovery.
ππ» Read how to use it here:
https://netlas.medium.com/using-uncover-with-netlas-io-module-77b82157ccc4
Medium
Using Uncover with Netlas.io module
Instructions for using the Netlas module integrated into Uncover from ProjectDiscovery
π6πΎ1
Netlas is the sponsor of osintomatico conference
Do you love OSINT? So, then we have great news for you: Netlas became one of the sponsors of the osintomatico conf!
Soon, 10 CTF winners will receive certificates from us for a thousand bonus points to immerse deeper in research using our tool. Good luck to the participants!
Explore the event π 2023.osintomatico.com
Do you love OSINT? So, then we have great news for you: Netlas became one of the sponsors of the osintomatico conf!
Soon, 10 CTF winners will receive certificates from us for a thousand bonus points to immerse deeper in research using our tool. Good luck to the participants!
Explore the event π 2023.osintomatico.com
π2πΎ2π1π₯1
CVE-2023-25717: Ruckus Wireless Admin RCE with 9.8 rating π₯
An old vulnerability that got a second chance with the advent of a new botnet type running through it.
Search on Netlas.io:
ππ» Dork: http.favicon.hash_sha256:44648ca99e1d18589d4b72b19156bf61117c09e311b9f26fa771d9acf5cf463f
ππ» Link: https://nt.ls/s1WYE
Read more about new botnet in the Fortinet article: https://www.fortinet.com/blog/threat-research/andoryubot-new-botnet-campaign-targets-ruckus-wireless-admin-remote-code-execution-vulnerability-cve-2023-25717
An old vulnerability that got a second chance with the advent of a new botnet type running through it.
Search on Netlas.io:
ππ» Dork: http.favicon.hash_sha256:44648ca99e1d18589d4b72b19156bf61117c09e311b9f26fa771d9acf5cf463f
ππ» Link: https://nt.ls/s1WYE
Read more about new botnet in the Fortinet article: https://www.fortinet.com/blog/threat-research/andoryubot-new-botnet-campaign-targets-ruckus-wireless-admin-remote-code-execution-vulnerability-cve-2023-25717
πΎ4
Netlas module for OWASP Amass
We continue to tell you about the tools in which Netlas.io is integrated in one way or another.
And today, the well-known OWASP Amass is next in line!
Read here ππ» https://netlas.medium.com/using-owasp-amass-with-netlas-io-module-cb7308669ecd
We continue to tell you about the tools in which Netlas.io is integrated in one way or another.
And today, the well-known OWASP Amass is next in line!
Read here ππ» https://netlas.medium.com/using-owasp-amass-with-netlas-io-module-cb7308669ecd
Medium
Using OWASP Amass with Netlas.io module
In this article, I will show how to configure OWASP Amass to use the Netlas module built into it.
πΎ6π2
CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, CVE-2023-20189: Multiple vulns on the Cisco Small Business Switches. 8.6 rating βοΈ
An attacker can cause DoS or perform remote code execution with root user rights. POC is available!
Search on Netlas.io:
ππ» Link: https://nt.ls/eIvyW
ππ» Dork: http.favicon.perceptual_hash:ffdb0113090009ff~1 AND http.body:"Small Business"
An attacker can cause DoS or perform remote code execution with root user rights. POC is available!
Search on Netlas.io:
ππ» Link: https://nt.ls/eIvyW
ππ» Dork: http.favicon.perceptual_hash:ffdb0113090009ff~1 AND http.body:"Small Business"
π₯4πΎ2
CVE-2023-25690: Request Smuggling attack on Apache HTTP Server with 9.8 rating π₯
An old vulnerability, but a POC has been published today.
Search on Netlas.io (over 20 million results):
ππ» Link (with tags): https://nt.ls/bGPCz
ππ» Link (without tags): https://nt.ls/0Xh1g
ππ» Dork: tag.name:"apache" AND (tag.apache.version:>=2.4.0 AND tag.apache.version:<=2.4.55)
An old vulnerability, but a POC has been published today.
Search on Netlas.io (over 20 million results):
ππ» Link (with tags): https://nt.ls/bGPCz
ππ» Link (without tags): https://nt.ls/0Xh1g
ππ» Dork: tag.name:"apache" AND (tag.apache.version:>=2.4.0 AND tag.apache.version:<=2.4.55)
πΎ3π€·ββ1π1