Search the Community

So, one thing that I have ran into lately is extremely large networks. Often its a 10.0.0.0/8 255.0.0.0 network that I am pretty sure is used to just deter networking scanning and host discovery. Does anyone have any advice for scanning networks this size?

Hi all, i'm undertaking a project to determine which vulnerability scanning tools within Kali Linux are best suited for the job, there were three tools tested and these were, Nikto, Sparta and OpenVAS. The results that these scans returned when scanning metasploitable 2 with a Kali linux machine are as follows: Metasploitable 2 Nikto 15 Sparta 46 OpenVAS 144 These results are solely the number of vulnerabilities that were returned, OpenVAS seems to be the right choice but im looking for feedback to back up these results of whether this is accurate? or maybe whether the other tools have features that may give them an advantage over the other. Any feedback would be most welcome. Thanks.

Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time without the need for a single email. Developed with a specialized set of functionalities that help users improve their own work, the main purpose is to re-use the available tools in the community taking advantage of them in a collaborative way! Check out the Faraday project in Github. Two years ago we published our first community version consisting mainly of what we now know as the Faraday Client and a very basic Web UI. Over the years we introduced some pretty radical changes, but nothing like what you are about to see - we believe this is a turning point for the platform, and we are more than happy to share it with all of you. Without further ado we would like to introduce you to Faraday 2.0! https://github.com/infobyte/faraday/releases/tag/v2.0 This release, presented at Black Hat Arsenal 2016, spins around our four main goals for this year: * Faraday Server - a fundamental pillar for Faraday's future. Some of the latest features in Faraday required a server that could step between the client and CouchDB, so we implemented one! It still supports a small amount of operations but it was built thinking about performance. Which brings us to objective #2... * Better performance - Faraday will now scale as you see fit. The new server allows to have huge workspaces without a performance slowdown. 200k hosts? No problem! * Deprecate QT3 - the QT3 interface has been completely erased, while the GTK one presented some versions ago will be the default interface from now on. This means no more problems with QT3 non-standard packages, smooth OSX support and a lighter Faraday Client for everyone. * Licenses - managing a lot of products is time consuming. As you may already know we've launched Faraday's own App Store https://appstore.faradaysec.com/ where you can get all of your favourite tools (Burp suite, IDA Debugger, etc) whether they're open source or commercial ones. But also, in order to keep your licenses up to date and never miss an expiry date we've built a Licenses Manager inside Faraday. Our platform now stores the licenses of third party products so you can easily keep track of your licenses while monitoring your pentest. With this new release we can proudly say we already met all of this year's objectives, so now we have more than four months to polish the details. Some of the features released in this version are quite basic, and we plan to extend them in the next few iterations. Changes: * Improved executive report generation performance. * Totally removed QT3, GTK is now the only GUI. * Added Faraday Server. * Added some basic APIs to Faraday Server. * Deprecated FileSystem databases: now Faraday works exclusively with Faraday Server and CouchDB. * Improved performance in web UI. * Added licenses management section in web UI. * Fixed bug when deleting objects from Faraday Web. * Fixed bug when editing services in the web UI. * Fixed bug where icons were not copied to the correct directory on initialization. * Added a button to go to the Faraday Web directly from GTK. * Fixed bug where current workspace wouldn't correspond to selected workspace on the sidebar on GTK. * Fixed bug in 'Refresh Workspace' button on GTK. * Fixed bug when searching for a non-existent workspace in GTK. * Fixed bug where Host Sidebar and Status Bar information wasn't correctly updated on GTK. * Fixed sqlmap plugin. * Fixed metasploit plugin. We hope you enjoy it, and let us know if you have any questions or comments. https://www.faradaysec.com https://github.com/infobyte/faraday https://twitter.com/faradaysec

I've been seeking online for a complete tutorial that goes from finding if a computer is vulnerable to an exploit to getting a meterpreter session without the use of trojans. The things that are missing are... 1.the exact procedure of scanning a pc to find if it is vulnerable (and if it is possible a pc outside a local network and how is it possible to scan individual compuiters that are behind routers?) 2. Importing a new exploit that isnt already inside the metasploit framework. 3. setting a backdoor without the use of the persistance command of the meterpreter. 4. the procedure of the triggering of the exploit on the victim machine (what happens exactly?) any kind of info is apreciated.