Vulnerability Scan. January 6, 2015

Transcription

1 Vulnerability Scan January 6, 2015 Results of Vulnerability Security Scan The results of your Ethos Info Vulnerability Security Scan are detailed below. The scan ran from Sat Dec 27 07:07: UTC until Sat Dec 27 13:49: UTC. This report first summarises the results found. Then, for each host, the report describes every issue found. Contents 1 Result Overview 2 2 Results per Host High 53/tcp High 80/tcp High 113/tcp Medium 53/tcp Medium 80/tcp Medium 113/tcp Log 53/tcp Log 80/tcp Log 113/tcp Log general/tcp Log general/cpe-t Log 82/tcp Log 81/tcp Log 53/udp Log 5060/udp Log 4569/tcp Log 3306/tcp Log 22/tcp Log 21/tcp Log 123/udp Log 114/tcp Log 112/tcp Page 1 of 36

2 1 Result Overview Ethos Info Vulnerability Scanning Service Report Host High Medium Low Log False Positive Total: Vendor security updates are not trusted. Overrides are on. When a result has an override, this report uses the threat of the override. Notes are included in the report. This report might not show details of all issues that were found. It only lists hosts that produced issues. Issues with the threat level Debug are not shown. Issues with the threat level False Positive are not shown. This report contains all 58 results selected by the filtering described above. Before filtering there were 58 results. 2 Results per Host Host scan start Host scan end Sat Dec 27 07:07: UTC Sat Dec 27 13:49: UTC Service (Port) 53/tcp 80/tcp 113/tcp 53/tcp 80/tcp 113/tcp 53/tcp 80/tcp 113/tcp general/tcp general/cpe-t 82/tcp 81/tcp 53/udp 5060/udp 4569/tcp 3306/tcp 22/tcp 21/tcp 123/udp 114/tcp 112/tcp Threat Level High High High Medium Medium Medium Log Log Log Log Log Log Log Log Log Log Log Log Log Log Log Log High 53/tcp Page 2 of 36

3 High (CVSS: 9.3) NVT: Dnsmasq Remote Denial of Service Vulnerability Ethos Info Vulnerability Scanning Service Report Product detection result cpe:/a:thekelleys:dnsmasq:2.48 Detected by Dnsmasq Detection (OID: ) Dnsmasq is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions through a stream of spoofed DNS queries producing large results. Dnsmasq versions 2.62 and prior are vulnerable. OID of test routine: Vulnerability was detected according to the Vulnerability Detection Method. Vulnerability Detection Method Details:Dnsmasq Remote Denial of Service Vulnerability OID: Version used: $Revision: 12 $ Product Detection Result Product: cpe:/a:thekelleys:dnsmasq:2.48 Method: Dnsmasq Detection OID: References BID:54353 Other: URL: URL: URL: High 80/tcp High (CVSS: 7.5) NVT: PHP version PHP version < suffers multiple vulnerabilities such as integer overflow vu Page 3 of 36

4 lnerability, buffer overflow error and several casting errors. Recommendation: Upgrade PHP to or later versions. OID of test routine: Vulnerability was detected according to the Vulnerability Detection Method. Vulnerability Detection Method Details:PHP version 5.3< OID: Version used: $Revision: 12 $ References CVE: CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE BID:46354, 46365, 46786, High 113/tcp High (CVSS: 7.5) NVT: PHP version PHP version < suffers multiple vulnerabilities such as integer overflow vu lnerability, buffer overflow error and several casting errors. Recommendation: Upgrade PHP to or later versions. OID of test routine: Vulnerability was detected according to the Vulnerability Detection Method. Vulnerability Detection Method Details:PHP version 5.3< OID: Version used: $Revision: 12 $ Page 4 of 36

5 References CVE: CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE BID:46354, 46365, 46786, Medium 53/tcp Medium (CVSS: 6.8) NVT: Dnsmasq TFTP Service multiple vulnerabilities Product detection result cpe:/a:thekelleys:dnsmasq:2.48 Detected by Dnsmasq Detection (OID: ) Dnsmasq is prone to a remotely exploitable heap-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Remote attackers can exploit this issue to execute arbitrary machine code in the context of the vulnerable software on the targeted user s computer. Dnsmasq is also prone to a NULL-pointer dereference vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. NOTE: The TFTP service must be enabled for this issue to be exploitable this is not the default. Versions *prior to* Dnsmasq 2.50 are vulnerable. OID of test routine: : Dnsmasq is prone to a remotely exploitable heap-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Remote attackers can exploit this issue to execute arbitrary machine code in the context of the vulnerable software on the targeted user s computer. Dnsmasq is also prone to a NULL-pointer dereference vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. NOTE: The TFTP service must be enabled for this issue to be exploitable; this is not the default. Versions *prior to* Dnsmasq 2.50 are vulnerable. Page 5 of 36

6 Solution: Updates are available. Please see the references for more information. Solution Updates are available. Please see the references for more information. Vulnerability Detection Method Details:Dnsmasq TFTP Service multiple vulnerabilities OID: Version used: $Revision: 15 $ Product Detection Result Product: cpe:/a:thekelleys:dnsmasq:2.48 Method: Dnsmasq Detection OID: References CVE: CVE , CVE BID:36121, Other: URL: URL: URL: URL: Medium 80/tcp Medium (CVSS: 6.8) NVT: PHP version smaller than PHP version smaller than suffers vulnerability. OID of test routine: Vulnerability was detected according to the Vulnerability Detection Method. Solution Update PHP to version or later. Page 6 of 36

7 Vulnerability Detection Method Details:PHP version smaller than OID: Version used: $Revision: 12 $ References CVE: CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE BID:40173, 43926, 44605, 44718, 44723, 44951, 44980, 45119, 45335, 45338, 45339, 45952, 45954, 46056, Medium 113/tcp Medium (CVSS: 6.8) NVT: PHP version smaller than PHP version smaller than suffers vulnerability. OID of test routine: Vulnerability was detected according to the Vulnerability Detection Method. Solution Update PHP to version or later. Vulnerability Detection Method Details:PHP version smaller than OID: Version used: $Revision: 12 $ References CVE: CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE , CVE BID:40173, 43926, 44605, 44718, 44723, 44951, 44980, 45119, 45335, 45338, 45339, 45952, 45954, 46056, Page 7 of 36

8 2.1.7 Log 53/tcp NVT: DNS Server Detection A DNS Server is running at this Host. A Name Server translates domain names into IP addresses. This makes it possible for a user to access a website by typing in the domain name instead of the website s actual IP address. OID of test routine: Vulnerability was detected according to the Vulnerability Detection Method. Details:DNS Server Detection OID: Version used: $Revision: 488 $ Log 80/tcp NVT: DIRB (NASL wrapper) This script uses DIRB to find directories and files on web applications via brute forcing. OID of test routine: This are the directories/files found with brute force: Details:DIRB (NASL wrapper) OID: Version used: $Revision: 13 $ Page 8 of 36

9 NVT: Services Ethos Info Vulnerability Scanning Service Report This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. OID of test routine: A web server is running on this port Details:Services OID: Version used: $Revision: 69 $ NVT: arachni (NASL wrapper) This plugin uses arachni ruby command line to find web security issues. See the preferences section for arachni options. Note that OpenVAS is using limited set of arachni options. Therefore, for more complete web assessment, you should use standalone arachni tool for deeper/customized checks. OID of test routine: arachni report filename is empty. that could mean that wrong version of arachni is used or tmp dir is not accessible. In short: check installation of arachni and OpenVAS Details:arachni (NASL wrapper) OID: Version used: $Revision: 683 $ Page 9 of 36

10 NVT: Nikto (NASL wrapper) Ethos Info Vulnerability Scanning Service Report This plugin uses nikto(1) to find weak CGI scripts and other known issues regarding web server security. See the preferences section for configuration options. OID of test routine: Here is the Nikto report: - Nikto v No web server found on : host(s) tested Details:Nikto (NASL wrapper) OID: Version used: $Revision: 17 $ NVT: PHP Version Detection Detection of installed version of PHP. This script sends HTTP GET request and try to get the version from the responce, and sets the result in KB. OID of test routine: Detected PHP version: Location: tcp/80 CPE: cpe:/a:php:php:5.3.3 Concluded from version identification result: X-Powered-By: PHP/5.3.3 Details:PHP Version Detection OID: Version used: $Revision: 365 $ Page 10 of 36

11 NVT: wapiti (NASL wrapper) Ethos Info Vulnerability Scanning Service Report This plugin uses wapiti to find web security issues. Make sure to have wapiti 2.x as wapiti 1.x is not supported. See the preferences section for wapiti options. Note that OpenVAS is using limited set of wapiti options. Therefore, for more complete web assessment, you should use standalone wapiti tool for deeper/customized checks. OID of test routine: wapiti report filename is empty. that could mean that wrong version of wapiti is used or tmp dir is not accessible. Make sure to have wapiti 2.x as wapiti 1.x is not supported. In short: check installation of wapiti and OpenVAS Details:wapiti (NASL wrapper) OID: Version used: $Revision: 14 $ NVT: Apache Web ServerVersion Detection Detection of installed version of Apache Web Server The script detects the version of Apache HTTP Server on remote host and sets the KB. OID of test routine: Detected Apache version: Location: 80/tcp CPE: cpe:/a:apache:http_server: Concluded from version identification result: Server: Apache/ Details:Apache Web ServerVersion Detection OID: Page 11 of 36

12 Version used: $Revision: 365 $ Ethos Info Vulnerability Scanning Service Report Log 113/tcp NVT: Services This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. OID of test routine: A web server is running on this port Details:Services OID: Version used: $Revision: 69 $ NVT: arachni (NASL wrapper) This plugin uses arachni ruby command line to find web security issues. See the preferences section for arachni options. Note that OpenVAS is using limited set of arachni options. Therefore, for more complete web assessment, you should use standalone arachni tool for deeper/customized checks. OID of test routine: arachni report filename is empty. that could mean that wrong version of arachni is used or tmp dir is not accessible. In short: check installation of arachni and OpenVAS Page 12 of 36

13 Details:arachni (NASL wrapper) OID: Version used: $Revision: 683 $ NVT: Nikto (NASL wrapper) This plugin uses nikto(1) to find weak CGI scripts and other known issues regarding web server security. See the preferences section for configuration options. OID of test routine: Here is the Nikto report: - Nikto v No web server found on : host(s) tested Details:Nikto (NASL wrapper) OID: Version used: $Revision: 17 $ NVT: PHP Version Detection Detection of installed version of PHP. This script sends HTTP GET request and try to get the version from the responce, and sets the result in KB. OID of test routine: Detected PHP version: Location: tcp/113 CPE: cpe:/a:php:php:5.3.3 Page 13 of 36

14 Concluded from version identification result: X-Powered-By: PHP/5.3.3 Ethos Info Vulnerability Scanning Service Report Details:PHP Version Detection OID: Version used: $Revision: 365 $ NVT: wapiti (NASL wrapper) This plugin uses wapiti to find web security issues. Make sure to have wapiti 2.x as wapiti 1.x is not supported. See the preferences section for wapiti options. Note that OpenVAS is using limited set of wapiti options. Therefore, for more complete web assessment, you should use standalone wapiti tool for deeper/customized checks. OID of test routine: wapiti report filename is empty. that could mean that wrong version of wapiti is used or tmp dir is not accessible. Make sure to have wapiti 2.x as wapiti 1.x is not supported. In short: check installation of wapiti and OpenVAS Details:wapiti (NASL wrapper) OID: Version used: $Revision: 14 $ NVT: Apache Web ServerVersion Detection Detection of installed version of Apache Web Server The script detects the version of Apache HTTP Server on remote host and sets the KB. OID of test routine: Page 14 of 36

15 Detected Apache version: Location: 113/tcp CPE: cpe:/a:apache:http_server: Concluded from version identification result: Server: Apache/ Ethos Info Vulnerability Scanning Service Report Details:Apache Web ServerVersion Detection OID: Version used: $Revision: 365 $ Log general/tcp Log (CVSS: 7.8) NVT: 3com switch2hub The remote host is subject to the switch to hub flood attack. Description : The remote host on the local network seems to be connected through a switch which can be turned into a hub when flooded by different mac addresses. The theory is to send a lot of packets (> ) to the port of the switch we are connected to, with random mac addresses. This turns the switch into learning mode, where traffic goes everywhere. An attacker may use this flaw in the remote switch to sniff data going to this host Reference : OID of test routine: Fake IP address not specified. Skipping this check. Solution Lock Mac addresses on each port of the remote switch or buy newer switch. Vulnerability Detection Method Details:3com switch2hub Page 15 of 36

16 OID: Version used: $Revision: 15 $ Ethos Info Vulnerability Scanning Service Report NVT: Dnsmasq Detection Detection of Dnsmasq The script sends a connection request to the server and attempts to extract the version number from the reply. OID of test routine: Detected Dnsmasq version: 2.48 Location: 53/udp CPE: cpe:/a:thekelleys:dnsmasq:2.48 Concluded from version identification result: dnsmasq-2.48 Details:Dnsmasq Detection OID: Version used: $Revision: 43 $ NVT: Check open ports This plugin checks if the port scanners did not kill a service. OID of test routine: OpenVAS cannot reach any of the previously open ports of the remote host at the end of its scan. This might be an availability problem related which might be due to the following reasons : - The remote host is now down, either because a user turned it off during the scan or a selected denial of service was effective against this host - A network outage has been experienced during the scan, and the remote network cannot be reached from the OpenVAS server any more - This OpenVAS server has been blacklisted by the system administrator Page 16 of 36

17 or by automatic intrusion detection/prevention systems which have detected the vulnerability assessment. In any case, the audit of the remote host might be incomplete and may need to be done again Details:Check open ports OID: Version used: $Revision: 382 $ NVT: Traceroute A traceroute from the scanning server to the target system was conducted. This traceroute is provided primarily for informational value only. In the vast majority of cases, it does not represent a vulnerability. However, if the displayed traceroute contains any private addresses that should not have been publicly visible, then you have an issue you need to correct. OID of test routine: Here is the route from to : Solution Block unwanted packets from escaping your network. Details:Traceroute OID: Version used: $Revision: 14 $ Log general/cpe-t NVT: CPE Inventory Page 17 of 36

18 This routine uses information collected by other routines about CPE identities ( of operating systems, services and applications detected during the scan. OID of test routine: cpe:/a:thekelleys:dnsmasq: cpe:/a:apache:http_server: cpe:/a:php:php:5.3.3 Details:CPE Inventory OID: Version used: $Revision: 314 $ Log 82/tcp NVT: Services This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. OID of test routine: A web server is running on this port Details:Services OID: Version used: $Revision: 69 $ NVT: arachni (NASL wrapper) Page 18 of 36

19 This plugin uses arachni ruby command line to find web security issues. See the preferences section for arachni options. Note that OpenVAS is using limited set of arachni options. Therefore, for more complete web assessment, you should use standalone arachni tool for deeper/customized checks. OID of test routine: arachni report filename is empty. that could mean that wrong version of arachni is used or tmp dir is not accessible. In short: check installation of arachni and OpenVAS Details:arachni (NASL wrapper) OID: Version used: $Revision: 683 $ NVT: Nikto (NASL wrapper) This plugin uses nikto(1) to find weak CGI scripts and other known issues regarding web server security. See the preferences section for configuration options. OID of test routine: Here is the Nikto report: - Nikto v No web server found on : host(s) tested Details:Nikto (NASL wrapper) OID: Version used: $Revision: 17 $ Page 19 of 36

20 NVT: wapiti (NASL wrapper) Ethos Info Vulnerability Scanning Service Report This plugin uses wapiti to find web security issues. Make sure to have wapiti 2.x as wapiti 1.x is not supported. See the preferences section for wapiti options. Note that OpenVAS is using limited set of wapiti options. Therefore, for more complete web assessment, you should use standalone wapiti tool for deeper/customized checks. OID of test routine: wapiti report filename is empty. that could mean that wrong version of wapiti is used or tmp dir is not accessible. Make sure to have wapiti 2.x as wapiti 1.x is not supported. In short: check installation of wapiti and OpenVAS Details:wapiti (NASL wrapper) OID: Version used: $Revision: 14 $ NVT: Apache Web ServerVersion Detection Detection of installed version of Apache Web Server The script detects the version of Apache HTTP Server on remote host and sets the KB. OID of test routine: Detected Apache version: Location: 82/tcp CPE: cpe:/a:apache:http_server: Concluded from version identification result: Server: Apache/ Details:Apache Web ServerVersion Detection OID: Page 20 of 36

21 Version used: $Revision: 365 $ Ethos Info Vulnerability Scanning Service Report Log 81/tcp NVT: Services This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. OID of test routine: A web server is running on this port Details:Services OID: Version used: $Revision: 69 $ NVT: arachni (NASL wrapper) This plugin uses arachni ruby command line to find web security issues. See the preferences section for arachni options. Note that OpenVAS is using limited set of arachni options. Therefore, for more complete web assessment, you should use standalone arachni tool for deeper/customized checks. OID of test routine: arachni report filename is empty. that could mean that wrong version of arachni is used or tmp dir is not accessible. In short: check installation of arachni and OpenVAS Page 21 of 36

22 Details:arachni (NASL wrapper) OID: Version used: $Revision: 683 $ NVT: Nikto (NASL wrapper) This plugin uses nikto(1) to find weak CGI scripts and other known issues regarding web server security. See the preferences section for configuration options. OID of test routine: Here is the Nikto report: - Nikto v No web server found on : host(s) tested Details:Nikto (NASL wrapper) OID: Version used: $Revision: 17 $ NVT: wapiti (NASL wrapper) This plugin uses wapiti to find web security issues. Make sure to have wapiti 2.x as wapiti 1.x is not supported. See the preferences section for wapiti options. Note that OpenVAS is using limited set of wapiti options. Therefore, for more complete web assessment, you should use standalone wapiti tool for deeper/customized checks. OID of test routine: Page 22 of 36

23 wapiti report filename is empty. that could mean that wrong version of wapiti is used or tmp dir is not accessible. Make sure to have wapiti 2.x as wapiti 1.x is not supported. In short: check installation of wapiti and OpenVAS Details:wapiti (NASL wrapper) OID: Version used: $Revision: 14 $ NVT: Apache Web ServerVersion Detection Detection of installed version of Apache Web Server The script detects the version of Apache HTTP Server on remote host and sets the KB. OID of test routine: Detected Apache version: Location: 81/tcp CPE: cpe:/a:apache:http_server: Concluded from version identification result: Server: Apache/ Details:Apache Web ServerVersion Detection OID: Version used: $Revision: 365 $ Log 53/udp NVT: DNS Server Detection A DNS Server is running at this Host. A Name Server translates domain names into IP addresses. This makes it possible for a user to access a website by typing in the domain name instead of the website s actual IP address. Page 23 of 36

24 OID of test routine: Vulnerability was detected according to the Vulnerability Detection Method. Details:DNS Server Detection OID: Version used: $Revision: 488 $ Log 5060/udp NVT: Detect SIP Compatible Hosts A Voice Over IP service is listening on the remote port. Description : The remote host is running SIP (Session Initiation Protocol), a protocol used for Internet conferencing and telephony. Make sure the use of this program is done in accordance with your corporate security policy. OID of test routine: : A Voice Over IP service is listening on the remote port. Description : The remote host is running SIP (Session Initiation Protocol), a protocol used for Internet conferencing and telephony. Make sure the use of this program is done in accordance with your corporate security policy. Solution: If this service is not needed, disable it or filter incoming traffic to this port. Plugin output : FPBX ( ) Supported Options: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESS AGE Page 24 of 36

25 Solution If this service is not needed, disable it or filter incoming traffic to this port. Details:Detect SIP Compatible Hosts OID: Version used: $Revision: 762 $ References Other: URL: Log 4569/tcp NVT: Inter-Asterisk exchange Protocol Detection The remote system is running a server that speaks the Inter-Asterisk exchange Protocol. Description : The Inter-Asterisk exchange protocol (IAX2) is used by the Asterisk PBX Server and other IP Telephony clients/servers to enable voice communication between them. OID of test routine: Vulnerability was detected according to the Vulnerability Detection Method. Solution If possible, filter incoming connections to the port so that it is used by trusted sources only. Details:Inter-Asterisk exchange Protocol Detection OID: Version used: $Revision: 17 $ References Page 25 of 36

26 Other: URL: Ethos Info Vulnerability Scanning Service Report Log 3306/tcp NVT: MySQL/MariaDB Detection Detection of installed version of MySQL/MariaDB. Detect a running MySQL/MariaDB by getting the banner, Extract the version from the banner and store the information in KB OID of test routine: Scanner received a ER_HOST_NOT_PRIVILEGED error from the remote MySQL/MariaDB se rver.\ Some tests may fail. Allow the scanner to access the remote MySQL server for bet ter results. Details:MySQL/MariaDB Detection OID: Version used: $Revision: 41 $ NVT: Services This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. OID of test routine: An unknown service is running on this port. It is usually reserved for MySQL Page 26 of 36

27 Details:Services OID: Version used: $Revision: 69 $ NVT: Unknown services banners This plugin prints the banners from unknown service so that the OpenVAS team can take them into account. OID of test routine: An unknown server is running on this port. If you know what it is, please send this banner to the OpenVAS team: 0x00: FF 6A F F...j.Host 172 0x10: 2E E E E is n 0x20: 6F C 6C 6F F F ot allowed to co 0x30: 6E 6E F D 79 nnect to this My 0x40: C SQL server Details:Unknown services banners OID: Version used: $Revision: 17 $ Log 22/tcp NVT: Services This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. OID of test routine: Page 27 of 36

28 An ssh server is running on this port Details:Services OID: Version used: $Revision: 69 $ Log 21/tcp NVT: FTP Banner Detection This Plugin detects the FTP Server Banner OID of test routine: Remote FTP server banner : 220 (vsftpd 2.2.2) Details:FTP Banner Detection OID: Version used: $Revision: 563 $ NVT: Services This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. OID of test routine: Page 28 of 36

29 An FTP server is running on this port. Here is its banner : 220 (vsftpd 2.2.2) Details:Services OID: Version used: $Revision: 69 $ Log 123/udp NVT: NTP read variables A NTP (Network Time Protocol) server is listening on this port. OID of test routine: Vulnerability was detected according to the Vulnerability Detection Method. Details:NTP read variables OID: Version used: $Revision: 487 $ Log 114/tcp NVT: HTTP Server type and version This detects the HTTP Server s type and version. OID of test routine: Page 29 of 36

30 The remote web server type is : Apache/ (CentOS) Solution : You can set the directive ServerTokens Prod to limit the information emanating from the server in its response headers. Solution Configure your server to use an alternate name like Wintendo httpd w/dotmatrix display Be sure to remove common logos like apache_pb.gif. With Apache, you can set the directive ServerTokens Prod to limit the information emanating from the server in its response headers. Details:HTTP Server type and version OID: Version used: $Revision: 229 $ NVT: DIRB (NASL wrapper) This script uses DIRB to find directories and files on web applications via brute forcing. OID of test routine: This are the directories/files found with brute force: Details:DIRB (NASL wrapper) OID: Version used: $Revision: 13 $ NVT: Services This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on Page 30 of 36

31 another port than 80 and set the results in the plugins knowledge base. Ethos Info Vulnerability Scanning Service Report OID of test routine: A web server is running on this port Details:Services OID: Version used: $Revision: 69 $ NVT: arachni (NASL wrapper) This plugin uses arachni ruby command line to find web security issues. See the preferences section for arachni options. Note that OpenVAS is using limited set of arachni options. Therefore, for more complete web assessment, you should use standalone arachni tool for deeper/customized checks. OID of test routine: arachni report filename is empty. that could mean that wrong version of arachni is used or tmp dir is not accessible. In short: check installation of arachni and OpenVAS Details:arachni (NASL wrapper) OID: Version used: $Revision: 683 $ NVT: Nikto (NASL wrapper) This plugin uses nikto(1) to find weak CGI scripts and other known issues regarding web server security. See the preferences section for configuration options. Page 31 of 36

32 OID of test routine: Here is the Nikto report: - Nikto v No web server found on : host(s) tested Details:Nikto (NASL wrapper) OID: Version used: $Revision: 17 $ NVT: wapiti (NASL wrapper) This plugin uses wapiti to find web security issues. Make sure to have wapiti 2.x as wapiti 1.x is not supported. See the preferences section for wapiti options. Note that OpenVAS is using limited set of wapiti options. Therefore, for more complete web assessment, you should use standalone wapiti tool for deeper/customized checks. OID of test routine: wapiti report filename is empty. that could mean that wrong version of wapiti is used or tmp dir is not accessible. Make sure to have wapiti 2.x as wapiti 1.x is not supported. In short: check installation of wapiti and OpenVAS Details:wapiti (NASL wrapper) OID: Version used: $Revision: 14 $ Page 32 of 36

33 NVT: Apache Web ServerVersion Detection Ethos Info Vulnerability Scanning Service Report Detection of installed version of Apache Web Server The script detects the version of Apache HTTP Server on remote host and sets the KB. OID of test routine: Detected Apache version: Location: 114/tcp CPE: cpe:/a:apache:http_server: Concluded from version identification result: Server: Apache/ Details:Apache Web ServerVersion Detection OID: Version used: $Revision: 365 $ Log 112/tcp NVT: DIRB (NASL wrapper) This script uses DIRB to find directories and files on web applications via brute forcing. OID of test routine: This are the directories/files found with brute force: Details:DIRB (NASL wrapper) OID: Version used: $Revision: 13 $ Page 33 of 36

34 NVT: Services Ethos Info Vulnerability Scanning Service Report This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. OID of test routine: A web server is running on this port Details:Services OID: Version used: $Revision: 69 $ NVT: arachni (NASL wrapper) This plugin uses arachni ruby command line to find web security issues. See the preferences section for arachni options. Note that OpenVAS is using limited set of arachni options. Therefore, for more complete web assessment, you should use standalone arachni tool for deeper/customized checks. OID of test routine: arachni report filename is empty. that could mean that wrong version of arachni is used or tmp dir is not accessible. In short: check installation of arachni and OpenVAS Details:arachni (NASL wrapper) OID: Version used: $Revision: 683 $ Page 34 of 36

35 NVT: Nikto (NASL wrapper) Ethos Info Vulnerability Scanning Service Report This plugin uses nikto(1) to find weak CGI scripts and other known issues regarding web server security. See the preferences section for configuration options. OID of test routine: Here is the Nikto report: - Nikto v No web server found on : host(s) tested Details:Nikto (NASL wrapper) OID: Version used: $Revision: 17 $ NVT: wapiti (NASL wrapper) This plugin uses wapiti to find web security issues. Make sure to have wapiti 2.x as wapiti 1.x is not supported. See the preferences section for wapiti options. Note that OpenVAS is using limited set of wapiti options. Therefore, for more complete web assessment, you should use standalone wapiti tool for deeper/customized checks. OID of test routine: wapiti report filename is empty. that could mean that wrong version of wapiti is used or tmp dir is not accessible. Make sure to have wapiti 2.x as wapiti 1.x is not supported. In short: check installation of wapiti and OpenVAS Details:wapiti (NASL wrapper) Page 35 of 36

36 OID: Version used: $Revision: 14 $ Ethos Info Vulnerability Scanning Service Report NVT: Apache Web ServerVersion Detection Detection of installed version of Apache Web Server The script detects the version of Apache HTTP Server on remote host and sets the KB. OID of test routine: Detected Apache version: Location: 112/tcp CPE: cpe:/a:apache:http_server: Concluded from version identification result: Server: Apache/ Details:Apache Web ServerVersion Detection OID: Version used: $Revision: 365 $ This report was generated using the Ethos Info Vulnerability Scanning Service. If you have any questions, please contact our Network Operations Center via at noc@ethosinfo.com for details and interpretation. Page 36 of 36