Using Open Source Reconnaissance Tools for Business Partner Vulnerability Assessment
- Using a Google search of “intitle:index.of “Apache 2.2.22at “, we can find all servers using that version of Apache. When you attach a site name, all the possible queries showing vulnerable software or sensitive information (password, scans, files) can be found. This can be done using any search engine.
- If flagged, Google can prompt you to answer the captcha puzzle, Google can also freeze all search activity on your network if Google decides there’s a botnet on the server.
What software can be used to test sites against malware/spam?
What tools can be used to non-intrusively perform a vulnerability assessment?
Shodan and Google searches are excellent choices to perform initial vulnerability assessments. These tools are lightweight and are not very noisy. By noisy I mean they generally will not leave any evidence in the servers web logs or get picked up by a SIEM as they are not actively scanning. Port scanners such as Nmap will leave web logs and OpenVAS, which is vulnerability scanner will generally create an alarm in the company’s SIEM appliance.