Questions tagged [scan]
The scan tag has no usage guidance.
108 questions
0
votes
1
answer
30
views
ICMP port unreachable message stops NMAP on UDP scan but not always [closed]
I have two almost identical embedded hosts that I am scanning with NMAP on the specific UDP port 47808.
On host 192.168.2.12 NMAP returns after a while with:
while on 192.168.2.24 NMAP immediately ...
- 101
0
votes
1
answer
409
views
Why use OWASP ZAP when it could damage the web application?
OWASP ZAP is used to scan vulnerability on web application but its site says " Because this is a simulation that acts like a real attack, actual damage can be done to a site’s functionality, data,...
- 3
1
vote
0
answers
765
views
How would you hide yourself whilst conducting a scan on a target network to identify open service ports?
I am working on this question which asks how you would conduct a scan of a target network to identify open service ports without revealing your IP address. It wants details such as IP address ...
- 111
0
votes
2
answers
334
views
Do email security scans that follow links replace digest params in URLs with invalid values?
Going through our application logs recently I noticed a number of instances of page requests where an invalid SHA512 digest param in a URL resulted in a 403.
A couple aspects of these requests make me ...
- 335
0
votes
1
answer
209
views
Clamscan: Infected files found in Pinta
I'm currently performing a full system scan with clamscan and found the following message:
/usr/lib/pinta/Clipper.dll: Win.Trojan.Clipper-9942182-0 FOUND
I went online and couldn't find any reference ...
0
votes
1
answer
1k
views
Scanning for SMBGhost vulnerability
I am a university student currently trying to demonstrate exploitation of the SMBGhost Vulnerability on Windows 10 (Version: 1903, Build Number: 18362.356). I need to provide evidence that the ...
0
votes
0
answers
257
views
Mixed results from different port scanners - stealth vs closed
I did some port scanning of the local network, as a bit of security due diligence, expecting the first 1000 to be stealthed. However, the results are mixed, when running the scan with different ...
- 1
0
votes
0
answers
207
views
How reliable is a mathematical model of a human fingerprint for identification?
How reliable is a mathematical model of a human fingerprint for identification?
I am looking for a way to uniquely identify individuals that is very reliable and easy to use that does not require ...
- 93
0
votes
0
answers
310
views
Router scanning ports on all connected devices
From time to time, my router starts to scan ports on all the connected devices. I have an internal RPi server which I restricted its access to the internet from the router. I checked the "/var/...
- 101
16
votes
5
answers
8k
views
How can an attacker identify if a website is using PHP? How about the PHP version?
I have a vulnerable test site up that runs PHP.
How can an attacker identify that PHP is used?
if I type .../add.php the site gives back an error message, although the file is add.php.
If I type .../...
- 163
0
votes
2
answers
315
views
Does it make sense to perform vulnerability assessment tests with admin user rights?
We have an admin web portal that we use to configure and monitor our system We recently had a security consultant scan our servers for vulnerabilities.
Our admin portal is secured with username and ...
- 101
1
vote
0
answers
181
views
Scanning developer dependency for OSS scan
I have a angular project which has several packages that have direct dependencies and developer dependencies like below
"dependencies": {
"@angular/animations": "8.2.14",
...
1
vote
1
answer
3k
views
If a file has previously been scanned by VirusTotal, will the VirusTotal website always indicate this fact?
I recently downloaded a very popular open-source application. Usually, I compile open-source applications myself after reading the source code. But my compiler box was busy with many tasks, so I ...
- 3,174
0
votes
1
answer
199
views
Estimate the number of host computers on the private network by port scanning
If we have a private network connected to the Internet with NAT, how can an attacker estimate the number of host computers in network using port scanning?
For both possible modes, the attacker inside ...
- 113
1
vote
0
answers
537
views
Is port scanning used by software for legitimate reasons?
Does normal network traffic sent out by software or anything else use port scanning for legitimate reasons?
I'm using psad on my linux server and am unsure if setting the auto-ban IP feature on danger ...
- 11
0
votes
1
answer
157
views
Are there reasons to match the target port/service protocol when doing a scan?
I am pushing my way through some beginner level security readings and exercises (ECSA 1 & 2) without much of a networking background. I happened upon an interesting suggestion or command: to use ...
- 103
1
vote
1
answer
2k
views
AutoRecon is taking too long to complete
AutoRecon is a multi-threaded network reconnaissance tool which
performs automated enumeration of services. It is intended as a
time-saving tool for use in CTFs and other penetration testing
...
- 367
4
votes
3
answers
14k
views
Gmail warns about encrypted PDF file
I recently received a PDF file that, when attached to a gmail message, causes a warning to be displayed as follows:
Encrypted attachment warning – Be careful with this attachment. This message ...
1
vote
1
answer
388
views
Security pattern for third party uploads to Azure blob container
Scenario:
Vendor 1 needs to upload data (.json, compressed .csv files, images and video) to an Azure blob storage container owned by Vendor 2
Vendor 1 is issued a limited duration SAS token each day ...
- 113
3
votes
1
answer
196
views
Why are full port scans more susceptible to being logged than half-open port scans?
Many resources I come across state that one major advantage of full-port scans (e.g. SYN scans) is the fact that there is a lower risk of being logged. But why?
In my opinion, the sequence of ...
- 45
57
votes
3
answers
11k
views
eBay web site tries to connect to wss://localhost:xxxxx - is this legit or they have some Malware JS running?
In helping a corporate user log on to eBay, I noticed that when on the login page, a stream of errors were coming up in the Firefox JS Console about not being able to connect to wss://localhost. This ...
- 631
3
votes
2
answers
6k
views
Why is my computer connected to amazon instances
When I run the command netstat -a to see the actual connections on my computer, I see all the time that my computer is connected to something like this ec2-xx-xx-xx-xx, not just one address it changes ...
- 133
1
vote
0
answers
201
views
Spike in activity with port 3379 (SOCORFS)
My personal IPs on AWS are being scanned for 3379. Apparently, this is SOCORFS, registered to one Hugo Charbonneau. This port is getting scanned a lot more often in recent months:
https://isc.sans.edu/...
- 11
2
votes
1
answer
4k
views
Investigate an unknown device connected to router
On my router(Virgin Media) I found a device labelled as "unknown" I often see the router not assigning the device name but I do have a clue about which device is.
However this specific device got me ...
- 121
0
votes
1
answer
432
views
Using an active or passive scan, can I detect all devices connected to or transmitting via a Wifi network?
I know that it's possible to do a passive scan on all channels to see if an access point sends a beacon. However, is it also possible to listen to general Wifi traffic on that channel and assemble a ...
- 211
2
votes
1
answer
926
views
Why would I use an ACK scan over a FIN scan and vice versa?
I understand that both scans return RST packets and you can use this to scan hosts behind poorly configured firewalls. Is the idea to use both in case the firewall doesn't check for one? For example ...
- 33
0
votes
1
answer
179
views
How does Burp update XSS/vulnerability scanning rules/payloads?
The first point, that it updates with new release. So if somebody discovered new payload for popular frameworks, it will be in burp only with new release. Does Burp app load payloads from Internet ...
0
votes
2
answers
4k
views
Public IP Address to be tested legally? [closed]
According to this question on Quora:
Scanning a public IP address can be a cyber crime.
But there are a few public IPs that can be used for testing purposes such as
45.33.32.156 which is belong ...
user172612
0
votes
1
answer
409
views
How to check big video file if can't check it entirely?
There size limit on VirusTotal, some videos are very big. What if cut off part from the video and send part of it. Is it possible? What part of it, where malware can be?
- 225
2
votes
0
answers
219
views
Where to run long automated scans? [closed]
I'm trying to run some automated scans without stopping for long periods of time (each scan can take anywhere from 8 hours to 3 days). I currently don't have a PC I can leave running for many days ...
- 3,482
0
votes
3
answers
4k
views
Authenticated vs Unauthenticated network scans
What are the differences between authenticated and unauthenticated network scans?
Do they show the same results?
In which scenario should both be used?
- 29
0
votes
1
answer
13k
views
My router is getting port scan attacks [duplicate]
My internet suddenly cut out yesterday, i checked the router and it looked like nothing is wrong. I looked at the logs and i see this
2019-08-18 12:50:39 Security Warning Detect UDP port scan ...
- 1
1
vote
1
answer
624
views
Mindlessly clicked days old phishing email link appeared dead
Was multitasking and mindlessly clicked Squarespace phishing email. Page didn't load, and right away I realized my mistake. Completed several malware scans which came back clean. The button link ...
- 11
1
vote
1
answer
316
views
RHEL7 SSGv0.1 2.2.3 Unauthorized SUID/GUID executables
We are upgrading to RHEL 7.6. My Nessus scanner is giving me the following message:
2.2.3.c-d Mandatory Review Required: Find unauthorized SUID/GUID System Executables
RHEL7 SSGv0.1 2.2.3 Unauthorized ...
- 244
0
votes
1
answer
2k
views
How do I investigate a suspicious link?
I made a RuneScape account about a week ago. I stupidly responded to a scam by clicking on a link provided to me in the game. I think I may have a keylogger, which would explain why my new account was ...
1
vote
2
answers
761
views
Is VirusTotal useful for finding malware in a WordPress database SQL export?
Does VirusTotal detect malware in an SQL export? I have an infected WordPress site. I removed the malware with various tools, however I know from experience, that sometimes it hides itself somewhere ...
- 113
16
votes
4
answers
8k
views
Do mail servers follow links in emails as part of a security scan before inbox delivery?
I've implemented a passwordless login using a magic link and email. The link can be used only once. One customer is complaining that once they click the link, the page reports that the link is already ...
- 271
0
votes
1
answer
343
views
Modified NMAP script: variable 'host' is not declared [closed]
I am modifying an nse script, ssl-cert.nse, which was already made for enumerating ssl certificates. I want to output the host ip and the port number in a line of the ssl certificate output. However, ...
- 708
3
votes
1
answer
232
views
Verifying Host Sterility After Running Malware Tests on Virtual Machine
I know that "VM escape" is becoming a common issue now with malware testing. I'm just wondering if there's any way of verifying if the host system is clean from any infection after running a malware ...
- 33
3
votes
1
answer
20k
views
What is this service? [closed]
Fairly new to infosec and am going through a course on nmap. While scanning I found this and it looked interesting and was wondering if you all had any information on this?
This is the port,state and ...
- 33
1
vote
0
answers
813
views
nmap - No Ports Open [closed]
I bought a Tonbux Smart WiFi Plug WL-SC01 and I'm doing some hack tests on it for educational purposes. I used nmap to check for both UDP and TCP ports but both return that there are no open ports at ...
- 11
1
vote
1
answer
666
views
Determine victim of port scan's OS
I am taking part in a practice sandbox, and have a pcap file in Wireshark: with the traffic depicting a Vertical Port Scan. Is there anyway to find out the "victim"'s Operating System? The packets are ...
- 113
0
votes
1
answer
253
views
Is there anywhere we can scan projects (PHP, JAVA...) for vulnerabilities, like VirusTotal.com does (All-in-one)? [closed]
Virustotal is excellent in its field.
Does there exist any tool (or site) where we could upload (or that could be also an offline PC version) to test projects or websites (PHP, Java, whatever) for ...
- 2,737
1
vote
2
answers
2k
views
How secure is the fingerprint sensor in the Pixel 3?
As far as I understand different fingerprint scanners have different security levels. Old fingerprint print scanners could be fooled quite easily as the CCC (Chaos Computer Club) demonstrated.
How ...
- 1,956
2
votes
1
answer
147
views
Given a list of components and versions, how can I check if any of them have known vulnerabilities?
In this case, I have a list of names and versions, but not access to any source code or binaries. E.g.
ComponentA 2.6.6
ComponentB 1.1
ComponentC 0.12
The list is more than 300 components long, so ...
- 23
2
votes
1
answer
1k
views
Scanning a binary against YARA rules dictionary
I have found a malware binary, Which i am curious to see what patterns has been found from this file. Also i have a collection of ~1000 ioc's and yara-rule's related to Malwares and RAT's. I used Loki,...
- 1,142
0
votes
3
answers
233
views
Scan for infection of malicious files manually?
I know there are options of free security softwares out there that do good job like malwarebytes, but I really want to learn how to scan for possible threats of malicious files on your pc manually. I ...
- 1
1
vote
2
answers
199
views
What is the recommanded periodicity for antivirus RAM and disk scans?
Antivirus scans consumes resources, and far more when the full disk or RAM is scanned. Anyway, files are scanned before opening and often when they enter the system, so periodic scans on this point of ...
- 617
0
votes
1
answer
2k
views
Virustotal detecting threats in Suricata rule set
Virustotal scans are detecting threats from the Suricata default rule pack located https://rules.emergingthreats.net/open/suricata-4.0/
Is this a false positive?
https://www.virustotal.com/#/file/...
- 1
1
vote
3
answers
14k
views
Port sweep vs port scan
I was asked this question in an interview:
"What is a port sweep?"
When I replied with port scan he said that my answer was not a scan, it was a port sweep. I googled and found "tcp sweep: but not "...
- 31