I am currently texting some functions using Scrapebox without proxies.
Google and Bing Meta Scraper offer a “delay between requests” option in connection settings (so I can can test a long list with delays of 12 to 30 seconds without getting blocked).
I do not see an option for “delay between requests” for the Page Scanner Addon.
Is there a way to set a delay in Page Scanner Addon?
I am using page scanner to search google results and find which pages have Google My Business, A Video section or Image section
I did a test of 1000 similar URL’s and it completed in about 10 minutes but after about 700 results it returned about 300 results with “HTTP/1.1 429 Too Many Requests” in the Status column.
One surprise is that I was able to do a manual search in browser while this was running and after it finished without a Captcha challenge.
Assuming I am using the Page Scanner Addon correctly, it seems to return only one result for each url
Eg If I have three footprints to find:
If a Page contains one of the search terms (not necessarily the first one) it will return a positive result for one search term and move on to next URL and never check for the other two search terms.
It seems that If I want results that have “any AND all” of the three cities I have to run the the search 3 times with only one Footprint active at one time.
Is that correct or am I using the Addon incorrectly?
Basically, I’ve created some footprints and the Page Scanner scans and says it’s completed but there are no results.
Here’s a video with more details: https://share.getcloudapp.com/7KupZAge
As far as I can tell, I’ve set everything up correctly.
I want to use my sparetime to fiddle around with Metasploitable 2 a little so I did a fresh installation of a Kali VM.
What confuses me is that there seems to be no vulnerability scanner on board anymore? If I remember correctly a few years ago Kali where shipped with OpenVas, NeXpose and Nessus.
I did a quick research in what tool is the current state of the art but only found very old and outdated informations. As far as I see Nexpose is now commercial whitout a community version?
What is the current state of the art vulnerability scanner and why isnt it shipped in Kali anymore?
I’m looking for a virus scanner (file scanner), that does not share any data with 3rd parties (is local), has a web management interface, has an extensive virus definition database and has support.
ClamAV still seems to be the closest choice, but I haven’t found anything that met the above reqs. Any recommendations?
For years I have been using the Fing iOS app to scan my home network to check for unknown devices. The iOS apps is nice and self contained, so I never worried much about its own security.
I recently downloaded the Windows Fing desktop application. Worked great, has a easy interface, and provides better results than other scanners I have tried.
BUT … The desktop app requires one to create a Fing account, and the results of the scan are uploaded to Fing cloud. So basically now my external IP, all my internal IPs, and all my device’s MACs are on the cloud. At first blush this seems like a huge security concern.
Has anyone encountered any security issues with the Fing service?
I’m reading a white hat hacking book from a famous certification. They say the methodology for hacking a web server is:
- information gathering (domain name, DNS, IP, etc.)
- footprinting (ex: banner grabing)
- website mirroring
- vulnerability scanning
- session hijacking
- password cracking
Apart from session hijacking and information gathering, I don’t see why I would not just launch Acunetix Web App Scanner and/or Nessus to find all weaknesses.
What is the point of performing manual tests if you can automate them?
For instance, if the vulnerability scanner does not know how to find vulnerable cookies, and if I manually find a way to do session hijacking, I wont be able to train Acunetix of Nessus for that. Even if I did, I don’t how beneficial it would be.
Please explain to me why I would not just let my tool do the hacking for me.
I don’t know how to correctly import IP ranges in a text file for angry ip scanner. I copied the IP ranges from some website and import them in a .txt file like
126.96.36.199-188.8.131.52 184.108.40.206-220.127.116.11 18.104.22.168-22.214.171.124 126.96.36.199-188.8.131.52
but the angry ip scanner just scanned the first IPs and not the ranges. I have no idea how to import IP ranges correctly. I also did something like 192.168.1.1/24 but it didn’t work either.
A user was discovered using a QR code to log into a PC. Apparently, the password was put into a QR code generator and printed. The user:
- Provides their username
- Scans the QR code with a handheld scanner and is granted access
Our company utilizes handheld scanners for a variety of reasons so it is not feasible to use endpoint protection USB device control to block all scanners or brands of scanners. This user also uses handheld scanners for everyday work duties. We are curious of a creative way to prevent this technically. We also plan on addressing this administratively through policy. One idea was floated that if possible (through GPO):
- Having a startup script to disable scanners
- A log off script to disable scanners
- A login script to re-enable the scanner
The handheld scanner apparently shows as a generic HID keyboard in device manager. Does anyone know of a feasible way to block this or perhaps an alternative solution to the problem (blocking the device at login)? Thank you!
In the process of trying to recover data in bulk from what I assumed was a failing hard drive, Windows Security kindly notified me it had found a handful of malicious items among the recovered files. I immediately nuked that secondary drive, but for a few items it reported either “Remediation Failed” or “Item removed or restored from quarantine”.
I did a full scan, then an offline scan, and a full scan in safe mode with Security Scanner, all of which found nothing. I have not seen any symptoms that match the items it detected, and have read that those two concerning reports are a common artifact of manually deleting items it found.
My finger is hovering over the “nuke it from orbit” button anyway, but for now I think this an interesting question: Obviously nothing can guarantee it, but what tools, techniques, or combinations thereof that can produce a higher confidence than just running Microsoft’s tools in sequence? Perhaps some combination of tools run on a Linux CD/USB?