Page Scanner Addon – Delay?

I am currently texting some functions using Scrapebox without proxies.

Google and Bing Meta Scraper offer a “delay between requests” option in connection settings (so I can can test a long list with delays of 12 to 30 seconds without getting blocked).

I do not see an option for “delay between requests” for the Page Scanner Addon.

Is there a way to set a delay in Page Scanner Addon?

I am using page scanner to search google results and find which pages have Google My Business, A Video section or Image section
eg https://www.google.com/search?q=ford+mustang

I did a test of 1000 similar URL’s and it completed in about 10 minutes but after about 700 results it returned about 300 results with “HTTP/1.1 429 Too Many Requests” in the Status column.

One surprise is that I was able to do a manual search in browser while this was running and after it finished without a Captcha challenge.

Thanks ColinK

Page Scanner Addon – Report all footprint instances?

Assuming I am using the Page Scanner Addon correctly, it seems to return only one result for each url

Eg If I have three footprints to find:
New York
London 
Paris 

If a Page contains one of the search terms (not necessarily the first one) it will return a positive result for one search term and move on to next URL and never check for the other two search terms.

It seems that If I want results that have “any AND all” of the three cities I have to run the the search 3 times with only one Footprint active at one time.
Is that correct or am I using the Addon incorrectly?

Thanks ColinK

What is the current state of the art vulnerability scanner? [closed]

I want to use my sparetime to fiddle around with Metasploitable 2 a little so I did a fresh installation of a Kali VM.

What confuses me is that there seems to be no vulnerability scanner on board anymore? If I remember correctly a few years ago Kali where shipped with OpenVas, NeXpose and Nessus.

I did a quick research in what tool is the current state of the art but only found very old and outdated informations. As far as I see Nexpose is now commercial whitout a community version?

What is the current state of the art vulnerability scanner and why isnt it shipped in Kali anymore?

Concerns about Fing scanner

For years I have been using the Fing iOS app to scan my home network to check for unknown devices. The iOS apps is nice and self contained, so I never worried much about its own security.

I recently downloaded the Windows Fing desktop application. Worked great, has a easy interface, and provides better results than other scanners I have tried.

BUT … The desktop app requires one to create a Fing account, and the results of the scan are uploaded to Fing cloud. So basically now my external IP, all my internal IPs, and all my device’s MACs are on the cloud. At first blush this seems like a huge security concern.

Has anyone encountered any security issues with the Fing service?

Web server attack methodology: why bother with manual tests if vulnerability scanner does it all?

I’m reading a white hat hacking book from a famous certification. They say the methodology for hacking a web server is:

  • information gathering (domain name, DNS, IP, etc.)
  • footprinting (ex: banner grabing)
  • website mirroring
  • vulnerability scanning
  • session hijacking
  • password cracking

Apart from session hijacking and information gathering, I don’t see why I would not just launch Acunetix Web App Scanner and/or Nessus to find all weaknesses.

What is the point of performing manual tests if you can automate them?

For instance, if the vulnerability scanner does not know how to find vulnerable cookies, and if I manually find a way to do session hijacking, I wont be able to train Acunetix of Nessus for that. Even if I did, I don’t how beneficial it would be.

Please explain to me why I would not just let my tool do the hacking for me.

importing ip ranges list as a text file in angry ip scanner [closed]

I don’t know how to correctly import IP ranges in a text file for angry ip scanner. I copied the IP ranges from some website and import them in a .txt file like

45.5.0.0-45.5.3.255 45.5.15.0-45.5.15.255 45.5.20.0-45.5.23.255 45.5.24.0-45.5.27.255 

but the angry ip scanner just scanned the first IPs and not the ranges. I have no idea how to import IP ranges correctly. I also did something like 192.168.1.1/24 but it didn’t work either.

Preventing Users from Using QR Code Password and Scanner for Authentication

A user was discovered using a QR code to log into a PC. Apparently, the password was put into a QR code generator and printed. The user:

  1. Provides their username
  2. Scans the QR code with a handheld scanner and is granted access

Our company utilizes handheld scanners for a variety of reasons so it is not feasible to use endpoint protection USB device control to block all scanners or brands of scanners. This user also uses handheld scanners for everyday work duties. We are curious of a creative way to prevent this technically. We also plan on addressing this administratively through policy. One idea was floated that if possible (through GPO):

  1. Having a startup script to disable scanners
  2. A log off script to disable scanners
  3. A login script to re-enable the scanner

The handheld scanner apparently shows as a generic HID keyboard in device manager. Does anyone know of a feasible way to block this or perhaps an alternative solution to the problem (blocking the device at login)? Thank you!

Can any tools/tactics produce a higher confidence in a clean system than Microsoft Security Scanner?

In the process of trying to recover data in bulk from what I assumed was a failing hard drive, Windows Security kindly notified me it had found a handful of malicious items among the recovered files. I immediately nuked that secondary drive, but for a few items it reported either “Remediation Failed” or “Item removed or restored from quarantine”.

I did a full scan, then an offline scan, and a full scan in safe mode with Security Scanner, all of which found nothing. I have not seen any symptoms that match the items it detected, and have read that those two concerning reports are a common artifact of manually deleting items it found.

My finger is hovering over the “nuke it from orbit” button anyway, but for now I think this an interesting question: Obviously nothing can guarantee it, but what tools, techniques, or combinations thereof that can produce a higher confidence than just running Microsoft’s tools in sequence? Perhaps some combination of tools run on a Linux CD/USB?