Did you know that Netlas IP whois database is also available through the API and CLI?
More importantly, you can purchase and download complete Netlas IP whois data collection from our datastore.
https://app.netlas.io/datastore/product/40/

High-profile vulnerabilities in PLC and HMI devices by AutomationDirect (CVE-2022-2003 - CVE-2022-2006) as seen on http://Netlas.io. The United States is the most affected.
#vulnerability_map

Netlas.io Dorks for finding sensitive IoT Data (adopted and little bit expanded "TOP Shodan Dorks for finding sensitive IoT data" by @0xhunster)

Try these dorks at https://app.netlas.io

Fresh 1-day vulnerabilities in VMware Workspace ONE Access, Identity Manager и vRealize Automation (CVE-2022-31656 - CVE-2022-31659) as seen on Netlas.io. CVSSv3 - 9,8!

http.body:"VMware vRealize Automation Appliance" OR http.favicon.hash_sha256:7eef5dc4dc1055c6e3e479a8ab95efbe0a11660fa7152d1163377bca7d2b8428

Netlas (sub)domain search will be available through OWASP Amass soon.
https://github.com/OWASP/Amass/pull/818

We have significantly improved Netlas Domain Resolver. The latest resolve brings much better quality 💪More than 2 billion domains resolved 🌎

Did you know google.com has more than 500 A-records?
https://app.netlas.io/domains/?q=domain%3Agoogle.com&page=1&indices=

Here is an interesting article by Rapid7 about CVE-2022-36804 (scored 8,8) related to Bitbucket Server:
https://attackerkb.com/topics/iJIxJ6JUow/cve-2022-36804/rapid7-analysis

And here is a good example of Netlas.io search query using versions for this CVE:
https://app.netlas.io/responses/?q=tag.atlassian_bitbucket.version%3A%5B7.6%20TO%207.6.17%5D%20OR%20tag.atlassian_bitbucket.version%3A%5B7.17%20TO%207.17.10%5D%20OR%20tag.atlassian_bitbucket.version%3A%5B7.21%20TO%207.21.4%5D%20OR%20tag.atlassian_bitbucket.version%3A%5B8.0%20TO%208.0.3%5D%20OR%20tag.atlassian_bitbucket.version%3A%5B8.1%20TO%208.1.3%5D%20OR%20tag.atlassian_bitbucket.version%3A%5B8.2%20TO%208.2.2%5D%20OR%20tag.atlassian_bitbucket.version%3A%5B8.3%20TO%208.3.1%5D&page=1&indices=

About 33% of the current scan completed. This time we have added support for DNS protocol (both TCP and UDP) and two more industrial protocols: Modbus and Siemens S7 communications.

https://app.netlas.io/responses/?q=protocol%3A(modbus%20OR%20s7%20OR%20dns)&page=1&indices=43

An interesting article on SecureList about Schneider Electric controllers vulnerabilities CVE-2020-28212, CVE-2021-22779 and flawed patch. More than 600 industrial controllers possibly affected according to our latest scan (~2/3 completed).

Here is the link to Netlas.io search: https://app.netlas.io/responses/?page=1&q=modbus.mei_response.objects.product_code.keyword%3A%2F%28BME%20%28H%7CP%29%29%7C%28BMX%20P34%29.%2A%2F

Dear Netlas.io users!

The Alpha testing phase is close to completion. There will be a major update to Netlas.io in a few days. This update opens the Beta phase. We believe that the core features of Netlas.io are stable and ready to use. We will continue to develop the service, but now it is extremely important for us to move on to monetization. So, the upcoming update will bring a subnoscription system. 💵📈

Read more about upcoming update: https://netlas.io/blog/tpost/xv2e7alik1-upcoming-beta-release

Netlas goes to the Beta testing phase.

We added new search tools - host summary and domain whois search, new protocols, privacy detection features and much more. But the general novation is a subnoscription system.

Read more: https://netlas.io/blog/tpost/ol3n2r3b41-netlas-v0180-release-notes

Fortinet appliances are in the spotlight today!

Authentication Bypass Technical Deep Dive (CVE-2022-40684) by Horizon3.ai: https://tinyurl.com/yc82pwut

Fortinet on Netlas.io:
👉🏼 Dork: tag.name:(fortinet OR fortigate_vpn)
👉🏼 Link to search: https://app.netlas.io/responses/?q=tag.name%3A(fortinet%20OR%20fortigate_vpn)&page=1&indices=

Favicon search is a rarely used but very powerful search tool! Sometimes this is the only way to identify an application.

Try it! It works great 🔎💪🤩

#howto

ConnectWise Recover and R1Soft Server Backup Manager RCE bug (CVE-2022-36537) disclosure: https://tinyurl.com/ydresab7

They say: “there has been no evidence of exploitation in the wild”, but it is likely a matter of hours or days.

About 5,600 instances potentially affected.

Server Backup Manager on Netlas.io:
👉🏼 Dork: http.body:(("zk.wcs" OR "zk.wpd") AND ("Server Backup")) OR http.favicon.hash_sha256:b7b4ce41a9cc86e1923997f5324b476686c953e87e22424e8375eddeb65e63ec
👉🏼 Search link: https://app.netlas.io/responses/?q=http.body%3A…

The OpenSSL punycode vulnerability (CVE-2022-3602): Overview, detection, exploitation, and remediation by Datadog Security Labs

OpenSSL 3.0.0 - 3.0.6 on Netlas.io:
👉🏼 Dork: tag.openssl.version:(>=3.0.0 AND <3.0.7)
👉🏼 Link to search: https://tinyurl.com/3d94dt6y

Netlas v.0.19.0 brings a referral program!

Use a referral link to invite someone to create netlas.io account. Benefits for invited and inviting, including 10% referral fee 🤑

Help in promotion is another option 💬 👆🏽

Ron Bowes from Rapid7 published deep-dive into CVE-2022-41622 and CVE-2022-41800
https://tinyurl.com/ysfczh9e

F5 BIG-IP & BIG-IQ on Netlas.io:
👉🏼 Dork: tag.name:(f5_bigip OR f5_big_ip) OR http.favicon.hash_sha256:a8eef57d094fcf99bae2378eb2c2fc2fb15d12f856c028cc979c04451bee84c2
👉🏼 Link to search: https://tinyurl.com/26zn9jdf

Uncover v.1.0.0 by ProjectDiscovery.io was published today. This new release brings Netlas.io support.

So happy to be on board! 😃🎉💫

https://github.com/projectdiscovery/uncover/releases/tag/v1.0.0

Right now you can purchase Netlas.io subnoscription with an 80% discount for a month or even a year! In 5 days the prices will go up.

Choose your pricing plan:
https://app.netlas.io/plans/

Users of Zoho ManageEngine are being urged to patch their instances against CVE-2022-47966. This vulnerability allows an unauthenticated adversary to execute arbitrary code.

Zoho ManageEngine on Netlas.io:

👉🏼 Dork: tag.name:"manageengine_servicedesk"

👉🏼 Link to search: https://tinyurl.com/yuw2uucn

Many thanks to Intercepter NG for the great post. An interesting use-case 👍👏
https://www.facebook.com/groups/1676741942723339/posts/1712949169102616/

We are pleased to give a six months Business subnoscription 🙏🎉 Join his FB group! There are a lot of pretty useful posts there.