A big list of dorks for Netlas.io has been published on GitHub!
Link: https://github.com/netlas-io/netlas-dorks
☝️ Use it to find IoT elements, monitoring systems, and more.
Over time, this list will grow. You can also send us your dorks, and we will add them. Good hunting! 🔍
Link: https://github.com/netlas-io/netlas-dorks
☝️ Use it to find IoT elements, monitoring systems, and more.
Over time, this list will grow. You can also send us your dorks, and we will add them. Good hunting! 🔍
👾4👍3👏1
🔥🖨🔥 PaperCut MF/NG RCE, rating 9.8
Vulnerabilities CVE-2023-27350 and CVE-2023-27351 discovered a few days ago allows unauthorized code execution in the SYSTEM context for PaperCut print management software. The software is used internally in most cases. And yet there are 1,1K instances exposed to the Internet.
Search on Netlas.io:
👉🏻 Link: https://nt.ls/ZGjrR
Vendor’s advisory: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219
Vulnerabilities CVE-2023-27350 and CVE-2023-27351 discovered a few days ago allows unauthorized code execution in the SYSTEM context for PaperCut print management software. The software is used internally in most cases. And yet there are 1,1K instances exposed to the Internet.
Search on Netlas.io:
👉🏻 Link: https://nt.ls/ZGjrR
Vendor’s advisory: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219
👾4👍1🔥1
Netlas Plugin for Maltego
We are happy to announce that Netlas data is now available in Maltego!
Toturial and demo in the article:
https://netlas.medium.com/using-maltego-with-netlas-io-plugin-b3b17bd0881b
We are happy to announce that Netlas data is now available in Maltego!
Toturial and demo in the article:
https://netlas.medium.com/using-maltego-with-netlas-io-plugin-b3b17bd0881b
Medium
Using Maltego with Netlas.io plugin
The article is written solely to familiarize Maltego users with the capabilities of the Netlas.io plugin for Maltego. Maltego Community…
🔥8
CVE-2023-27524: session validation attacks on Apache Superset with 8.9 ratings ‼️
Search vuln on Netlas.io:
👉🏻 Dork: (http.noscript:superset http.body:SUPERSET_WEBSERVER*) OR http.favicon.hash_sha256:e186603e51173d86bfc680eee24345d67c7a1d945a8e76dc4b218bbfabed666e
👉🏻 Link: https://nt.ls/XdO7p
Check if your software is vulnerable with a noscript from Horizon3 researchers: https://github.com/horizon3ai/CVE-2023-27524
Search vuln on Netlas.io:
👉🏻 Dork: (http.noscript:superset http.body:SUPERSET_WEBSERVER*) OR http.favicon.hash_sha256:e186603e51173d86bfc680eee24345d67c7a1d945a8e76dc4b218bbfabed666e
👉🏻 Link: https://nt.ls/XdO7p
Check if your software is vulnerable with a noscript from Horizon3 researchers: https://github.com/horizon3ai/CVE-2023-27524
👾4❤1👏1
Netlas module for Uncover
We hasten to share with you a short instruction on using the Netlas.io module integrated into Uncover from ProjectDiscovery.
👉🏻 Read how to use it here:
https://netlas.medium.com/using-uncover-with-netlas-io-module-77b82157ccc4
We hasten to share with you a short instruction on using the Netlas.io module integrated into Uncover from ProjectDiscovery.
👉🏻 Read how to use it here:
https://netlas.medium.com/using-uncover-with-netlas-io-module-77b82157ccc4
Medium
Using Uncover with Netlas.io module
Instructions for using the Netlas module integrated into Uncover from ProjectDiscovery
👍6👾1
Netlas is the sponsor of osintomatico conference
Do you love OSINT? So, then we have great news for you: Netlas became one of the sponsors of the osintomatico conf!
Soon, 10 CTF winners will receive certificates from us for a thousand bonus points to immerse deeper in research using our tool. Good luck to the participants!
Explore the event 👉 2023.osintomatico.com
Do you love OSINT? So, then we have great news for you: Netlas became one of the sponsors of the osintomatico conf!
Soon, 10 CTF winners will receive certificates from us for a thousand bonus points to immerse deeper in research using our tool. Good luck to the participants!
Explore the event 👉 2023.osintomatico.com
🏆2👾2👍1🔥1
CVE-2023-25717: Ruckus Wireless Admin RCE with 9.8 rating 🔥
An old vulnerability that got a second chance with the advent of a new botnet type running through it.
Search on Netlas.io:
👉🏻 Dork: http.favicon.hash_sha256:44648ca99e1d18589d4b72b19156bf61117c09e311b9f26fa771d9acf5cf463f
👉🏻 Link: https://nt.ls/s1WYE
Read more about new botnet in the Fortinet article: https://www.fortinet.com/blog/threat-research/andoryubot-new-botnet-campaign-targets-ruckus-wireless-admin-remote-code-execution-vulnerability-cve-2023-25717
An old vulnerability that got a second chance with the advent of a new botnet type running through it.
Search on Netlas.io:
👉🏻 Dork: http.favicon.hash_sha256:44648ca99e1d18589d4b72b19156bf61117c09e311b9f26fa771d9acf5cf463f
👉🏻 Link: https://nt.ls/s1WYE
Read more about new botnet in the Fortinet article: https://www.fortinet.com/blog/threat-research/andoryubot-new-botnet-campaign-targets-ruckus-wireless-admin-remote-code-execution-vulnerability-cve-2023-25717
👾4
Netlas module for OWASP Amass
We continue to tell you about the tools in which Netlas.io is integrated in one way or another.
And today, the well-known OWASP Amass is next in line!
Read here 👉🏻 https://netlas.medium.com/using-owasp-amass-with-netlas-io-module-cb7308669ecd
We continue to tell you about the tools in which Netlas.io is integrated in one way or another.
And today, the well-known OWASP Amass is next in line!
Read here 👉🏻 https://netlas.medium.com/using-owasp-amass-with-netlas-io-module-cb7308669ecd
Medium
Using OWASP Amass with Netlas.io module
In this article, I will show how to configure OWASP Amass to use the Netlas module built into it.
👾6👍2
CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, CVE-2023-20189: Multiple vulns on the Cisco Small Business Switches. 8.6 rating ❗️
An attacker can cause DoS or perform remote code execution with root user rights. POC is available!
Search on Netlas.io:
👉🏻 Link: https://nt.ls/eIvyW
👉🏻 Dork: http.favicon.perceptual_hash:ffdb0113090009ff~1 AND http.body:"Small Business"
An attacker can cause DoS or perform remote code execution with root user rights. POC is available!
Search on Netlas.io:
👉🏻 Link: https://nt.ls/eIvyW
👉🏻 Dork: http.favicon.perceptual_hash:ffdb0113090009ff~1 AND http.body:"Small Business"
🔥4👾2
CVE-2023-25690: Request Smuggling attack on Apache HTTP Server with 9.8 rating 🔥
An old vulnerability, but a POC has been published today.
Search on Netlas.io (over 20 million results):
👉🏻 Link (with tags): https://nt.ls/bGPCz
👉🏻 Link (without tags): https://nt.ls/0Xh1g
👉🏻 Dork: tag.name:"apache" AND (tag.apache.version:>=2.4.0 AND tag.apache.version:<=2.4.55)
An old vulnerability, but a POC has been published today.
Search on Netlas.io (over 20 million results):
👉🏻 Link (with tags): https://nt.ls/bGPCz
👉🏻 Link (without tags): https://nt.ls/0Xh1g
👉🏻 Dork: tag.name:"apache" AND (tag.apache.version:>=2.4.0 AND tag.apache.version:<=2.4.55)
👾3🤷♂1👍1
This Friday we want to share an interesting guide to using Netlas.io for bug bounties. The authors have done a big job, and now you can look at the results of their labor and appreciate possibilities of Netlas.
👉🏻 Part 1: https://youtu.be/lJFXNthSVko
👉🏻 Part 2: https://youtu.be/wHrn0EJOFfI
👉🏻 Part 3: https://youtu.be/pwUrHGg53Jw
Thanks to ValluvarSploit and _mohd_saqlain for creating the guide and permission to post it!
👉🏻 Part 1: https://youtu.be/lJFXNthSVko
👉🏻 Part 2: https://youtu.be/wHrn0EJOFfI
👉🏻 Part 3: https://youtu.be/pwUrHGg53Jw
Thanks to ValluvarSploit and _mohd_saqlain for creating the guide and permission to post it!
👾8
Using Netlas.io within Tines automations
This time we will tell you about working with Tines platform and the Netlas.io tools integrated into it. A little automation never hurt anyone :)
Read here 👉🏻
https://medium.com/@netlas/using-netlas-io-within-tines-automations-31518289e5e3
This time we will tell you about working with Tines platform and the Netlas.io tools integrated into it. A little automation never hurt anyone :)
Read here 👉🏻
https://medium.com/@netlas/using-netlas-io-within-tines-automations-31518289e5e3
Medium
Using Netlas.io within Tines automations
Basics of building automated circuits in Tines and using Netlas.io searches in them. Creation of a mechanism for detecting virtual hosting.
👾4👍1
Dork list for Netlas.io has been updated on GitHub!
Two new categories: "Web cameras" and "VoIP", have been added, and old ones have been supplemented.
👉🏻 Link: https://github.com/netlas-io/netlas-dorks
Some new queries just waiting for you to test them.
Two new categories: "Web cameras" and "VoIP", have been added, and old ones have been supplemented.
👉🏻 Link: https://github.com/netlas-io/netlas-dorks
Some new queries just waiting for you to test them.
👍3👾3
CVE-2023-25157: SQL injection for GeoServer, 9.8 rating 🔥
An old vulnerability with working PoC.
Search at Netlas.io:
👉🏻 Dork: http.noscript:"geoserver"
👉🏻 Link: https://nt.ls/g7sTM
Vendor's advisory: https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf
An old vulnerability with working PoC.
Search at Netlas.io:
👉🏻 Dork: http.noscript:"geoserver"
👉🏻 Link: https://nt.ls/g7sTM
Vendor's advisory: https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf
👾3👏1
CVE-2023-33778: Hard-coded creds in Draytek Vigor Routers, 9.8 rating 🔥
Attackers can bind any affected device to their own account. PoC is available!
Search at Netlas.io:
👉🏻 Dork: http.favicon.hash_sha256:0af4f089d58e919f4ee421727e9ac54d885d6b3b05ec16e4d94b703f45c7eef9
👉🏻 Link: https://nt.ls/NbBpK
PoC and more information: https://gist.github.com/Ji4n1ng/6d028709d39458f5ab95b3ea211225ef
Attackers can bind any affected device to their own account. PoC is available!
Search at Netlas.io:
👉🏻 Dork: http.favicon.hash_sha256:0af4f089d58e919f4ee421727e9ac54d885d6b3b05ec16e4d94b703f45c7eef9
👉🏻 Link: https://nt.ls/NbBpK
PoC and more information: https://gist.github.com/Ji4n1ng/6d028709d39458f5ab95b3ea211225ef
👾4🔥1
CVE-2023-27997: Pre-authentication RCE on Fortigate VPN, 9.8 rating 🔥
Heap overflow, vulnerability potentially affecting multiple versions.
Search at Netlas.io:
👉🏻 Link with tags (recommended): https://nt.ls/jOlSo
👉🏻 Link without tags (less precision): https://nt.ls/3NrQW
Read detailed analysis by LexfoSecurity: https://blog.lexfo.fr/xortigate-cve-2023-27997.html
Heap overflow, vulnerability potentially affecting multiple versions.
Search at Netlas.io:
👉🏻 Link with tags (recommended): https://nt.ls/jOlSo
👉🏻 Link without tags (less precision): https://nt.ls/3NrQW
Read detailed analysis by LexfoSecurity: https://blog.lexfo.fr/xortigate-cve-2023-27997.html
👾5🔥2
CVE-2023-3128: Authentication Bypass in Grafana, 9.4 rating ❗️
CVE vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
During Grafana's Azure AD account validation, an attacker can spoof the profile email field and hijack the account.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/iqMVz
👉🏻 Dork: http.favicon.hash_sha256:80a7f87a79169cf0ac1ed3250d7c509368190a97bc7182cd4705deb8f8c70174 AND http.noscript:"Grafana"
CVE vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
During Grafana's Azure AD account validation, an attacker can spoof the profile email field and hijack the account.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/iqMVz
👉🏻 Dork: http.favicon.hash_sha256:80a7f87a79169cf0ac1ed3250d7c509368190a97bc7182cd4705deb8f8c70174 AND http.noscript:"Grafana"
👾4🔥2
CVE-2023-36630: Privilege Escalation and Authentication Bypass in CloudPanel, critical rating 🔥
Fresh vulnerability based on insecure file uploads.
Search at Netlas.io:
👉🏻 Link: nt.ls/V3hEn
👉🏻 Dork: http.noscript:"cloudpanel" NOT http.body:"2.3.1"
Read vendor's changelog: https://www.cloudpanel.io/docs/v2/changelog/
Fresh vulnerability based on insecure file uploads.
Search at Netlas.io:
👉🏻 Link: nt.ls/V3hEn
👉🏻 Dork: http.noscript:"cloudpanel" NOT http.body:"2.3.1"
Read vendor's changelog: https://www.cloudpanel.io/docs/v2/changelog/
👾5🔥1
CVE-2023-3460: Privilege Escalation in UltimateMember WordPress plugin, 9.8 rating! 🔥
A vulnerability has been observed for several versions of the plugin and is actively exploited by hackers.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/S9Skz
👉🏻 Dork: http.body:"wp-content/plugins/ultimate-member"
Vendor's comments: https://wordpress.org/support/topic/cve-2023-3460/
A vulnerability has been observed for several versions of the plugin and is actively exploited by hackers.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/S9Skz
👉🏻 Dork: http.body:"wp-content/plugins/ultimate-member"
Vendor's comments: https://wordpress.org/support/topic/cve-2023-3460/
👾4🔥1
This media is not supported in your browser
VIEW IN TELEGRAM
The end of Beta Presale II is very close!
Hurry up to get Netlas.io subnoscription with a 50% discount, after 6 days the discount will be reduced ❗️
👉🏻 Buy a subnoscription: https://app.netlas.io/plans/
In the near future, we'll also publish new features of Netlas.io (like in GIF). Sure you'll like them!
Hurry up to get Netlas.io subnoscription with a 50% discount, after 6 days the discount will be reduced ❗️
👉🏻 Buy a subnoscription: https://app.netlas.io/plans/
In the near future, we'll also publish new features of Netlas.io (like in GIF). Sure you'll like them!
👾4👨💻1
Media is too big
VIEW IN TELEGRAM
A new tool in Netlas 🔥
The search engine has received a new functionality - the Attack Surface Discovery tool. Check out Netlas.io to build your surfaces with our data!
Links:
👉🏻 Tool: https://app.netlas.io/asd/
👉🏻 Medium article: https://netlas.medium.com/netlas-io-attack-surface-discovery-tool-6fbd6b3e9706
👉🏻 Overview video: https://youtu.be/98s-Iu5MyRw
The search engine has received a new functionality - the Attack Surface Discovery tool. Check out Netlas.io to build your surfaces with our data!
Links:
👉🏻 Tool: https://app.netlas.io/asd/
👉🏻 Medium article: https://netlas.medium.com/netlas-io-attack-surface-discovery-tool-6fbd6b3e9706
👉🏻 Overview video: https://youtu.be/98s-Iu5MyRw
🔥5🆒2👾2