DEPRECATED - Please refer to the following repository:

Tools and Techniques for Vulnerability Validation

• Vulnerabilities by Qualys
• Other Checks
• Tools

The purpose of this repository is to provide DevOps the necesary tools and techniques to expedite the process of validating the remediation of vulnerabilities.

It is important to note that a Linux server is used for most of these vulnerabilities, this is because commands like grep, sed, etc. work differently in OSX, in that case the GNU version can be installed with Homebrew but results may be different. The recommendation is to have a dedicated server with Linux to execute these tools. Also, if the servers are facing the Internet the recommendation is to have the server outside the corporate network. Have in mind that some Cloud Server Provides does not allow the use of tools like nmap in their networks.

Vulnerabilities by Qualys

• 38140 - SSL Server Supports Weak Encryption Vulnerability
• 38601 - SSL/TLS use of weak RC4 cipher on Multiple Hosts
• 38603 - SSLv3 Padding Oracle Attack Information Disclosure Vulnerability (POODLE)
• 38626 - OpenSSL oracle padding vulnerability (CVE-2016-2107)
• 42366 - SSLv3.0:TLSv1.0 Protocol Weak CBC Mode Server Side Vulnerability (BEAST)
• 42430 - OpenSSL Memory Leak Vulnerability (Heartbleed Bug)

Other Checks

• IKE Aggressive Mode Authentication Enabled
• NTP Servers Exposed to Internet
• SNMP Server Enabled
• SSL/TLS Enabled in SMTP
• TLSv1 Enabled in SMTP or HTTP

Tools

• sslyze_cli.py Fast and full-featured SSL scanner for Python 2.7. SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers.
• Nmap: Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).
• heartbleed-poc Test for SSL heartbeat vulnerability (CVE-2014-0160)
• heartleech This is a typical "heartbleed" tool. It can scan for systems vulnerable to the bug, and then be used to download them.
• Filippo.io Simple test for the May 2016 OpenSSL padding oracle (CVE-2016-2107). It only works with HTTPS.
• CVE-2016-2107 web test Simple web test for the May 2016 OpenSSL padding oracle (CVE-2016-2107). It only works with HTTPS.