More vulnerabilities found

As you might notice in the software vulnerabilities and weekly reports, as of last weekend ShadowTrackr finds more vulnerabilities. The CVE database is completely renewed, and with it we have a new version matching algorithm that is better than the previous one.

The vulnerabilities are still shown in the same way as before, it's just that more are detected.

One thing that is different is that the CVE database is also available as an index in ShadowTrackr, and you can query it if you want, for instance:

index=cves product=nginx cvss_score>8

Or:

index=cves product=php version=8.2.8

The primary reason to create and index for the CVEs is to be able to us it in reports. Some additional information still needs to be added for that to be really useful, but the first steps have been taken now :-)

More cipher fields in certifcates

Again some new fields are added to certificates:

- cipherorder_sslv3
- cipherorder_tlsv1
- cipherorder_tlsv1_1
- cipherorder_tlsv1_2
- cipherorder_tlsv1_3

You can use these to build queries like this one, which finds all certificates on servers that still support RC4 ciphers:

index=certificates cipherorder_sslv3=*RC4* OR
cipherorder_tlsv1=*RC4* OR cipherorder_tlsv1_1=*RC4* OR 
cipherorder_tlsv1_2=*RC4* OR cipherorder_tlsv1_3=*RC4*

Bug fixes and improved software detection

Besides a bunch of bug fixes, software detection has also improved this week. Attacks on edge devices are ever increasing. We try to detect all devices and technology that are commonly targeted. This week that meant we needed to add detection of Ubuiqiti network devices.