NERVE is a vulnerability scanner tailored to find low-hanging fruit level vulnerabilities, in specific application configurations, network services, and unpatched services.
It is not a replacement for Qualys, Nessus, or OpenVAS. It does not do authenticated scans and operates in black-box mode only.
NERVE will do "some" CVE checks, but this is primarily coming from version fingerprinting.
Example of some of NERVE's detection capabilities:
- Interesting Panels (Solr, Django, PHPMyAdmin, etc.)
- Subdomain takeovers
- Open Repositories
- Information Disclosures
- Abandoned / Default Web Pages
- Misconfigurations in services (Nginx, Apache, IIS, etc.)
- SSH Servers
- Open Databases
- Open Caches
- Directory Indexing
- Best Practices
Continuous Security
We believe security scanning should be done continuously. Not daily, weekly, monthly, or quarterly.
The benefit of running security scanning continuously can be any of the following:
- You have a dynamic environment where infrastructure gets created every minute/hour/etc.
- You want to be the first to catch issues before anyone else
- You want the ability to respond quickly.
NERVE was created to address this problem. Commercial tools are great, but they are also heavy, not easily extensible, and cost money.
Author
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
- LiveSeptember 5, 2024"40 Steps" Satellite Security - Registration for LIVE WORKSHOP IS NOW ON!
- LiveAugust 21, 2024"40 Steps" Game Hacking - Registration for LIVE WORKSHOP IS NOW ON!
- BlogDecember 13, 2022What are the Common Security Weaknesses of Cloud Based Networks?
- BlogOctober 12, 2022Vulnerability management with Wazuh open source XDR