Attack Surface & Inventory 🎯

Advanced Search

Added advanced search in the Inventory. The advanced Language offers users a flexible, python-like syntax for querying and filtering assets with precision and efficiency. The language uses a key/value structure to construct search expressions, enabling advanced asset discovery capabilities, and provides autocompletion. Learn more about the advanced search from our documentation.

Asset Status Filter

Added a new search filter for assets based on their status. The filter has three possible values:

• Live: Shows assets with fingerprints.
• Dead: Shows assets without fingerprints.
• All: Shows assets with or without fingerprints.

When no filter is specified, all assets are shown.

Other changes

• Added support for showing a summary of the changes to be applied when modifying assets.

  

• Improved the performance of the Attack Surface. Loading of assets is now faster.
• Fixed a bug where service protocols were always reported as UPD/TCP. Services are now displayed with the correct value for the protocol, such as http or ssh.
• Improved the speed at which targets are scanned without compromising on the quality of the scan.

Scans & IDE

API Endpoints

Added autodiscovery and detection of various aspects of API endpoints during a scan.

• Technology: The API technology used, such as GraphQL, REST, or SOAP.
• Host: The hostname of the API endpoint.
• Port: The port number of the API endpoint.
• Path: The specific URL path of the API endpoint.
• Method: The HTTP method used (GET, POST, etc.).
• Function Name: The function associated with an API endpoint, e.g., in the case of microservices or serverless functions. Indexed for efficient search.
• Schemas: Associated requests and responses payload schemas.

Each endpoint can be clicked to see all the information extracted from it:

The overall UI and performance of the IDE has also been massively improved.

Scan Summary

Deprecated the AI scan summary and introduced a much more comprehensive and actionable scan summary. The new summary includes which tests were covered during the scan and which ones were not, as well has recommendations to improve testing.

Full Scan Example

Fast Scan Example

OXO

• Added support for scanning web apps from the CI/CD, with support for using custom test credentials, API schema, proxy, SBOM files, plus much more. Example command to run a web scan:

ostorlab --api-key APIKEY ci-scan run --title test1 --api-schema /tmp/schema.txt --scan-profile=full_web_scan link --url https://google.com

To learn more about all supported feature, read our GitLab Integration documentation.

Detection 🔍

GraphQL

Added detection for vulnerabilities and misconfigurations in GraphQL endpoints. These include HTTP Method Manipulation, Request Complexity and DoS Potential (Circular references & Circular Fragments), Field Duplication, Alias Overloading, Directive Overloading Detection, Object Limit Overriding Detection and Array-Based Batch Queries.

This feature aims to help developers and security professionals identify potential risks in their GraphQL APIs.

Domain & Subdomain Takeover

Added detection for domain and subdomain takeover. Domain and subdomain takeover is a type of cyber-attack where adversaries exploit misconfigured or unmonitored DNS records to assume control over a domain or subdomain associated with an organization.

This feature's key features include Advanced DNS Matching (CNAME, A, and AAAA records), dynamic takeover validation beyond fingerprints, and domain registration checks.

Threat Center

Added detection of several fingerprints:

• Zyxel Devices - Zyxel provides a wide range of networking solutions, including Unified Security Gateways (USG) and USG FLEX series devices.
• D-Link DNS ShareCenter - This ShareCenter™ Cloud Storage device enables you to share documents and media content such as photos, music and videos on a home network or over the Internet.
• Array Networks - Array Networks provides secure application delivery solutions.
• ProjectSend - ProjectSend is a free, open-source file sharing platform for organizations and teams.
• GeoVision - GeoVision specializes in advanced video surveillance solutions, offering state-of-the-art IP cameras, cloud-based surveillance platforms. etc...
• Cobbler - Cobbler is a Linux installation server that allows for rapid setup of network installation environments.
• PaloAltoNetworks PAN-OS - Palo Alto Networks PAN-OS is a next-generation firewall operating system that delivers advanced security features.
• LoadMaster Kemp - Kemp LoadMaster is a load balancer and application delivery controller that optimizes web and application performance.
• Cisco ASA - Cisco ASA Software delivers enterprise-class security capabilities for the ASA security family in a variety of form factors.
• Symfony - Symfony is a PHP framework for web applications and a set of reusable PHP components.
• Aruba Networks Access Points - Aruba Networks Access Points provide secure Wi-Fi solutions for enterprises, and this fingerprint matches the login page for Aruba Access Points.
• Nostromo Server - Nostromo is a lightweight, open-source web server designed for Unix-based systems, known for its simplicity and minimal resource usage.
• ServiceNow - ServiceNow is a cloud computing platform that helps companies manage digital workflows for global enterprises.
• ValueHD PTZ Camera - A PTZOptics camera offers a flexible solution for recording and live streaming events due to its pan, tilt, and zoom abilities and high-quality image.
• CyberPanel - CyberPanel is a web hosting control panel powered by OpenLiteSpeed with features for managing websites, DNS, and email.
• RAVPN - A remote access virtual private network (VPN) enables users to connect to a private network remotely using a VPN.
• Roundcube Webmail - Roundcube Webmail is a browser-based IMAP client with a user-friendly interface, providing features for email management.
• Fortinet FortiManager - FortiManager, now powered by FortiAI, revolutionizes network management and security operations by automating routine tasks and providing intelligent insights.

Added support for several CVEs:

• CVE-2024-8672 - The Widget Options – The #1 WordPress Widget & Block Control Plugin is vulnerable to Authenticated Remote Code Execution in all versions up to, and including, 4.0.7 via the display logic functionality that extends several page builders.
• CVE-2024-10781 - The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to a missing empty value check on the 'api_key' value in the 'perform' function in all versions up to, and including, 6.44.
• CVE-2024-10542 - The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2.
• CVE-2023-28461 - A critical vulnerability in Array Networks Array AG Series and vxAG SSL VPN gateways allows remote code execution by exploiting an HTTP header with the 'flags' attribute to browse the filesystem without authentication.
• CVE-2024-21287 - A vulnerability in Oracle Agile Product Lifecycle Management (PLM) was discovered, allowing remote attackers to exploit a file disclosure issue. This vulnerability can be exploited over the network without authentication, potentially disclosing sensitive files.
• CVE-2024-42450 - The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data.
• CVE-2024-47533 - Cobbler, a widely used Linux installation server for network installation environments, contains a critical authentication flaw in versions 3.0.0 to 3.2.2 and 3.3.6. This vulnerability is due to a defective function, bypassing authentication checks for the Cobbler XML-RPC interface.
• CVE-2024-47575 - A missing authentication for critical function in FortiManager allows attacker to execute arbitrary code or commands via specially crafted requests.
• CVE-2014-2120 - Cisco Cisco Adaptive Security Appliance (ASA) SSL VPN is prone to a cross-site scripting (XSS) vulnerability.
• CVE-2024-42509 - Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211).
• CVE-2019-16278 - Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.
• CVE-2024-8957 - ValueHD PTZ cameras below firmware version 6.3.40 contain a command injection vulnerability via NTP server configuration.
• CVE-2024-8956 - ValueHD PTZ cameras contain an authentication bypass vulnerability in the param.cgi endpoint.
• CVE-2024-50550 - Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Privilege Escalation. This issue affects LiteSpeed Cache versions before 6.5.2.
• CVE-2024-37383 - Roundcube Webmail before version 1.5.7 and versions 1.6.x before 1.6.7 contains a cross-site scripting vulnerability that can be exploited via SVG animate attributes.

Privacy & Compliance

• Added detection for Privacy Permission Usage Compliance Between AndroidManifest and Privacy Policy for Android and Permission Usage Compliance Between Info.plist and Privacy Policy for iOS. This detection checks the app's declared permissions with the information specified in the app's privacy policy.

The technical details of the reported findings includes the permissions found in the app's AndroidManifest.xml or Info.plist but are missing in the privacy policy.

This will help ensure developers adhere to acceptable privacy standards.

Integrations

Added support for optionally specifying a parent issue when configuring the Jira integration. If a parent issue is provided, it's used to create the issue in Jira. This change creates a smooth synchronization between Jira and Ostorlab.

Other changes in this release include the addition of the changelog to the dashboard to help users know and make the best use of new features and fixes.