PFsense Gets Big GUI Update

PFsense recently released version 2.3 and the graphical user interface (GUI) has been updated to a much more modern look. It blew me away when I logged in after the update. The release notes give more details, but it looks like the key points are the GUI update and changes that allow easier updates. There are some additions and subtractions of available packages as well. Check it out.

https://pfsense.org/download/

Nmap Scripting

Did you know that Nmap has a scripting language and can do things such as enumerating details on WordPress sites like usernames and installed plugins, check for vulnerabilities or do brute forcing? On the Security Weekly podcast episode 457 they brought up Nmap scripting and the fact that a ton of scripts come included with Nmap. I had no clue. On OSX the scripts directory for Nmap is located here /usr/local/share/nmap/scripts If you use another OS just do a search for *.nse and you will find the scripts directory.

Nmap script usage:

nmap --script <script name> <target>

Example of a script that enumerates visible folders and files on a web server:

nmap --script http-enum google.com

 

http://wiki.securityweekly.com/wiki/index.php/Episode457

https://nmap.org/book/nse-usage.html