ONYPHE

Tag list and their meaning within riskscan

riskscan contains a subset of data that can be found in datascan and vulnscan categories. In riskscan, we focus on most important threats, the one you should fix on your Internet connected devices. For instance, if you have a database exposed without authentication, a rdp service, or a critical vulnerability, you should act quickly.

In the below list of tags, we indicate the source dork that was used to match against the given risk. We then show the corresponding riskscan dork and the meaning of the risk. Finally, we explain why it is important to take care of identified risk.

Tags and their meanings

risk::criticalcve

Source dork: category:vulnscan -exists:cve riskscan dork: category:riskscan tag:risk::criticalcve

risk::sensitiveprotocol

Source dork: category:datascan ?protocol:rpc ?protocol:wcf ?protocol:sip ?protocol:adb ?protocol:rdp ?protocol:x11 ?protocol:vnc ?protocol:smb ?protocol:ssh ?protocol:snmp ?protocol:ntp ?protocol:rsync ?protocol:telnet ?protocol:xdmcp ?protocol:winrm ?protocol:dcerpc ?protocol:fw1topo ?app.http.component.product:“RD Web Access” riskscan dork: category:riskscan tag:risk::sensitiveprotocol

risk::sensitivedevice

Source dork: category:datascan ?device.class:medical ?device.class:C2 ?device.class:infostealer ?device.class:SCADA ?device.class:printer ?device.class:camera ?device.class:hvac ?device.class:ups riskscan dork: category:riskscan tag:risk::sensitivedevice

risk::opendatabase

Source dork: category:datascan device.class:database tag:open riskscan dork: category:riskscan tag:risk::opendatabase

risk::exposeddatabase

Source dork: category:datascan device.class:database !tag:open riskscan dork: category:riskscan tag:risk::exposeddatabase

risk::vpnserver

Source dork: category:datascan device.class:“vpn server” riskscan dork: category:riskscan tag:risk::vpnserver

risk::compromised

Source dork: category:datascan tag:compromised riskscan dork: category:riskscan tag:risk::compromised

risk::certexpired

Source dork: category:datascan -tlsexpired:1 riskscan dork: category:riskscan tag:risk::certexpired

risk::loginmanagement

Source dork: category:datascan tag:login tag:management riskscan dork: category:riskscan tag:risk::loginmanagement

risk::loginpage

Source dork: category:datascan tag:login !tag:management riskscan dork: category:riskscan tag:risk::loginpage

risk::smbnullsession

Source dork: category:datascan app.smb.nullsession:true riskscan dork: category:riskscan tag:risk::smbnullsession

risk::ftpanonymous

Source dork: category:datascan app.ftp.anonymous:true riskscan dork: category:riskscan tag:risk::ftpanonymous

risk::openbucket

Source dork: category:datascan tag:openbucket riskscan dork: category:riskscan tag:risk::openbucket

risk::opendir

Source dork: category:datascan tag:opendir riskscan dork: category:riskscan tag:risk::opendir

risk::opensip

Source dork: category:datascan tag:open protocol:sip riskscan dork: category:riskscan tag:risk::opensip

risk::infodisclosure

Source dork: category:datascan ?tag:phpinfo ?tag:serverinfo ?tag:serverstatus riskscan dork: category:riskscan tag:risk::infodisclosure

risk::debug

Source dork: category:datascan tag:debug riskscan dork: category:riskscan tag:risk::debug

risk::backupsolution

Source dork: category:datascan device.class:“Backup Solution” riskscan dork: category:riskscan tag:risk::backupsolution

risk::iot

Source dork: category:datascan device.class:IOT riskscan dork: category:riskscan tag:risk::iot

risk::obsolete

Source dork: category:datascan tag:obsolete riskscan dork: category:riskscan tag:risk::obsolete