The Jooya system (vulnerability finder) allows the user to search for different types of computers connected to the network (webcam, router, server, etc.) using various filters. It can also provide information about server software, port status, active services, known vulnerabilities of each service, and exploit codes for those vulnerabilities. One of the important features of this search engine that distinguishes it from all other search engines in the world is its very high speed and the ability to find vulnerability exploit codes.
Features of Jooya system
- Scan 2 thousand common TCP/UDP ports with very high speed (about 100 thousand packets per second)
- Service scanning and Banner Grabbing
- CPE extraction of the running service (Common Platform Enumeration)
- CVE extraction (vulnerabilities) based on the obtained CPE
- Search for vulnerability exploit codes based on CVE
- Extracting SSL certificates
- Extract HTTP headers
- Extracting the technologies used in the web application
- Search results obtained with many types of filters
- Visualization of scan results
- Possibility of automatic exploitation through Metasploit and Nmap framework
Applications of Jooya system
- The possibility of periodically scanning network equipment and checking the open or closed status of unnecessary ports, which is always a security threat.
- Ability to discover vulnerable equipment in the shortest possible time after a CVE is publicly released
- The possibility of discovering unauthorized services running on the network
- The possibility of executing all kinds of vulnerable PoC codes (for example, discovering FTP servers that allow Anonymous Login)
- Ability to check expired or about to expire SSL certificates
- The possibility of reporting the status of the organization’s network
- Ability to identify operating systems that have reached EoL
- Ability to identify databases without the need for authentication
In the following two figures, examples of the visualization of the results of the survey and the system dashboard are shown.
Click here for more technical information.
