Rumble Blog

September 9, 2021

Finding Confluence servers with Rumble

The U.S. Cyber Command recently reported “mass exploitation” of a code execution vulnerability in Atlassian’s popular Confluence software (CVE-2021-26084). This vulnerability has a CVSS Base score of 9.8 (considered “critical”), requires no authentication for exploitation, …

Read More

September 8, 2021

Rumble 2.6: Integrate with Microsoft Azure Cloud, identify EOL assets, self-host in offline mode, and detect more protocols

What’s new with Rumble 2.6? Synchronize your Azure VM inventory with Rumble Identify assets running end-of-life OS versions Support for NFS, PPTP, and “r” services Updates to the CrowdStrike integration Install and update self-hosted Rumble in offline mode See new …

Read More

August 25, 2021

Finding Fortinet web application firewall devices with Rumble

Recently published security research from Rapid7 provides details on an OS command injection vulnerability in Fortinet’s web application firewall (WAF) product line known as FortiWeb. This vulnerability exists in the FortiWeb management interface (versions 6.3.11 and prior) …

Read More

August 19, 2021

BlackHat gems: HP iLO 5 vulnerabilities

Each year, August arrives with promises of hot weather and cool security research talks. The DEF CON, Black Hat, and BSidesLV security conferences bring people in from all over the world to share knowledge through conversations, villages, training, and talks. There are …

Read More

August 18, 2021

Risky Business: HD Moore talks Rumble and DCE/RPC party tricks

Podcast Description: “I am stoked to be publishing this interview. This Soap Box is brought to you by Rumble, the asset discovery company founded by HD Moore. For those of you who don’t know, HD is a security legend, having done all sorts of amazing research over the …

Read More

August 11, 2021

Fingerprinting Windows versions, AV, wireless cards over the network—all without authentication

Correctly identifying and categorizing network-connected systems without credentials is a tricky challenge and one of the fun parts of working at Rumble. This process of “fingerprinting” uses thousands of rules, pattern matches, and internal databases to take observed …

Read More

August 3, 2021

Rumble 2.5: Identify endpoint protection agents, detect wireless & mobile Internet, and scan all your EC2 accounts

What’s new with Rumble 2.5? Identify endpoint protection agents via integrations and unauthenticated scans Fingerprint wireless and mobile Internet on Windows without authentication Better fingerprinting for Windows 10 and 11, desktop/server, secondary IPs Discover …

Read More

July 28, 2021

In-depth network discovery made easy

Watch Tom Lawrence at Lawrence Systems give a flawless demo on Rumble (and make our job here in marketing a lot easier). He said, “A tool written born out of necessity, written by a hacker, often, to me, just makes for a better tool.” We couldn’t agree …

July 15, 2021

How to find SolarWinds Serv-U systems on your network

Microsoft recently notified SolarWinds that they had discovered a remote code execution vulnerability in Serv-U Managed File Transfer and Serv-U Secure FTP. The vulnerability being exploited is CVE-2021-35211 and only exists when SSH is enabled in Serv-U environments. …

Read More

July 13, 2021

Rumble 2.4: Achieve better visibility for cloud and endpoint assets

What’s new in Rumble 2.4? Integrations - Rumble’s integration efforts to date have been focused on bringing network inventory to platforms like Splunk and ServiceNow. The 2.4 release expands this to inbound integrations, with initial support for cloud assets …

Read More