Rumble 1.16: Duplicate SSH Keys, Rogue Remote Access Solutions, and Device Serial Numbers/Asset Tags
Rumble excels at finding outliers on the network, and finding duplicate SSH keys is one application of this. Vulnerability scanners can find a known bad SSH keys but they don’t look for duplicate keys. Rumble collects all SSH key MD5 hashes and then pivots over the SSH host key MD5 to find keys that exist more than once.
Remote Desktop Protocol (RDP) is a useful tool when enabled on a machine that’s properly managed on the domain (that is if you’re properly managing local accounts). However, RDP can also put you at risk if active on a machine that’s not in your domain. It’s typically tough to find those, but with Rumble you can. Rumble now detects the TeamViewer protocol on your network in addition to the existing coverage for RDP, VNC, SPICE, and PC Anywhere. This rounds off Rumble’s broad support for monitoring remote access solutions.
A few weeks ago, one of our customers asked us if we could pull serial numbers out of Cisco devices because this would be very useful for their MSSP business, and it’s now included in Rumble. Pulling serial numbers remotely can be very useful to for support questions and to see if a device’s warranty has expired and it should be replaced. You must have SNMP credentials (or the v2 community “public”) configured for your scans for this query to work.
- The Inventory Search, Exports, and Reports are now significantly faster for large organizations.
- The Agents page will now flag any Windows Agents with an obsolete version of Npcap installed.
- The Dashboard now links to the top 5,000 results for asset types and service details.
- An issue with Crestron probe has been resolved that could hang concurrent scans.
- Rumble-provided queries can now be saved as per-account copies and modified.
- The 169.254.0.0/16 subnet is no longer ignored when processing scan results.
- The Rumble Scanner now supports importing gzip-compressed scan data.
- The Rumble Scanner and Rumble Agent now detect the CheckMK service.
- Partial site scans now consider ARP cache data from the entire site.
- The JARM probe receive some bug fixes and improvements.
- VMware ESXi versions are now reported correctly.
The complete release notes for v1.16.0 can be found in our documentation
If you haven’t had a chance to try Rumble before, or would like to play with the new features, sign up for a free trial and let us know what you think!
October 5, 2021
Rumble 2.7: New dashboard, multi-subscription Azure, AWS ELBs, Splunk add-on improvements, and faster discovery for Rumble Professional
What’s new with Rumble 2.7? User experience improvements Get insights, trends, and visualizations from your dashboard Easily navigate configuration pages for scans, imports, connections, and more Know when your connector credentials are invalid Integration …Read More
September 8, 2021
Rumble 2.6: Integrate with Microsoft Azure Cloud, identify EOL assets, self-host in offline mode, and detect more protocols
What’s new with Rumble 2.6? Synchronize your Azure VM inventory with Rumble Identify assets running end-of-life OS versions Support for NFS, PPTP, and “r” services Updates to the CrowdStrike integration Install and update self-hosted Rumble in offline mode See new …Read More
August 3, 2021
Rumble 2.5: Identify endpoint protection agents, detect wireless & mobile Internet, and scan all your EC2 accounts
What’s new with Rumble 2.5? Identify endpoint protection agents via integrations and unauthenticated scans Fingerprint wireless and mobile Internet on Windows without authentication Better fingerprinting for Windows 10 and 11, desktop/server, secondary IPs Discover …Read More