Blog Posts

Overview Recog may be one of the most underrated open source security projects of all time. Recog started off in the early 2000s as the fingerprinting backend for Rapid7’s Nexpose (aka InsightVM) vulnerability scanner. It was released as open source in 2014 and integrated into the Metasploit Framework and Metasploit Pro products. The fingerprint coverage continues to grow through analysis of the Project Sonar data and contributions by our team as part of Rumble development.

Overview Rumble 1.10 is live with continuous scanning, user interface updates, an event log, updates to the scan engine, additional fingerprints, and a new way to keep recurring scans in sync with their sites! Continuous Scanning All paid plans now support a new Continuous scanning option. This will run scans back-to-back, pausing only to apply agent updates. For folks who want to keep a close eye on their networks, continuous scans bring you fresher data, faster.

Introduction Rumble helps you quickly identify all your assets but organizing those assets can get tricky in large environments. In this edition of Tips & Tricks, we will look at how Rumble manages data and how you can organize this data using Organizations, Sites, and Tags. The image to the right highlights the general data model for Rumble. The key things to note: Accounts have Organizations and Users Organizations have Sites and Agents Sites have Assets & Tasks Assets have Tags Leveraging Organizations Every Rumble account includes unlimited Users, Sites, and Agents.

Overview Rumble 1.9.0 is out with major updates to the scan engine, reports, fingerprinting, user interface, documentation, and much more! Scan Engine Folks who scan external assets using their hostnames will now see asset correlation occur using the DNS name itself. For environments where IP addresses are constantly changing (load balancers, CDNs, etc) this leads to less churn and a more accurate inventory. The Rumble Agent and Rumble Scanner now detect and automatically filter out invalid services caused by intercepting middle devices such as Fortigate firewalls and Cisco ASAs.

The Ripple20 vulnerabilities identified by JSOF impact millions of devices running the Treck operating system, many of which have not and will not receive updates. Finding exposed devices can be tricky since many of the device types (battery backups, printers, etc) are often excluded from normal vulnerability scans, sometimes automatically. Fortunately, Rumble’s scan engine is safe to use with embedded devices of all types and already collects enough information to identify many affected systems.