English

Never Trust Your Victim: Weaponizing Vulnerabilities in Security Scanners

Cryptography and Security 2020-06-18 v1

Abstract

The first step of every attack is reconnaissance, i.e., to acquire information about the target. A common belief is that there is almost no risk in scanning a target from a remote location. In this paper we falsify this belief by showing that scanners are exposed to the same risks as their targets. Our methodology is based on a novel attacker model where the scan author becomes the victim of a counter-strike. We developed a working prototype, called RevOK, and we applied it to 78 scanning systems. Out of them, 36 were found vulnerable to XSS. Remarkably, RevOK also found a severe vulnerability in Metasploit Pro, a mainstream penetration testing tool.

Keywords

Cite

@article{arxiv.2006.09769,
  title  = {Never Trust Your Victim: Weaponizing Vulnerabilities in Security Scanners},
  author = {Andrea Valenza and Gabriele Costa and Alessandro Armando},
  journal= {arXiv preprint arXiv:2006.09769},
  year   = {2020}
}

Comments

Accepted at RAID 2020

R2 v1 2026-06-23T16:24:00.936Z