Perform a Nessus scan via port forwarding rules only
voidsec2022-01-14T09:09:36+01:00This post will be a bit different from the usual technical stuff, mostly because I was not able to find any reliable solution on Internet and I would like to help other people having the same doubt/question, it's nothing advanced, it's just something useful that I didn't see posted before.
During a recent engagement I found myself in a strange network position. I had to perform a Nessus credentialed and patch checks on some Windows server, I was in a vLAN...
voidsec2022-01-14T09:15:47+01:00(Edited on 06/04: in order to reflect the actual situation)
TL:DR: VPN leaks users’ IPs via WebRTC.
I’ve tested hundred VPN and Proxy providers and 19 of them leaks users’ IPs via WebRTC (16%)
You can check if your VPN leaks visiting: http://ip.voidsec.com
Here you can find the complete list of the VPN providers that I’ve tested: https://docs.google.com/spreadsheets/d/1Nm7mxfFvmdn-3Az-BtE5O0BIdbJiIAWUnkoAF_v_0ug/edit#gid=0
Add a comment or send me a tweet if you have updated results for any of the VPN which I am missing details. (especially...