-
Notifications
You must be signed in to change notification settings - Fork 26
"Find" command
Casey Reid edited this page Aug 19, 2022
·
5 revisions
While the 'ip' command helps find unknown information on known assets. The 'find' command helps identify the unknown information on unknown assets. For instance, consider the below use-cases and the time it may take for you to answer them.
- What assets have port 21/ftp open?
navi find port 21 - How many assets took longer than 20 mins to scan?
navi find scantime 20 - What assets have credential failures?
navi find creds - What assets are running Docker?
navi find docker - What assets have java vulnerabilities?
navi find name java - What linux assets have splunk package installed?
navi find plugin 22869 --output "splunk" - What assets have CISA Known Exploits?
navi find xref "CISA"
All of these answers are discoverable using the find command. While it is not a panacea at scale, it can help identify if the question at hand is worth your time to investigate. To explain, if you run the navi find port 21 command and find nothing vs finding 1000s, your action may change dramatically.
- creds --> Find Assets with Credential Issues using plugin 104410
- cves TEXT --> Find Assets that have a given CVE
- docker --> Find Docker Hosts using plugin 93561
- ghost --> Find Assets that have not been scanned in any Cloud
- name TEXT --> Find Assets with a given port open
- plugin TEXT --> Find Assets where a plugin fired
- port INT --> Find Assets with a given port open
- query TEXT --> Find Assets with a given port open
- scantime INT --> Find Assets where a plugin fired
- webapp TEXT --> Find Potential Web Apps using plugin 1442 and 22964
- xrefs TEXT--> Find Assets that have a Cross Reference Type and/or ID
navi find cves
navi find docker
navi find ghost
navi find scantime 20
navi find plugin 19506