Yes Cloud Penetrator can find mis configuration such as open firewall, vulnerabilities in web server.
It can find out if you have open ports that should not be open.
Accessible directories on the web server that should not be accessible.
It is often overlooked as even a security threat at all.
However even the most secure site can crumble if there is made a human error by a misconfiguration.
A misconfiguration can as an example be a quick remote login option that a programmer or technician left open.
A programmer or technician while fixing a problem for a customer might need to as a quick fix leave an SSH, Telnet, FTP, Teamviewer or other kind of remote connection service wide open.
it is a popular thing to forget to close those type of services after they have been used and is no longer used.
Because the services are opened as a quick fix they might not even be monitored for future security updates. Those services have a very long history of vulnerabilities and very likely will be vulnerable again in the future.
A way to combat human errors and misconfiguration is to scan all your local and public IP addresses regularly or at least on a weekly basis for vulnerabilities.
A good way to find unwanted services or human errors is also to do a full 65535 TCP and UDP port scan of all your IP Addresses.
Then you can quickly see if you have un authorized open ports that are just waiting for an attacker to break in to.
Always close all the ports you are not using and only allowed trusted users from trusted IP addresses to connect to them.
Sensitive information that leaks into search engines. Open Databases and other direct leaks.
You receive a comprehensive PDF, HTML or xml reporting to resolve the identified vulnerabilities.
An Example of Mis Configuration Vulnerability
Attacker launched MELBER BATTLE to hack thousands of devices, including routers, cameras and webcams. Then, we identified a patch that could reduce the risk of similar attacks in the future.
Data show more than 7 million vulnerable devices at risk
Vulnerable device configuration
Human error was to blame for a major router vulnerability. Researchers from the cyber security company Red Team made the revelation on March 24.In a blog post, the researchers said.
Learn about the VMware misconfiguration vulnerability that was patched in ESXi 6.7 Update 1, ESXi 6.7 Update 2, and ESXi 6.5 Update 2.
Note: Only vulnerable servers need to be remediated. SVR4 hosts are not affected by this vulnerability.
Vulnerability Details
The vulnerability that was patched in ESXi 6.5.0-22.0 is the DoS vulnerability. This vulnerability was due to a misconfiguration when the XtBranchConfiguration object was instantiated.