Vulnerability

Perform vulnerability scanning and exploit research.

Vulnerability Scanner

Nessus

Vulnerability scanner very powerful.

Runs on port 8834 tcp.

Nessus has two parts (both can be on the same machine):

Client to configure the scan.
Server to perform the scan and send the results to the client.

For Free License register HERE. For Download HERE.

Start & Stop:

systemctl start nessusd
systemctl stop nessusd

net start "Tenable Nessus"
net stop "Tenable Nessus"

Go to: https://<MY_IP>:8834/

Create a local account.

OpenVAS

Vulnerability scanner open-source and free.

Runs on port 8080 tcp.

Like nessus, OpenVAS also has two parts (both can be on the same machine):

Client to configure the scan.
Server to perform the scan and send the results to the client.

Tools & Other

Tool

Details

nmap

/usr/share/nmap/scripts/ nmap --script-updatedb nmap --script--help <SCRIPT> nmap --script "<SCRIPT or TYPE[safe,vuln,external]>" <IP>

nikto

Server Web Scanner. Edit /var/lib/nikto/nikto.conf.default nikto -h <URL> -o <OUTPUT.html> -Format html

wpscan

WordPress Security Scanner. wpscan --url <URL> --random-user-agent -o <OUTPUT> -e p --plugins-detection aggressive --api-token <API_KEY>

Research Exploit

Very important to analyze the exploits found very carefully, they could be harmful!

Tools

Detail

searchsploit

Exploit-db database locally and offline. sudo apt install exploitdb searchsploit -u (update) searchsploit <STRING> (get ID) searchsploit -w <STRING> (get LINK) searchsploit -x <ID> (see l'exploit) searchsploit -m <ID> (Copy exploit + info)

Last updated 1 day ago

Was this helpful?