Automated Vulnerability Scanners

Everyone on the interwebz that says they know something about pentesting will talk shit about nessus and say that it is for lazy pentesters, it creates too much noise, and that it produces too many false positives. That may be true, I don't know. But from a learning perspective it can be really great. It can help to show you what kind of vulnerabilities are out there. So whatever, do what you want.

Server side scanning

Nessus

Register and download it here. http://www.tenable.com/products/nessus-home

Then

dpkg -i nameOfFile

Start it

/etc/init.d/nessusd start

Nmap Scripting Engine

Scripts are found on kali at:

/usr/share/nmap/scripts

nmap --script-help default

Or for a specific script:

nmap --script-help nameOfScript

Run all default scripts together with a port-scan. These scripts could possibily crash certain servers. Causing a denial-of-service. So never run this on production servers.

nmap -sC 192.168.1.101

Nmap has categoriesed their scripts into several different categories to make it easier to run a few of them together

uth
broadcast
default
discovery
dos
exploit
external
fuzzer
intrusive
malware
safe, 
version
vuln

So if you want to test all the vuln-scripts you do

nmap 192.168.1.10 -sC vuln

OpenVas

OpenVas is another popular open-soruce vulnerability scanner.

If you are on Kali linux you have to firt run the initial setup scripts, like this

openvas-setup

Make sure to write down the password that the initialisation-scripts gives you

This will download some stuff and start setting everything up. WHen everything is set up you go to the web-interface:

https://127.0.0.1:9392/login/login.html

Metasploit Scanner Module

Web Application Scanner

Nikto

nikto -h example.com

Uniscan

uniscan -h 192.168.1.102

Metasploit - Wamp

Found in metasploit

load wamp
help

Read more here https://www.offensive-security.com/metasploit-unleashed/wmap-web-scanner/