SMK Muhammadiyah 2 Palembang
  • Introducation
  • The Basics
    • Basics of linux
    • Bash-scripting
    • Vim - Text Editor
    • Nano - Text Editor
  • Windows
    • Basics of windows
    • PowerShell
    • CMD - Windows commands
  • Scripting With Python
    • Python fundamentals
      • Useful Scripts
    • Transferring Files
      • Transferring Files on Linux
      • Transferring Files to Windows
    • Firewalls
  • Recon and Information Gathering Phase
    • Passive information gathering
    • Identify IP-addresses and Subdomains
      • Dorking Find Subdomains
      • Find Subdomains
      • DNS Basics
      • DNS Zone Transfer Attack
      • Identifying People
      • Search Engine Discovery
      • Active information gathering
      • Port Scanning
  • Vulnerability analysis
    • Server-side Vulnerabilities
      • Port knocking
    • HTTP - Web Vulnerabilities
      • Web-services
      • Common web-services
        • WAF - Web application firewall
          • WAF - Web application firewall
          • Attacking the System
          • Local File Inclusion (LFI)
          • Remote File Inclusion
          • Find hidden files and directories
          • SQL-injections
          • Nosql-injections
          • XML External Entity Attack
          • Bypass File Upload Filtering
          • Exposed Version Control
          • Failure to Restrict URL Access
    • Attacking the user
      • Clickjacking
      • Broken Authentication or Session Management
      • Text/content-injection
      • Subdomain Takeover
      • Cross Site Request Forgery
      • Cross-site-scripting
        • Examples
      • Browser vulnerabilities
      • Java applet
      • Automated Vulnerability Scanners
    • Exploiting
      • Social Engineering - Phishing
      • Default Layout of Apache on Different Versions
      • Shell
      • Webshell
      • Generate shellcode
      • Editing exploits
      • Compiling windows exploits
    • Post Exploitation
      • Spawning shells
      • Meterpreter shell for post-exploitation
      • Privilege Escalation
      • Privilege Escalation Windows
      • Escaping Restricted Shell
      • Bypassing antivirus
      • Loot and Enumerate
        • Loot Windows
        • Loot Linux
      • Persistence - Rootkit - Backdoor
      • Cover your tracks
  • Password Cracking
    • Generate custom wordlist
    • Offline password cracking
    • Online password cracking
    • Pass the hash - reusing hashes
  • Pivoting - Port forwarding - Tunneling
    • Pivoting
  • Network traffic
    • Arp-spoofing - Sniffing traffic
      • SSL-strip
    • DNS-spoofing
    • Wireshark
  • Wifi
    • WPS
    • WEP
  • Physical access to machine
  • Literature
Powered by GitBook
On this page
  • Server side scanning
  • Web Application Scanner
  1. Vulnerability analysis
  2. Attacking the user

Automated Vulnerability Scanners

Everyone on the interwebz that says they know something about pentesting will talk shit about nessus and say that it is for lazy pentesters, it creates too much noise, and that it produces too many false positives. That may be true, I don't know. But from a learning perspective it can be really great. It can help to show you what kind of vulnerabilities are out there. So whatever, do what you want.

Server side scanning

Nessus

Register and download it here. http://www.tenable.com/products/nessus-home

Then

dpkg -i nameOfFile

Start it

/etc/init.d/nessusd start

Nmap Scripting Engine

Scripts are found on kali at:

/usr/share/nmap/scripts
nmap --script-help default

Or for a specific script:

nmap --script-help nameOfScript

Run all default scripts together with a port-scan. These scripts could possibily crash certain servers. Causing a denial-of-service. So never run this on production servers.

nmap -sC 192.168.1.101

Nmap has categoriesed their scripts into several different categories to make it easier to run a few of them together

uth
broadcast
default
discovery
dos
exploit
external
fuzzer
intrusive
malware
safe, 
version
vuln

So if you want to test all the vuln-scripts you do

nmap 192.168.1.10 -sC vuln

OpenVas

OpenVas is another popular open-soruce vulnerability scanner.

If you are on Kali linux you have to firt run the initial setup scripts, like this

openvas-setup

Make sure to write down the password that the initialisation-scripts gives you

This will download some stuff and start setting everything up. WHen everything is set up you go to the web-interface:

https://127.0.0.1:9392/login/login.html

Metasploit Scanner Module

Web Application Scanner

Nikto

nikto -h example.com

Uniscan

uniscan -h 192.168.1.102

Metasploit - Wamp

Found in metasploit

load wamp
help

Read more here https://www.offensive-security.com/metasploit-unleashed/wmap-web-scanner/

PreviousJava appletNextExploiting

Last updated 2 years ago