Vulnerability Scanners

Nessus

Download: https://www.tenable.com/downloads/nessus?loginAttempted=true

Request free licence: https://www.tenable.com/products/nessus/activation-code

Install package:

dpkg -i Nessus-8.15.1-ubuntu910_amd64.deb

Starting Nessus

sudo systemctl start nessusd.service

Access Nessus: https://localhost:8834

Export Nessus Scan

https://raw.githubusercontent.com/eelsivart/nessus-report-downloader/master/nessus6-report-downloader.rb

$ ./nessus_downloader.rb 

Nessus 6 Report Downloader 1.0

Enter the Nessus Server IP: 127.0.0.1
Enter the Nessus Server Port [8834]: 8834
Enter your Nessus Username: admin
Enter your Nessus Password (will not echo): 

Getting report list...
Scan ID Name                                               Last Modified                  Status         
------- ----                                               -------------                  ------         
1     Windows_basic                                Aug 22, 2020 22:07 +00:00      completed      
         
Enter the report(s) your want to download (comma separate list) or 'all': 1

Choose File Type(s) to Download: 
[0] Nessus (No chapter selection)
[1] HTML
[2] PDF
[3] CSV (No chapter selection)
[4] DB (No chapter selection)
Enter the file type(s) you want to download (comma separate list) or 'all': 3

Path to save reports to (without trailing slash): /assessment_data/inlanefreight/scans/nessus

Downloading report(s). Please wait...

[+] Exporting scan report, scan id: 1, type: csv
[+] Checking export status...
[+] Report ready for download...
[+] Downloading report to: /assessment_data/inlanefreight/scans/nessus/inlanefreight_basic_5y3hxp.csv

Report Download Completed!

OpenVAS

Install on Ubuntu (OsBoxes)

sudo su

$ sudo apt-get update && apt-get -y full-upgrade
$ sudo apt-get install gvm && openvas
$ gvm-setup

Start OpenVAS

gvm-start

Doesn't work on my ubuntu, use Docker: https://greenbone.github.io/docs/latest/22.4/container/index.html

osboxes@osboxes:~/greenbone-community-container$ xdg-open "http://127.0.0.1:9392" 2>/dev/null >/dev/null &
[1] 18911
osboxes@osboxes:~/greenbone-community-container$

Creds - admin::admin

Export result

GitHub - TheGroundZero/openvasreporting: OpenVAS Reporting: Convert OpenVAS XML report files to reportsGitHub

python3 -m openvasreporting -i report-2bf466b5-627d-4659-bea6-1758b43235b1.xml -f xlsx

stop all containers

$ docker stop $(docker ps -a -q)

Web Apps Scan

Nuclei

Wapiti - Web Scan

Wapiti : a Free and Open-Source web-application vulnerability scanner in Python

pip install wapiti3

 wapiti -u http://83.136.251.133:45582 -l 2

Nikto

apt install nikto

PreviousCheatsheet NextBurp Extensions

Last updated 4 months ago