Vulnerability Scanners

Nessus

How To Use Nessus For Vulnerability Scanning on Ubuntu 22.04 | DigitalOcean

• Download: https://www.tenable.com/downloads/nessus?loginAttempted=true

• Request free licence: https://www.tenable.com/products/nessus/activation-code

• Install package:

dpkg -i Nessus-8.15.1-ubuntu910_amd64.deb

• Starting Nessus

sudo systemctl start nessusd.service

• Access Nessus: https://localhost:8834

Export Nessus Scan

https://raw.githubusercontent.com/eelsivart/nessus-report-downloader/master/nessus6-report-downloader.rb

$ ./nessus_downloader.rb 

Nessus 6 Report Downloader 1.0

Enter the Nessus Server IP: 127.0.0.1
Enter the Nessus Server Port [8834]: 8834
Enter your Nessus Username: admin
Enter your Nessus Password (will not echo): 

Getting report list...
Scan ID Name                                               Last Modified                  Status         
------- ----                                               -------------                  ------         
1     Windows_basic                                Aug 22, 2020 22:07 +00:00      completed      
         
Enter the report(s) your want to download (comma separate list) or 'all': 1

Choose File Type(s) to Download: 
[0] Nessus (No chapter selection)
[1] HTML
[2] PDF
[3] CSV (No chapter selection)
[4] DB (No chapter selection)
Enter the file type(s) you want to download (comma separate list) or 'all': 3

Path to save reports to (without trailing slash): /assessment_data/inlanefreight/scans/nessus

Downloading report(s). Please wait...

[+] Exporting scan report, scan id: 1, type: csv
[+] Checking export status...
[+] Report ready for download...
[+] Downloading report to: /assessment_data/inlanefreight/scans/nessus/inlanefreight_basic_5y3hxp.csv

Report Download Completed!

OpenVAS

• Install on Ubuntu (OsBoxes)

sudo su

$ sudo apt-get update && apt-get -y full-upgrade
$ sudo apt-get install gvm && openvas
$ gvm-setup

• Start OpenVAS

gvm-start

Doesn't work on my ubuntu, use Docker: https://greenbone.github.io/docs/latest/22.4/container/index.html

osboxes@osboxes:~/greenbone-community-container$ xdg-open "http://127.0.0.1:9392" 2>/dev/null >/dev/null &
[1] 18911
osboxes@osboxes:~/greenbone-community-container$ 

Creds - admin::admin

Export result

GitHub - TheGroundZero/openvasreporting: OpenVAS Reporting: Convert OpenVAS XML report files to reportsGitHub

python3 -m openvasreporting -i report-2bf466b5-627d-4659-bea6-1758b43235b1.xml -f xlsx

stop all containers

$ docker stop $(docker ps -a -q)

---

Web Apps Scan

Nuclei

Custom Templates

GitHub - 0xKayala/Custom-Nuclei-Templates: Community curated list of templates for the nuclei engine to find security vulnerabilities.GitHub

GitHub - coffinxp/priv8-NucleiGitHub

GitHub - coffinxp/nuclei-templatesGitHub

CVE Scanning Templates

nuclei-templates/http/cves at main · projectdiscovery/nuclei-templatesGitHub

OWASP Nettacker

GitHub - OWASP/Nettacker: Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability ManagementGitHub

TerminatorZ

GitHub - blackhatethicalhacking/TerminatorZ: TerminatorZ is a highly sophisticated and efficient web security tool that scans for top potential vulnerabilities with known CVEs in your web applications.GitHub

Wapiti - Web Scan

Wapiti : a Free and Open-Source web-application vulnerability scanner in Python

pip install wapiti3

 wapiti -u http://83.136.251.133:45582 -l 2

Scant3r

GitHub - knassar702/scant3r: ScanT3r - Module based Bug Bounty Automation ToolGitHub

Mantis

GitHub - PhonePe/mantis: Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.GitHub

GBounty

Bounty Security Releases GBounty: Our Web Scanning Tools Are Now Open SourceBounty Security

GitHub - BountySecurity/gbounty: GBounty is a multi-step website vulnerability scanner developed in Golang designed to help companies, pentesters, and bug hunters identify potential vulnerabilities in web applications.GitHub

Lostools

GitHub - coffinxp/lostools: best tool for finding SQLi,XSS,LFi,OpenRedirectGitHub

LOXS (LFI, Open Redirect, XSS, SQLi)

GitHub - coffinxp/loxs: best tool for finding SQLi,XSS,LFi,OpenRedirectGitHub

Nikto

apt install nikto