Vulnerability Scanners

Sirius

Open Source Vulnerability Scanner

LogoGitHub - SiriusScan/SiriusGitHub

Nessus

LogoHow To Use Nessus For Vulnerability Scanning on Ubuntu 22.04 | DigitalOcean

  • Request free licence: https://www.tenable.com/products/nessus/activation-code

  • Install package:

dpkg -i Nessus-8.15.1-ubuntu910_amd64.deb

  • Starting Nessus

sudo systemctl start nessusd.service

  • Access Nessus: https://localhost:8834

Export Nessus Scan

https://raw.githubusercontent.com/eelsivart/nessus-report-downloader/master/nessus6-report-downloader.rb
$ ./nessus_downloader.rb 

Nessus 6 Report Downloader 1.0

Enter the Nessus Server IP: 127.0.0.1
Enter the Nessus Server Port [8834]: 8834
Enter your Nessus Username: admin
Enter your Nessus Password (will not echo): 

Getting report list...
Scan ID Name                                               Last Modified                  Status         
------- ----                                               -------------                  ------         
1     Windows_basic                                Aug 22, 2020 22:07 +00:00      completed      
         
Enter the report(s) your want to download (comma separate list) or 'all': 1

Choose File Type(s) to Download: 
[0] Nessus (No chapter selection)
[1] HTML
[2] PDF
[3] CSV (No chapter selection)
[4] DB (No chapter selection)
Enter the file type(s) you want to download (comma separate list) or 'all': 3

Path to save reports to (without trailing slash): /assessment_data/inlanefreight/scans/nessus

Downloading report(s). Please wait...

[+] Exporting scan report, scan id: 1, type: csv
[+] Checking export status...
[+] Report ready for download...
[+] Downloading report to: /assessment_data/inlanefreight/scans/nessus/inlanefreight_basic_5y3hxp.csv

Report Download Completed!

OpenVAS

  • Install on Ubuntu (OsBoxes)

sudo su

$ sudo apt-get update && apt-get -y full-upgrade
$ sudo apt-get install gvm && openvas
$ gvm-setup

  • Start OpenVAS

gvm-start

Doesn't work on my ubuntu, use Docker: https://greenbone.github.io/docs/latest/22.4/container/index.html

osboxes@osboxes:~/greenbone-community-container$ xdg-open "http://127.0.0.1:9392" 2>/dev/null >/dev/null &
[1] 18911
osboxes@osboxes:~/greenbone-community-container$

Creds - admin::admin

Export result

LogoGitHub - TheGroundZero/openvasreporting: OpenVAS Reporting: Convert OpenVAS XML report files to reportsGitHub
python3 -m openvasreporting -i report-2bf466b5-627d-4659-bea6-1758b43235b1.xml -f xlsx

stop all containers

$ docker stop $(docker ps -a -q)

Web Apps Scan

BBScan

LogoGitHub - lijiejie/BBScan: A fast vulnerability scanner helps pentesters pinpoint possibly vulnerable targets from a large number of web serversGitHub

Nuclei

$ nuclei -update-templates
$ nuclei -u https://example.com -t ~/nuclei-templates/http/miscellaneous/robots-txt.yaml
$ nuclei -l hosts.txt

Reporting

$ nuclei -u https://www.google.com -t http/miscellaneous/robots-txt.yaml -include-rr -markdown-export ./

Custom Templates

LogoBugBounty-Hub/endpoint-fuzz at main · solo10010/BugBounty-HubGitHub
LogoGitHub - JoshMorrison99/url-based-nuclei-templates: Nuclei templates to run on urlsGitHub
LogoGitHub - 0xKayala/Custom-Nuclei-Templates: Community curated list of templates for the nuclei engine to find security vulnerabilities.GitHub
LogoGitHub - coffinxp/priv8-NucleiGitHub
LogoGitHub - coffinxp/nuclei-templatesGitHub

CVE Scanning Templates

Logonuclei-templates/http/cves at main · projectdiscovery/nuclei-templatesGitHub

All Templates

LogoGitHub - AggressiveUser/AllForOne: AllForOne allows bug bounty hunters and security researchers to collect all Nuclei YAML templates from various public repositories,GitHub

Nuclei AI Prompts

Nucleiprompts.com | Nuclei AI Prompts
LogoGitHub - huseyinstif/Nuclei-AI-PromptsGitHub

NucleiFuzzer

LogoGitHub - 0xKayala/NucleiFuzzer: NucleiFuzzer is a powerful automation tool for detecting xss,sqli,ssrf,open-redirect..etc vulnerabilities in web applicationsGitHub

Rogue - LLM agent

LogoGitHub - faizann24/rogue: Automated web vulnerability scanning with LLM agentsGitHub

OWASP Nettacker

LogoGitHub - OWASP/Nettacker: Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability ManagementGitHub

TerminatorZ

LogoGitHub - blackhatethicalhacking/TerminatorZ: TerminatorZ is a highly sophisticated and efficient web security tool that scans for top potential vulnerabilities with known CVEs in your web applications.GitHub

Wapiti - Web Scan

Wapiti : a Free and Open-Source web-application vulnerability scanner in Python
pip install wapiti3
 wapiti -u http://83.136.251.133:45582 -l 2

Scant3r

LogoGitHub - knassar702/scant3r: ScanT3r - Module based Bug Bounty Automation ToolGitHub

Mantis

LogoGitHub - PhonePe/mantis: Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.GitHub

GBounty

LogoBounty Security Releases GBounty: Our Web Scanning Tools Are Now Open SourceBounty Security
LogoGitHub - BountySecurity/gbounty: GBounty is a multi-step website vulnerability scanner developed in Golang designed to help companies, pentesters, and bug hunters identify potential vulnerabilities in web applications.GitHub

Lostools

LogoGitHub - coffinxp/lostools: best tool for finding SQLi,XSS,LFi,OpenRedirectGitHub

LOXS (LFI, Open Redirect, XSS, SQLi)

LogoGitHub - coffinxp/loxs: best tool for finding SQLi,XSS,LFi,OpenRedirectGitHub

Nikto

apt install nikto

reconFTW

LogoGitHub - six2dez/reconftw: reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilitiesGitHub

Interesting Books

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.

PreviousSQLMAPNextCollaborator, Web Hook, etc.

Last updated