# Vulnerability Scanners [![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/Y8Y41FQ2GA) ## Sirius Open Source Vulnerability Scanner {% embed url="" %}

## Nessus {% embed url="" %} * Download:

* Request free licence:

* Install package: ```shell-session dpkg -i Nessus-8.15.1-ubuntu910_amd64.deb ``` * Starting Nessus ```shell-session sudo systemctl start nessusd.service ``` * Access Nessus: `https://localhost:8834`

### **Export Nessus Scan** {% embed url="" %} ```shell-session $ ./nessus_downloader.rb Nessus 6 Report Downloader 1.0 Enter the Nessus Server IP: 127.0.0.1 Enter the Nessus Server Port [8834]: 8834 Enter your Nessus Username: admin Enter your Nessus Password (will not echo): Getting report list... Scan ID Name Last Modified Status ------- ---- ------------- ------ 1 Windows_basic Aug 22, 2020 22:07 +00:00 completed Enter the report(s) your want to download (comma separate list) or 'all': 1 Choose File Type(s) to Download: [0] Nessus (No chapter selection) [1] HTML [2] PDF [3] CSV (No chapter selection) [4] DB (No chapter selection) Enter the file type(s) you want to download (comma separate list) or 'all': 3 Path to save reports to (without trailing slash): /assessment_data/inlanefreight/scans/nessus Downloading report(s). Please wait... [+] Exporting scan report, scan id: 1, type: csv [+] Checking export status... [+] Report ready for download... [+] Downloading report to: /assessment_data/inlanefreight/scans/nessus/inlanefreight_basic_5y3hxp.csv Report Download Completed! ``` ## OpenVAS * Install on Ubuntu (OsBoxes) `sudo su` ```shell-session $ sudo apt-get update && apt-get -y full-upgrade $ sudo apt-get install gvm && openvas $ gvm-setup ``` * Start OpenVAS ```shell-session gvm-start ``` Doesn't work on my ubuntu, use Docker: [https://greenbone.github.io/docs/latest/22.4/container/index.html](https://greenbone.github.io/docs/latest/22.4/container/index.html.) ``` osboxes@osboxes:~/greenbone-community-container$ xdg-open "http://127.0.0.1:9392" 2>/dev/null >/dev/null & [1] 18911 osboxes@osboxes:~/greenbone-community-container$ ``` Creds - admin::admin

### **Export result** {% embed url="" %} ```shell-session python3 -m openvasreporting -i report-2bf466b5-627d-4659-bea6-1758b43235b1.xml -f xlsx ``` stop all containers `$ docker stop $(docker ps -a -q)` *** ## Web Apps Scan ### BBScan {% embed url="" %} ### Nuclei ``` $ nuclei -update-templates ```

$ nuclei -u https://example.com -t ~/nuclei-templates/http/miscellaneous/robots-txt.yaml
$ nuclei -l hosts.txt

Reporting ``` $ nuclei -u https://www.google.com -t http/miscellaneous/robots-txt.yaml -include-rr -markdown-export ./ ```

#### Custom Templates {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} #### CVE Scanning Templates {% embed url="" %} #### All Templates {% embed url="" %} #### Nuclei AI Prompts {% embed url="" %} {% embed url="" %} {% embed url="" %} ### NucleiFuzzer {% embed url="" %} ### Rogue - LLM agent {% embed url="" %} ### OWASP Nettacker {% embed url="" %} ### TerminatorZ {% embed url="" %} ### Wapiti - Web Scan {% embed url="" %} ``` pip install wapiti3 ``` ``` wapiti -u http://83.136.251.133:45582 -l 2 ```

### Scant3r {% embed url="" %} ### Mantis {% embed url="" %} ### GBounty {% embed url="" %} {% embed url="" %} ### Lostools {% embed url="" %} ### LOXS (LFI, Open Redirect, XSS, SQLi) {% embed url="" %} ### Nikto ``` apt install nikto ```

### **reconFTW** {% embed url="" %} ## Interesting Books {% content-ref url="../../interesting-books" %} [interesting-books](https://0xss0rz.gitbook.io/0xss0rz/interesting-books) {% endcontent-ref %} {% hint style="info" %} **Disclaimer**: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you. {% endhint %} * [**The Web Application Hacker’s Handbook**](https://www.amazon.fr/dp/1118026470?tag=0xss0rz-21) The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more * [**Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities**](https://www.amazon.fr/dp/1718501544?tag=0xss0rz-21) Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them * [**Real-World Bug Hunting: A Field Guide to Web Hacking**](https://www.amazon.fr/dp/1593278616?tag=0xss0rz-21) Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery. ## Support this Gitbook I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it. [![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/Y8Y41FQ2GA) [![buymeacoffee](https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png)](https://buymeacoffee.com/0xss0rz)