Vulnerability Scanners

Sirius

Open Source Vulnerability Scanner

GitHub - SiriusScan/SiriusGitHub

Nessus

How To Use Nessus For Vulnerability Scanning on Ubuntu 22.04 | DigitalOcean

• Download: https://www.tenable.com/downloads/nessus?loginAttempted=true

• Request free licence: https://www.tenable.com/products/nessus/activation-code

• Install package:

dpkg -i Nessus-8.15.1-ubuntu910_amd64.deb

• Starting Nessus

sudo systemctl start nessusd.service

• Access Nessus: https://localhost:8834

Export Nessus Scan

https://raw.githubusercontent.com/eelsivart/nessus-report-downloader/master/nessus6-report-downloader.rb

$ ./nessus_downloader.rb 

Nessus 6 Report Downloader 1.0

Enter the Nessus Server IP: 127.0.0.1
Enter the Nessus Server Port [8834]: 8834
Enter your Nessus Username: admin
Enter your Nessus Password (will not echo): 

Getting report list...
Scan ID Name                                               Last Modified                  Status         
------- ----                                               -------------                  ------         
1     Windows_basic                                Aug 22, 2020 22:07 +00:00      completed      
         
Enter the report(s) your want to download (comma separate list) or 'all': 1

Choose File Type(s) to Download: 
[0] Nessus (No chapter selection)
[1] HTML
[2] PDF
[3] CSV (No chapter selection)
[4] DB (No chapter selection)
Enter the file type(s) you want to download (comma separate list) or 'all': 3

Path to save reports to (without trailing slash): /assessment_data/inlanefreight/scans/nessus

Downloading report(s). Please wait...

[+] Exporting scan report, scan id: 1, type: csv
[+] Checking export status...
[+] Report ready for download...
[+] Downloading report to: /assessment_data/inlanefreight/scans/nessus/inlanefreight_basic_5y3hxp.csv

Report Download Completed!

OpenVAS

• Install on Ubuntu (OsBoxes)

sudo su

$ sudo apt-get update && apt-get -y full-upgrade
$ sudo apt-get install gvm && openvas
$ gvm-setup

• Start OpenVAS

gvm-start

Doesn't work on my ubuntu, use Docker: https://greenbone.github.io/docs/latest/22.4/container/index.html

osboxes@osboxes:~/greenbone-community-container$ xdg-open "http://127.0.0.1:9392" 2>/dev/null >/dev/null &
[1] 18911
osboxes@osboxes:~/greenbone-community-container$ 

Creds - admin::admin

Export result

GitHub - TheGroundZero/openvasreporting: OpenVAS Reporting: Convert OpenVAS XML report files to reportsGitHub

python3 -m openvasreporting -i report-2bf466b5-627d-4659-bea6-1758b43235b1.xml -f xlsx

stop all containers

$ docker stop $(docker ps -a -q)

---

Web Apps Scan

BBScan

GitHub - lijiejie/BBScan: A fast vulnerability scanner helps pentesters pinpoint possibly vulnerable targets from a large number of web serversGitHub

Nuclei

$ nuclei -update-templates

$ nuclei -u https://example.com -t ~/nuclei-templates/http/miscellaneous/robots-txt.yaml
$ nuclei -l hosts.txt

Reporting

$ nuclei -u https://www.google.com -t http/miscellaneous/robots-txt.yaml -include-rr -markdown-export ./

Custom Templates

BugBounty-Hub/endpoint-fuzz at main · solo10010/BugBounty-HubGitHub

GitHub - JoshMorrison99/url-based-nuclei-templates: Nuclei templates to run on urlsGitHub

GitHub - 0xKayala/Custom-Nuclei-Templates: Community curated list of templates for the nuclei engine to find security vulnerabilities.GitHub

GitHub - coffinxp/priv8-NucleiGitHub

GitHub - coffinxp/nuclei-templatesGitHub

CVE Scanning Templates

nuclei-templates/http/cves at main · projectdiscovery/nuclei-templatesGitHub

All Templates

GitHub - AggressiveUser/AllForOne: AllForOne allows bug bounty hunters and security researchers to collect all Nuclei YAML templates from various public repositories,GitHub

Nuclei AI Prompts

Nucleiprompts.com | Nuclei AI Prompts

GitHub - huseyinstif/Nuclei-AI-PromptsGitHub

NucleiFuzzer

GitHub - 0xKayala/NucleiFuzzer: NucleiFuzzer is a powerful automation tool for detecting xss,sqli,ssrf,open-redirect..etc vulnerabilities in web applicationsGitHub

Rogue - LLM agent

GitHub - faizann24/rogue: Automated web vulnerability scanning with LLM agentsGitHub

OWASP Nettacker

GitHub - OWASP/Nettacker: Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability ManagementGitHub

TerminatorZ

GitHub - blackhatethicalhacking/TerminatorZ: TerminatorZ is a highly sophisticated and efficient web security tool that scans for top potential vulnerabilities with known CVEs in your web applications.GitHub

Wapiti - Web Scan

Wapiti : a Free and Open-Source web-application vulnerability scanner in Python

pip install wapiti3

 wapiti -u http://83.136.251.133:45582 -l 2

Scant3r

GitHub - knassar702/scant3r: ScanT3r - Module based Bug Bounty Automation ToolGitHub

Mantis

GitHub - PhonePe/mantis: Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.GitHub

GBounty

Bounty Security Releases GBounty: Our Web Scanning Tools Are Now Open SourceBounty Security

GitHub - BountySecurity/gbounty: GBounty is a multi-step website vulnerability scanner developed in Golang designed to help companies, pentesters, and bug hunters identify potential vulnerabilities in web applications.GitHub

Lostools

GitHub - coffinxp/lostools: best tool for finding SQLi,XSS,LFi,OpenRedirectGitHub

LOXS (LFI, Open Redirect, XSS, SQLi)

GitHub - coffinxp/loxs: best tool for finding SQLi,XSS,LFi,OpenRedirectGitHub

Nikto

apt install nikto

reconFTW

GitHub - six2dez/reconftw: reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilitiesGitHub

Interesting Books

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

• The Web Application Hacker’s Handbook The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more
• Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them
• Real-World Bug Hunting: A Field Guide to Web Hacking Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery.

Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.