# Vulnerability Scanners [![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/Y8Y41FQ2GA) ## Sirius Open Source Vulnerability Scanner {% embed url="" %}

## Nessus {% embed url="" %} * Download:

* Request free licence:

* Install package: ```shell-session dpkg -i Nessus-8.15.1-ubuntu910_amd64.deb ``` * Starting Nessus ```shell-session sudo systemctl start nessusd.service ``` * Access Nessus: `https://localhost:8834`

### **Export Nessus Scan** {% embed url="" %} ```shell-session $ ./nessus_downloader.rb Nessus 6 Report Downloader 1.0 Enter the Nessus Server IP: 127.0.0.1 Enter the Nessus Server Port [8834]: 8834 Enter your Nessus Username: admin Enter your Nessus Password (will not echo): Getting report list... Scan ID Name Last Modified Status ------- ---- ------------- ------ 1 Windows_basic Aug 22, 2020 22:07 +00:00 completed Enter the report(s) your want to download (comma separate list) or 'all': 1 Choose File Type(s) to Download: [0] Nessus (No chapter selection) [1] HTML [2] PDF [3] CSV (No chapter selection) [4] DB (No chapter selection) Enter the file type(s) you want to download (comma separate list) or 'all': 3 Path to save reports to (without trailing slash): /assessment_data/inlanefreight/scans/nessus Downloading report(s). Please wait... [+] Exporting scan report, scan id: 1, type: csv [+] Checking export status... [+] Report ready for download... [+] Downloading report to: /assessment_data/inlanefreight/scans/nessus/inlanefreight_basic_5y3hxp.csv Report Download Completed! ``` ## OpenVAS * Install on Ubuntu (OsBoxes) `sudo su` ```shell-session $ sudo apt-get update && apt-get -y full-upgrade $ sudo apt-get install gvm && openvas $ gvm-setup ``` * Start OpenVAS ```shell-session gvm-start ``` Doesn't work on my ubuntu, use Docker: [https://greenbone.github.io/docs/latest/22.4/container/index.html](https://greenbone.github.io/docs/latest/22.4/container/index.html.) ``` osboxes@osboxes:~/greenbone-community-container$ xdg-open "http://127.0.0.1:9392" 2>/dev/null >/dev/null & [1] 18911 osboxes@osboxes:~/greenbone-community-container$ ``` Creds - admin::admin

### **Export result** {% embed url="" %} ```shell-session python3 -m openvasreporting -i report-2bf466b5-627d-4659-bea6-1758b43235b1.xml -f xlsx ``` stop all containers `$ docker stop $(docker ps -a -q)` *** ## Web Apps Scan ### BBScan {% embed url="" %} ### Nuclei ``` $ nuclei -update-templates ```

$ nuclei -u https://example.com -t ~/nuclei-templates/http/miscellaneous/robots-txt.yaml
$ nuclei -l hosts.txt

Reporting ``` $ nuclei -u https://www.google.com -t http/miscellaneous/robots-txt.yaml -include-rr -markdown-export ./ ```

#### Custom Templates {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} {% embed url="" %} #### CVE Scanning Templates {% embed url="" %} #### All Templates {% embed url="" %} #### Nuclei AI Prompts {% embed url="" %} {% embed url="" %} {% embed url="" %} ### NucleiFuzzer {% embed url="" %} ### Rogue - LLM agent {% embed url="" %} ### OWASP Nettacker {% embed url="" %} ### TerminatorZ {% embed url="" %} ### Wapiti - Web Scan {% embed url="" %} ``` pip install wapiti3 ``` ``` wapiti -u http://83.136.251.133:45582 -l 2 ```

### Scant3r {% embed url="" %} ### Mantis {% embed url="" %} ### GBounty {% embed url="" %} {% embed url="" %} ### Lostools {% embed url="" %} ### LOXS (LFI, Open Redirect, XSS, SQLi) {% embed url="" %} ### Nikto ``` apt install nikto ```

### **reconFTW** {% embed url="" %} ## Interesting Books {% content-ref url="/pages/VVT5FQq9z62bWoNAWCUS" %} [Interesting Books](/0xss0rz/interesting-books.md) {% endcontent-ref %} {% hint style="info" %} **Disclaimer**: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you. {% endhint %} * [**The Web Application Hacker’s Handbook**](https://www.amazon.fr/dp/1118026470?tag=0xss0rz-21) The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more * [**Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities**](https://www.amazon.fr/dp/1718501544?tag=0xss0rz-21) Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them * [**Real-World Bug Hunting: A Field Guide to Web Hacking**](https://www.amazon.fr/dp/1593278616?tag=0xss0rz-21) Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery. ## Support this Gitbook I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it. [![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/Y8Y41FQ2GA) [![buymeacoffee](https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png)](https://buymeacoffee.com/0xss0rz) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://0xss0rz.gitbook.io/0xss0rz/pentest/tools/vulnerability-scanners.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.