.c
om
cu
u
du
o
ng
th
an
co
ng
Finding Vulnerabilities
CuuDuongThanCong.com
/>
.c
om
Contents
ng
Nessus
co
Nmap scripting engine
ng
th
an
Metasploit
u
cu
Manual analysis
du
o
Web application scanning
CuuDuongThanCong.com
/>
.c
om
cu
u
du
o
ng
th
an
co
ng
1. Nessus
CuuDuongThanCong.com
/>
.c
om
Nessus
Tenable Security’s Nessus is one of the most widely used commercial
co
ng
vulnerability scanners, though many vendors provide comparable products
th
an
Using TCP port 8834
cu
u
du
o
ng
root@kali:~# service nessusd start
CuuDuongThanCong.com
/>
cu
u
du
o
ng
th
an
co
ng
.c
om
Nessus
CuuDuongThanCong.com
/>
cu
u
du
o
ng
th
an
co
ng
.c
om
Nessus
CuuDuongThanCong.com
/>
cu
u
du
o
ng
th
an
co
ng
.c
om
Nessus
CuuDuongThanCong.com
/>
.c
om
Nessus
Nessus ranks vulnerabilities based on the Common Vulnerability Scoring
co
ng
System (CVSS), version 2, from the National Institute of Standards and
cu
u
du
o
ng
th
system if the issue is exploited
an
Technology (NIST). Ranking is calculated based on the impact to the
CuuDuongThanCong.com
/>
.c
om
cu
u
du
o
ng
th
an
co
ng
2. Nmap scripting engine
CuuDuongThanCong.com
/>
.c
om
Nmap scripting engine
The available scripts fall into several categories, including information
co
ng
gathering, active vulnerability assessment, searches for signs of previous
cu
u
du
o
ng
th
an
compromises
CuuDuongThanCong.com
/>
.c
om
Nmap scripting engine
cu
u
du
o
ng
th
an
co
ng
#nmap --script-help <ten_catelogy>
CuuDuongThanCong.com
/>
cu
u
du
o
ng
th
an
co
ng
.c
om
Nmap scripting engine
CuuDuongThanCong.com
/>
.c
om
cu
u
du
o
ng
th
an
co
ng
3. Metasploit
CuuDuongThanCong.com
/>
.c
om
Metasploit scanner modules
Metasploit can conduct vulnerability scanning via numerous auxiliary
co
ng
modules. These modules will not give us control of the target machine, but
cu
u
du
o
ng
th
an
they will help us identify vulnerabilities for later exploitation
CuuDuongThanCong.com
/>
.c
om
Metasploit exploit Check Functions
Some Metasploit exploits include a check function that connects to a target
cu
u
du
o
ng
th
an
co
ng
to see if it is vulnerable, rather than attempting to exploit a vulnerability
CuuDuongThanCong.com
/>
.c
om
cu
u
du
o
ng
th
an
co
ng
4. Web application scanning
CuuDuongThanCong.com
/>
.c
om
Web application scanning
cu
u
du
o
ng
th
an
co
ng
Nikto
CuuDuongThanCong.com
/>
.c
om
Web application scanning
cu
u
du
o
ng
th
an
co
ng
Acunetix Web Vulnerability Scanner
CuuDuongThanCong.com
/>
.c
om
cu
u
du
o
ng
th
an
co
ng
5. Manual analysis
CuuDuongThanCong.com
/>
.c
om
Manual analysis
cu
u
du
o
ng
th
an
co
ng
Exploring a Strange Port
CuuDuongThanCong.com
/>
.c
om
Manual analysis
cu
u
du
o
ng
th
an
co
ng
Finding Valid Usernames
CuuDuongThanCong.com
/>