Cyber Security / Ethical Hacking
  • Prologue
  • CTF/OSCP Prep
    • Fundamentals
      • Linux
        • Basics
        • Bash Scripting
      • Windows
        • Basics
        • PowerShell
          • Scripting
        • CMD
      • Kali Survivor Skills
    • Information Gathering
      • Passive Recon
      • Active Recon
    • Enumeration
      • Common Ports
      • Vulnerability Analysis
    • Exploitation
      • Shells
  • Binary Exploitation / Exploit Development
    • Useful tools and techniques for Binary Exploitation
    • Shellcoders Handbook
      • Chapter 2 - Stack Overflows
        • Linux Buffer Overflow With Command Injection
        • Linux Buffer Overflow Without Shellcode
      • Chapter 3 - Shellcode
  • TryHackMe
    • Linux Fundamentals
      • Linux Challenges
      • RP: tmux
      • Common Linux Privesc
    • Advent of Cyber
      • Inventory Management
      • Arctic Forum
      • Evil Elf
      • Training
      • Ho-Ho-Hosint
      • Data Elf-iltration
      • Skilling Up
      • SUID Shenanigans
      • Requests
      • Metasploit-a-ho-ho-ho
      • Elf Applications
      • Elfcryption
      • Accumulate
      • Unknown Storage
    • Web Application Security
      • Web Fundamentals
      • Juice Shop
      • WebAppSec 101
    • Linux Privesc Playground
    • Intro to x86-64
    • Ninja Skills
    • CC: Radare2
    • Reversing ELF
    • Intro to Python
    • ToolsRus
  • Programming
    • Python
      • Simple TCP Port Scanner/ Banner Grabber
      • Botnet
      • Keylogger
      • Nmap Scanner
    • Golang
      • Execute Commands
      • MAC changer
      • TCP Port Scanner
      • TCP Port Scanner (improved with goroutines)
      • GoNmap Scanner
  • Protostar
    • Stack 0
    • Stack 1
    • Stack 2
  • Web App Pentesting
    • Recon
    • Authentication (Portswigger Academy)
      • Vulnerabilities in password-based login
        • Username Enumeration via different responses
        • Username enumeration via subtly different responses
        • Username enumeration via response timing
        • Broken brute-force protection, IP block
        • Username enumeration via account lock
        • Broken brute-force protection, multiple credentials per request
      • Vulnerabilities in multi-factor authentication
        • 2FA simple bypass
        • 2FA Broken Logic
        • 2FA bypass using a brute-force attack
      • Vulnerabilities in other authentication mechanisms
    • Broken Acess Controls
      • Insecure direct object references (IDOR)
        • Insecure direct object references lab
  • HackTheBox
    • Active
      • Untitled
      • Blunder
Powered by GitBook
On this page
  • Nmap
  • Other
  • OpenVas

Was this helpful?

  1. CTF/OSCP Prep
  2. Enumeration

Vulnerability Analysis

Nmap

Exploit Scripts

[<https://nmap.org/nsedoc/categories/exploit.html>](<https://nmap.org/nsedoc/categories/exploit.html>)

Search through vulnerability scripts

cd /usr/share/nmap/scripts/ ls -l \\*vuln\\*

Search through Nmap scripts for a specific keyword

ls /usr/share/nmap/scripts/\\* | grep ftp

Scan for vulnerable exploits with nmap

nmap --script exploit -Pn $ip

Nmap Auth Scripts

[<https://nmap.org/nsedoc/categories/auth.html>](<https://nmap.org/nsedoc/categories/auth.html>)

Nmap Vuln Scanning

[<https://nmap.org/nsedoc/categories/vuln.html>](<https://nmap.org/nsedoc/categories/vuln.html>)

Nmap DOS Scanning

nmap --script dos -Pn $ip 

Nmap execute DOS attack

nmap --max-parallelism 750 -Pn --script http-slowloris --script-args http-slowloris.runforever=true

Scan for coldfusion web vulnerabilities

nmap -v -p 80 --script=http-vuln-cve2010-2861 $ip

Anonymous FTP dump with Nmap

nmap -v -p 21 --script=ftp-anon.nse $ip-254

SMB Security mode scan with Nmap

nmap -v -p 21 --script=ftp-anon.nse $ip-254

Other

Search services vulnerabilities

searchsploit --exclude=dos -t apache 2.2.3
msfconsole; > search apache 2.2.3
nmap -v -T4 --script="*-vuln-*" $ip

OpenVas

OpenVas is a powerful vulnerability scanner with thousands of scan checks.

To use OpenVas, first you must run the setup script:

openvas-setup

At the end of the setup process the automatically created password will be displayed.

After the setup port 9392 will be open and you can access OpenVas in your browser:

[<https://127.0.0.1:9392>](<https://127.0.0.1:9392>) 
openvasmd --create-user=username # Create new user
openvasmd --get-users # Display users
openvasmd --user=username --new-password=password # Change user password
openvas-feed-update # Update OpenVas signatures
openvas-manage-certs -V # Verify the certificates that are configured for OpenVas
PreviousCommon PortsNextExploitation

Last updated 5 years ago

Was this helpful?