Vulnerability Analysis

Nmap

Exploit Scripts

[<https://nmap.org/nsedoc/categories/exploit.html>](<https://nmap.org/nsedoc/categories/exploit.html>)

Search through vulnerability scripts

cd /usr/share/nmap/scripts/ ls -l \\*vuln\\*

Search through Nmap scripts for a specific keyword

ls /usr/share/nmap/scripts/\\* | grep ftp

Scan for vulnerable exploits with nmap

nmap --script exploit -Pn $ip

Nmap Auth Scripts

[<https://nmap.org/nsedoc/categories/auth.html>](<https://nmap.org/nsedoc/categories/auth.html>)

Nmap Vuln Scanning

[<https://nmap.org/nsedoc/categories/vuln.html>](<https://nmap.org/nsedoc/categories/vuln.html>)

Nmap DOS Scanning

nmap --script dos -Pn $ip 

Nmap execute DOS attack

nmap --max-parallelism 750 -Pn --script http-slowloris --script-args http-slowloris.runforever=true

Scan for coldfusion web vulnerabilities

nmap -v -p 80 --script=http-vuln-cve2010-2861 $ip

Anonymous FTP dump with Nmap

nmap -v -p 21 --script=ftp-anon.nse $ip-254

SMB Security mode scan with Nmap

nmap -v -p 21 --script=ftp-anon.nse $ip-254

Other

Search services vulnerabilities

searchsploit --exclude=dos -t apache 2.2.3

msfconsole; > search apache 2.2.3

nmap -v -T4 --script="*-vuln-*" $ip

OpenVas

OpenVas is a powerful vulnerability scanner with thousands of scan checks.

To use OpenVas, first you must run the setup script:

openvas-setup

At the end of the setup process the automatically created password will be displayed.

After the setup port 9392 will be open and you can access OpenVas in your browser:

[<https://127.0.0.1:9392>](<https://127.0.0.1:9392>) 

openvasmd --create-user=username # Create new user

openvasmd --get-users # Display users

openvasmd --user=username --new-password=password # Change user password

openvas-feed-update # Update OpenVas signatures

openvas-manage-certs -V # Verify the certificates that are configured for OpenVas