# Vulnerability Analysis ### Nmap Exploit Scripts ``` []() ``` Search through vulnerability scripts ``` cd /usr/share/nmap/scripts/ ls -l \\*vuln\\* ``` Search through Nmap scripts for a specific keyword ``` ls /usr/share/nmap/scripts/\\* | grep ftp ``` Scan for vulnerable exploits with nmap ``` nmap --script exploit -Pn $ip ``` Nmap Auth Scripts ``` []() ``` Nmap Vuln Scanning ``` []() ``` Nmap DOS Scanning ``` nmap --script dos -Pn $ip ``` Nmap execute DOS attack ``` nmap --max-parallelism 750 -Pn --script http-slowloris --script-args http-slowloris.runforever=true ``` Scan for coldfusion web vulnerabilities ``` nmap -v -p 80 --script=http-vuln-cve2010-2861 $ip ``` Anonymous FTP dump with Nmap ``` nmap -v -p 21 --script=ftp-anon.nse $ip-254 ``` SMB Security mode scan with Nmap ``` nmap -v -p 21 --script=ftp-anon.nse $ip-254 ``` ### Other Search services vulnerabilities ``` searchsploit --exclude=dos -t apache 2.2.3 ``` ``` msfconsole; > search apache 2.2.3 ``` ``` nmap -v -T4 --script="*-vuln-*" $ip ``` ### OpenVas OpenVas is a powerful vulnerability scanner with thousands of scan checks. To use OpenVas, first you must run the setup script: ``` openvas-setup ``` At the end of the setup process the automatically created password will be displayed. After the setup port 9392 will be open and you can access OpenVas in your browser: ``` []() ``` ``` openvasmd --create-user=username # Create new user ``` ``` openvasmd --get-users # Display users ``` ``` openvasmd --user=username --new-password=password # Change user password ``` ``` openvas-feed-update # Update OpenVas signatures ``` ``` openvas-manage-certs -V # Verify the certificates that are configured for OpenVas ```