Nmap
Exploit Scripts
[<https://nmap.org/nsedoc/categories/exploit.html>](<https://nmap.org/nsedoc/categories/exploit.html>)
Search through vulnerability scripts
cd /usr/share/nmap/scripts/ ls -l \\*vuln\\*
Search through Nmap scripts for a specific keyword
ls /usr/share/nmap/scripts/\\* | grep ftp
Scan for vulnerable exploits with nmap
nmap --script exploit -Pn $ip
Nmap Auth Scripts
[<https://nmap.org/nsedoc/categories/auth.html>](<https://nmap.org/nsedoc/categories/auth.html>)
Nmap Vuln Scanning
[<https://nmap.org/nsedoc/categories/vuln.html>](<https://nmap.org/nsedoc/categories/vuln.html>)
Nmap DOS Scanning
nmap --script dos -Pn $ip
Nmap execute DOS attack
nmap --max-parallelism 750 -Pn --script http-slowloris --script-args http-slowloris.runforever=true
Scan for coldfusion web vulnerabilities
nmap -v -p 80 --script=http-vuln-cve2010-2861 $ip
Anonymous FTP dump with Nmap
nmap -v -p 21 --script=ftp-anon.nse $ip-254
SMB Security mode scan with Nmap
nmap -v -p 21 --script=ftp-anon.nse $ip-254
Other
Search services vulnerabilities
searchsploit --exclude=dos -t apache 2.2.3
msfconsole; > search apache 2.2.3
nmap -v -T4 --script="*-vuln-*" $ip
OpenVas
OpenVas is a powerful vulnerability scanner with thousands of scan checks.
To use OpenVas, first you must run the setup script:
At the end of the setup process the automatically created password will be displayed.
After the setup port 9392 will be open and you can access OpenVas in your browser:
[<https://127.0.0.1:9392>](<https://127.0.0.1:9392>)
openvasmd --create-user=username # Create new user
openvasmd --get-users # Display users
openvasmd --user=username --new-password=password # Change user password
openvas-feed-update # Update OpenVas signatures
openvas-manage-certs -V # Verify the certificates that are configured for OpenVas
