• Sat. Apr 17th, 2021

Nikto 

Runs vulnerability scan against a web site 

Simple scan  
Nikto -host 1.2.3.4 

Runs from Nmap over a range and feeds into nikto to output to file 
Nmap -p80,443 1.2.3.0/24 -oG – | nikto -h – > /root/desktop/nikto.txt 

Openvas 

Start service with openvas -start 

Open browse for login page and enter details “admin” and password “Pinehead1!” Go to “scans” then “tasks” – name it create a new target with IP etc 

Note openvas is not speedy 

Analysing Open Vas report 

  • Scans and TASKS (No need to wait to finish to check scan) 
  • Scans – reports to view reports  
  • (QoD) How reliable open vas thinks vulnerability is 

NMAP (use for precise check) 

  1. Perform general NMAP scan first to identify open service ports 
  2. Search nmap scripts to check for script to test against a particular identified service ls /usr/share/nmap/scripts | grep smb 
  3. Use script to check vulnerability  
Scroll Up