WDavid404
commented
8 months ago - Vulnerability Scanning Theory
- Vulnerability Scanning with Nessus
- Vulnerability Scanning with Nmap
Open WDavid404 opened 8 months ago
WDavid404
commented
8 months ago WDavid404
commented
8 months ago As an alternative to Nessus, we can also use the NSE1 to perform automated vulnerability scans.
In this section, we will focus on the vuln category to leverage Nmap as a lightweight vulnerability scanner.
On our Kali VM, the NSE scripts can be found in the /usr/share/nmap/scripts/ directory with the .nse filetype.
kali@kali:~$ cd /usr/share/nmap/scripts/
kali@kali:/usr/share/nmap/scripts$ cat script.db | grep "\"vuln\""
Entry { filename = "afp-path-vuln.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "broadcast-avahi-dos.nse", categories = { "broadcast", "dos", "intrusive", "vuln", } }
Entry { filename = "clamav-exec.nse", categories = { "exploit", "vuln", } }
Entry { filename = "distcc-cve2004-2687.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "dns-update.nse", categories = { "intrusive", "vuln", } }
...Let's start with an Nmap scan using all of the NSE scripts from the vuln category.
kali@kali:~$ sudo nmap -sV -p 443 --script "vuln" 192.168.50.124
[sudo] password for kali:
Starting Nmap 7.92 ( https://nmap.org )
...
PORT STATE SERVICE VERSION
443/tcp open http Apache httpd 2.4.49 ((Unix))
...
| vulners:
| cpe:/a:apache:http_server:2.4.49:
...
| CVE-2022-36760 5.1 https://vulners.com/cve/CVE-2022-36760
...
|_http-server-header: Apache/2.4.49 (Unix)
MAC Address: 00:0C:29:C7:81:EA (VMware)Let's practice how to do this with CVE-2021-41773
sudo nmap -sV -p 443 --script "http-vuln-cve2021-41773" 192.168.50.124WDavid404
commented
6 months ago https://www.tenable.com/downloads/nessus?loginAttempted=true 选择 Linux Ubuntu aarch64
Start Nessus Scanner by typing /bin/systemctl start nessusd.service。Then go to https://kali:8834/ to configure your scanner