Skip to content

Latest commit

 

History

History
129 lines (89 loc) · 2.69 KB

automated-testing.md

File metadata and controls

129 lines (89 loc) · 2.69 KB

Automated Testing

Mass Vulnerability Scanners

OpenVAS

  • Free and Open Source
  • In Kali by default
  • Enumeration and checks for many known vulnerabilities
  • Open Source offshoot from when Nessus it stopped being opensource
$ openvas-setup

**REMEMBER KEEP TRACK OF THE PASSWORD IT GENERATES FOR YOU!!!**

# Web Interface
$ openvas-start
$ firefox https://127.0.0.1:9392/login/login.html

{% hint style="danger" %}

  • Very Loud on the network
  • Finds vulnerabilities based on comprehensive list of CVE's etc.
    • (these are not necessarily exploitable)
    • Can crash certain network services and overload older machines

Server side scanning {#server-side-scanning}

Nessus {#nessus}

Register and download it here. http://www.tenable.com/products/nessus-home

Then

dpkg -i nameOfFile

Start it

/etc/init.d/nessusd start

Nmap Scripting Engine {#nmap-scripting-engine}

Scripts are found on kali at:

/usr/share/nmap/scripts

nmap --script-help default

Or for a specific script:

nmap --script-help nameOfScript

Run all default scripts together with a port-scan. These scripts could possibily crash certain servers. Causing a denial-of-service. So never run this on production servers.

nmap -sC 192.168.1.101

Nmap has categoriesed their scripts into several different categories to make it easier to run a few of them together

uth
broadcast
default
discovery
dos
exploit
external
fuzzer
intrusive
malware
safe 
version
vuln

So if you want to test all the vuln-scripts you do

nmap 192.168.1.10 -sC vuln

Web Application Scanners {#web-application-scanner}

Nikto {#nikto}

nikto -h example.com

Burp Suite Pro

My personal favorite, Burp Suite is a web application proxy with some really awesome features:

  • Creates a site map as you browse (spidering will also fill out the sitemap)
  • Repeater to quickly edit and resend requests such as payloads to assess any differences in the response
  • Intruder can do anything from bruteforce logins, to content discovery, to fuzzing, to blind sql injection
  • Pro Version has active and passive scanners as you browse as well as source code analysis
  • Many addon modules can be loaded to increase Burp's functionality even more (Best one's are Pro Version only)

Uniscan {#uniscan}

uniscan -h 192.168.1.102

Metasploit - Wmap {#metasploit-wamp}

Wmap import module

msf> load wmap
msf> wmap help

Read more here https://www.offensive-security.com/metasploit-unleashed/wmap-web-scanner/