Vulnerability Identification

Source: Georgia Weidman, “Advanced Penetration Test” Cybrary
Query systems for potential vulnerabilities

(1) Nessus
Vulnerability database + scanner 

(2) Nmap Scripting EngineVulnerability scripts
Listed in /usr/share/nmap/scripts in Kali 

nmap -sC 
nmap –script-help=smb-check-vulns 
nmap –script=nfs-ls 
nmap –script=smb-os-discovery

(3) Metasploit Scanners​auxiliary/scanner/ftp/anonymous 

Web Application Scanning​
(1) Dirbuster
Graphical tool that is used for bruteforcing directories and pages.

(2) NiktoVulnerability database of known website issues
nikto -host

Manual Analysis
*Default passwords – Webdav
*Misconfigured pages – open phpMyAdmin
*Port 3232 on the Windows system – sensitive webserver with directory traversal

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: