Nessus

I forgot the username and password for my nessus setup, so here are the steps to troubleshoot the issues: # This command will show the existing usernames on your machine sudo /opt/nessus/sbin/nessuscli lsuser # changing the passweord for a particular username sudo /opt/nessus/sbin/nessuscli chpasswd 0xdf_fak3r Give a new password and you are good to go, navigate to the portal of nessus -> nessus Scanning with nessus: Start the nessus service using the command sudo /bin/systemctl start nessusd.service , then navigate to https://kali:8834 After login, click on the new scan button: Select advance scan from the options: Fill out this basic details first , and setup the target Ip You can customize other settings also, then hit save and Launch. Scan analysis: List of security vulnerabilities. ...

November 24, 2025 · 2 min · 216 words · 0x-s0M3n4th

Vulnerability Discovery Using Nmap

The Nmap Scripting Engine (NSE) is one of the most powerful features within Nmap. It allows penetration testers and security researchers to create, automate, and perform customized scanning on a target system or network. When using NSE, the scanning techniques are usually aggressive and can sometimes create data loss or even crash a target system. NSE script types: Auth: This category contains scripts that can scan a target to detect whether authentication bypass is possible. Broadcast: This category contains scripts that are used to discover host systems on a network. Brute: This category contains scripts that are used to perform some types of bruteforce attacks on a remote server to gain unauthorized access. Default: This category contains a set of default scripts within NSE for scanning. Discovery: This category contains scripts that are used in active information gathering regarding network services on a target. "DoS": This category contains scripts that can simulate a Denial-of-Service (DoS) attack on a target to check whether the target is susceptible to such types of attacks. Exploit: This category contains scripts that are used to actively exploit security vulnerabilities on a target. External: This category contains scripts that usually send data that’s been gathered from a target to an external resource for further processing. Fuzzer: This category contains scripts that are used to send random data into an application to discover any software bugs and vulnerabilities within applications. Intrusive: This category contains high-risk scripts that can crash systems and cause data loss. Malware: This category contains scripts that can determine whether a target is infected with malware. Safe: This category contains scripts that are not intrusive and safe to use on a target system. Version: This category contains scripts that are used to gather the version information of services on a target system. Vuln: This category contains scripts that are used to check for specific vulnerabilities on a target system. Performing scan using NSE: nmap --script ftp-vsftpd-backdoor 172.30.1.134 -p 21 The --script command allows you to specify either a single script, multiple scripts, or a category of scripts. We also saw that the target machine is exploitable: 2. I searched up for the version name and it’s exploit , we got one: 3. Additionally, within Kali Linux, there is a tool known as searchsploit that allows you to perform a query/search for exploits within the offline version of Exploit-DB on Kali Linux 4. Open msfconsole , search for vsftpd 2.3.4 5. use that exploit using the command use 0 , then show info 6. If you want to execute an entire category of scripts in NSE, you can use the –script <category-name> ...

November 24, 2025 · 3 min · 451 words · 0x-s0M3n4th

Working With Greenbone Vulnerability Manager

The Open Vulnerability Assessment Scanner (OpenVAS) tool is a free vulnerability scanner that allows both ethical hackers and penetration testers to perform a vulnerability assessment on a network. OpenVAS can scan both authenticated and unauthenticated vulnerability assets within an organization. Greenbone Vulnerability Manager (GVM) is a centralized management tool that manages the functions and vulnerabilities of OpenVAS. In this exercise, you will learn how to set up GVM on Kali Linux and perform a vulnerability assessment on a target using OpenVAS. ...

November 24, 2025 · 1 min · 212 words · 0x-s0M3n4th

Using Web Application Scanners

Whatweb WhatWeb is a tool that is used to help penetration testers easily identify the available technologies and fingerprint web servers and web applications on a target system. Currently i am running OWASP Juice shop, DVWA(on kali) and metasploitable 2. You can run these commands on any of these 3 machines as metasploitable 2 linux also various vulnerable webserver like DVWA, Multidae, Twiki. You can use those but make sure you provide proper directory in the commands. ...

November 24, 2025 · 4 min · 723 words · 0x-s0M3n4th