Lockdoor Framework

A Penetration Testing Framework

View on GitHub

Vulnerability Scanning

Vulnerability scans can generate a great deal of traffic and, in some cases, can even result in denial of service conditions on many network devices, so caution must be exercised before making use of mass vulnerability scanners on a penetration test.

Vulnerability Scanning with Nmap

>cd /usr/share/nmap/scripts/
ls -l *vuln*

We will see in the output that not only did Nmap will find if the server is vulnerable; it also retrieved the admin'ʹs password hash.

>nmap -v -p 80 --script=http-vuln-cve2010-2861 192.168.11.210
>nmap -v -p 21 --script=ftp-anon.nse 192.168.11.200-254
>nmap -v -p 139, 445 --script=smb-security-mode 192.168.11.236

For example, you can use nmap data to verify that all domain web servers have been patched against CVE-2011-319240, an Apache denial of service vulnerability.

>nmap -v -p 80 --script=http-vuln-cve2011-3192 192.168.11.205-­‐210

The OpenVAS Vulnerability Scanner

(OpenVAS) is a powerful vulnerability scanner, containing thousands of vulnerability checks.

OpenVAS Initial Setup

># First, run the initial setup
> openvas-setup
# Then add user
> openvas-adduser
# now launch Greenbone Security Desktop and log in
> gsd

More NSE Scripts

nmap -v -p 80 --script http-vuln-cve2010-2861 $IP

nmap -v -p 80 --script all $IP

OpenVAS

Several steps needed before running in Kali

  1. openvas-setup
  2. https://localhost:9392