Identify vulnerabilities,
1, based on the port scan results service version information (slower)
2, search for public vulnerability databases (in large quantities)
www.exploit-db.com ------ can be found vulnerability has been disclosed
/ usr / share / exploitdb / --------- kali path memory module comes vulnerability
searchsploit -------------- searching module corresponding vulnerability
example: searchsploit wondows 7 / searchsploit tomcat ------ win7 can occur or tomcat vulnerabilities module
You can also use the tools available: sandi (apt-get install sandi)
3, using vulnerability scanners achieve Vulnerability Management
Vulnerability scanning type
Active scan
1, there Authentication
2, no authentication
Passive scanning
1, image capture port
2. Other sources of input
Agent-based scanning
1, limited platform support
NMAP scans script
1, smb-vuln-ms10-061.nse
one stuxnel worm exploited vulnerabilities four
print spoiler improper permissions, and promised to file a request can be created in the system directory, execute arbitrary code
LANMAN API enumeration shared printer
Remote shared printer name
smb-enum-shares enumerate share
Authentication parameters --------- smbuser, smbpassword
nmap -p445 --script=smb-enum-shares --scipt-args=smbuser=admin,smbpassword=pass 192.168.1.20
nmap -p445 --script=smb-enum-shares 192.168.1.20
The first vulnerability scanner: openvas
Nessus vulnerability branch project, management of the target system, free and open source, kali installed by default, but not configured to start
root@kali:~# apt-get install openvas
root@kali:~# openvas-setup
Links:
https://blog.csdn.net/AcSuccess/article/details/73001730?utm_source=blogxgwz6
Additional knowledge:
Error message: NSE: to the initialize at The failed The Script Engine:
/usr/bin/../share/nmap/nse_main.lua:801: 'smb-the Check-vulns.nse' category A DID not match, filename, or Directory
This is due to start from NMAP 6.49beta6, smb-check-vulns.nse script was canceled.
It is divided into smb-vuln-conficker, • smb-vuln-cve2009-3103, smb-vuln-ms06-025, smb-vuln-ms07-029, smb-vuln-regsvc-dos, smb-vuln-ms08-067 The six scripts.
Users need to select the corresponding script based on. If you are unsure which one of you can use smb-vuln -. * Nse to specify all of the script file.