EvilZone
Hacking and Security => Hacking and Security => : Nortcele October 22, 2014, 10:26:15 PM
-
So seen as though my Nessus license has ran out,
Anyone know of any good, FREE, Vulnerability scanners to take its place?
Thanks.
-
Fuck scanners, they make too much noise anyway.
-
I have done all my recon and research and have managed to find an open rtsp port, I need to scan for exploits...
-
Nessus is still a thing? I thought it died along with my highschool days... but I guess I've never had the urge to spend over a grand to use a piece of software for a year.
Anyway, if you really want to use a scanner,
Nexpose and Metasploit are both owned / distributed by Rapid7, and they both have free versions for single IP users. (with limited functionality in the case of Nexpose)
I think OpenVas is still kicking around, and Qualys also exists. I agree with Phage that these scanners are gonna light up the network like a fucking christmas tree but hey.
Or if paid products are your thing, you could go get Core Impact, sure it's like buying a car, but they did pivot attacks first mang.
-
Using a Metasploit trial now, no worries.
-
What about intercepting proxies? So you can find vulnerabilities "on the fly"? I am not a big fan of scanners.. but you could try out:
OWASP ZAP https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Vega https://subgraph.com/vega/
w3af http://w3af.org/
Maybe its something for you
-
Im using Metasploit Enterprise and Nexpose, both have done the trick and managed to find 72 Vuns 36 of which were Severe in my last test...
-
Acunetix
~APH ADMIN ~
-
Here is the program http://www.mediafire.com/folder/14ol0977ow5tx
~APH ADMIN ~
-
I find that scanners are very noisy and the result are too many false-positives, which you spend too much time verifying.
In case of an engagement I'd use scanners as they are "free" in terms of click and run for some hours, while you spend time doing something else and the noise is not a problem if agreed upon. Some engagements requires a more under the radar approach though.
-
Using a Metasploit 8)
-
For webapps, I find Arachni (https://github.com/Arachni/arachni) to be the most efficient, most accurate scanner.
-
Try making your own? Its great practice for web application security.
-
I get thousands of requests like these on the webservers I manage.
You would be amazed how quickly it will ban your ass ;)
-
I get thousands of requests like these on the webservers I manage.
You would be amazed how quickly it will ban your ass ;)
Bet that ban list is a nice collection of proxies and tor exit nodes.
Really though, who is going to be blackbox scanning a website from their own IP?
-
Bet that ban list is a nice collection of proxies and tor exit nodes.
Really though, who is going to be blackbox scanning a website from their own IP?
Because it doesn't really matter doing so.
You know , who gives a fuck , if I would have to report every single malicious attempt I would have nothing else to do the entire day.
Since most of it is dynamic anyway it is only relevant for a short period.
Irl it does hardly matter , you end up banned , end of story.
You gotta do some real nasty shit if you want to end up blacklisted ;)
-
Lets try to remember that vulnerability scanners are not malicious by themselves, and are in fact handy tools for those making software and web pages.
-
I find that scanners are very noisy and the result are too many false-positives, which you spend too much time verifying.
In case of an engagement I'd use scanners as they are "free" in terms of click and run for some hours, while you spend time doing something else and the noise is not a problem if agreed upon. Some engagements requires a more under the radar approach though.
What do you do instead of using a scanner? nmap to see what ports are open and then version them one at a time, then look up on websites to see if the versions have vulnerabilities?
-
Yeah he needs to jump off a bridge with that.
-
Hello, Offline Nortcele
You can always find cracks for paid ones. You can find cracks at torrenting websites like Kickass.to but most torrents have some sort of malware in it. I reconmend you start learning about web pentesting. You get more out of it. In the long run you will be very happy with it. Manually is a lot better in my opinion.