Author Topic: Vunrability Scanners  (Read 2158 times)

0 Members and 1 Guest are viewing this topic.

Offline Nortcele

  • Knight
  • **
  • Posts: 211
  • Cookies: -42
  • █+█=██
    • View Profile
Vunrability Scanners
« on: October 22, 2014, 10:26:15 pm »
So seen as though my Nessus license has ran out,

Anyone know of any good, FREE, Vulnerability scanners to take its place?

Thanks.
« Last Edit: October 22, 2014, 10:36:19 pm by Nortcele »
~JaySec
~LulzBlog

TAKE A COOKIE!




0100000101010011010000110100100101001001

Offline Phage

  • VIP
  • Overlord
  • *
  • Posts: 1280
  • Cookies: 120
    • View Profile
Re: Vunrability Scanners
« Reply #1 on: October 22, 2014, 10:26:53 pm »
Fuck scanners, they make too much noise anyway.
"Ruby devs do, in fact, get all the girls. No girl wants a python, but EVERY girl wants rubies" - connection

"It always takes longer than you expect, even when you take into account Hofstadter’s Law."

Offline Nortcele

  • Knight
  • **
  • Posts: 211
  • Cookies: -42
  • █+█=██
    • View Profile
Re: Vunrability Scanners
« Reply #2 on: October 22, 2014, 10:35:57 pm »
I have done all my recon and research and have managed to find an open rtsp port, I need to scan for exploits...
~JaySec
~LulzBlog

TAKE A COOKIE!




0100000101010011010000110100100101001001

Offline HTH

  • Official EZ Slut
  • Administrator
  • Knight
  • *
  • Posts: 395
  • Cookies: 158
  • EZ Titan
    • View Profile
Re: Vunrability Scanners
« Reply #3 on: October 22, 2014, 11:02:19 pm »
Nessus is still a thing? I thought it died along with my highschool days... but I guess I've never had the urge to spend over a grand to use a piece of software for a year.

Anyway, if you really want to use a scanner,

Nexpose and Metasploit are both owned / distributed by Rapid7, and they both have free versions for single IP users. (with limited functionality in the case of Nexpose)

I think OpenVas is still kicking around, and Qualys also exists. I agree with Phage that these scanners are gonna light up the network like a fucking christmas tree but hey.

Or if paid products are your thing, you could go get Core Impact, sure it's like buying a car, but they did pivot attacks first mang.


<ande> HTH is love, HTH is life
<TurboBorland> hth is the only person on this server I can say would successfully spitefuck peoples women

Offline Nortcele

  • Knight
  • **
  • Posts: 211
  • Cookies: -42
  • █+█=██
    • View Profile
Re: Vunrability Scanners
« Reply #4 on: October 22, 2014, 11:13:29 pm »
Using a Metasploit trial now, no worries.
~JaySec
~LulzBlog

TAKE A COOKIE!




0100000101010011010000110100100101001001

Offline d!amond

  • Peasant
  • *
  • Posts: 60
  • Cookies: 15
    • View Profile
Re: Vunrability Scanners
« Reply #5 on: October 23, 2014, 01:02:22 am »
What about intercepting proxies? So you can find vulnerabilities "on the fly"? I am not a big fan of scanners.. but you could try out:

OWASP ZAP https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

Vega https://subgraph.com/vega/

w3af http://w3af.org/

Maybe its something for you

Offline Nortcele

  • Knight
  • **
  • Posts: 211
  • Cookies: -42
  • █+█=██
    • View Profile
Re: Vunrability Scanners
« Reply #6 on: October 23, 2014, 10:11:31 am »
Im using Metasploit Enterprise and Nexpose, both have done the trick and managed to find 72 Vuns 36 of which were Severe in my last test...
~JaySec
~LulzBlog

TAKE A COOKIE!




0100000101010011010000110100100101001001

Offline rocketballz

  • /dev/null
  • *
  • Posts: 17
  • Cookies: -3
    • View Profile
Re: Vunrability Scanners
« Reply #7 on: November 13, 2014, 02:59:11 pm »
Acunetix

~APH ADMIN ~


Offline rocketballz

  • /dev/null
  • *
  • Posts: 17
  • Cookies: -3
    • View Profile
Re: Vunrability Scanners
« Reply #8 on: November 13, 2014, 03:02:12 pm »
Here is the program http://www.mediafire.com/folder/14ol0977ow5tx

~APH ADMIN ~


Offline chapp

  • Peasant
  • *
  • Posts: 87
  • Cookies: 2
    • View Profile
Re: Vunrability Scanners
« Reply #9 on: November 13, 2014, 09:11:41 pm »
I find that scanners are very noisy and the result are too many false-positives, which you spend too much time verifying.

In case of an engagement I'd use scanners as they are "free" in terms of click and run for some hours, while you spend time doing something else and the noise is not a problem if agreed upon. Some engagements requires a more under the radar approach though.

Offline votoco2014

  • NULL
  • Posts: 1
  • Cookies: 0
    • View Profile
Re: Vunrability Scanners
« Reply #10 on: November 18, 2014, 03:13:03 am »
Using a Metasploit 8)

Offline d4rkcat

  • Knight
  • **
  • Posts: 287
  • Cookies: 115
  • He who controls the past controls the future. He who controls the present controls the past.
    • View Profile
    • Scripts
Re: Vunrability Scanners
« Reply #11 on: November 18, 2014, 05:11:52 am »
For webapps, I find Arachni to be the most efficient, most accurate scanner.
Jabber (OTR required): thed4rkcat@einfachjabber.de    Email (PGP required): thed4rkcat@yandex.com    PGP Key: here and here     Blog

<sofldan> not asking for anyone to hold my hand uber space shuttle door gunner guy.


Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: Vunrability Scanners
« Reply #12 on: November 18, 2014, 08:06:38 am »
Try making your own? Its great practice for web application security.
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Vunrability Scanners
« Reply #13 on: November 18, 2014, 08:56:49 am »
I get thousands of requests like these on the webservers I manage.
You would be amazed how quickly it will ban your ass ;)
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline d4rkcat

  • Knight
  • **
  • Posts: 287
  • Cookies: 115
  • He who controls the past controls the future. He who controls the present controls the past.
    • View Profile
    • Scripts
Re: Vunrability Scanners
« Reply #14 on: November 18, 2014, 09:09:35 am »
I get thousands of requests like these on the webservers I manage.
You would be amazed how quickly it will ban your ass ;)

Bet that ban list is a nice collection of proxies and tor exit nodes.
Really though, who is going to be blackbox scanning a website from their own IP?
Jabber (OTR required): thed4rkcat@einfachjabber.de    Email (PGP required): thed4rkcat@yandex.com    PGP Key: here and here     Blog

<sofldan> not asking for anyone to hold my hand uber space shuttle door gunner guy.