Security testing tools that we should know?

1.nmap

Installation:-
1.Download the .tar file
2. untar, bzip2 -cd nmap-versionXX.tar.bz2 | tar xvf -cd nmap-versionXXX
3.cd nmap-version
4. ./configure
5.make
6. su root
7.make install

nmap installation

If all the steps runs successfully, we have the following console message:-
NMAP SUCCESSFULLY INSTALLED

Check the nmap version, nmap –version

How to find open ports for given server say (50.9.51.65)

nmap -sV -p 1-65535 50.9.51.65
This command will scan all of your local IP range , and will perform service identification (-sV) and will scan all ports (-p 1-65535).
Result:-

nmap open port results
Add caption

Learn more parameters 

2.Nikto
Requirements for nikto

Installation:-

  • Download the latest version from github
  • Extract the files
  • cd nikto-master/program
  • perl nikto.pl

Note:- in our example we used Ubuntu OS, which have perl preinstalled.

nikto launching

How to scan multiple ports using nikto:-
perl nikto.pl -h www.website.com -p 80,443
above we used 2 ports (80,443)

Learn more about nikto

3.wp-scan
Scanning vulnerabilities in wordpress website.
Installation:-
Clone the code, install the dependencies based on the enviornment (OS)
run it to scan the wordpress websites.

wpscan installation

Example:- 
ruby wpscan.rb –url www.example.com

Leave a Reply

Your email address will not be published. Required fields are marked *