Editing
Vulnerability Analysis
(section)
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Automated Scanning == Automated scanners provide rapid coverage of large attack surfaces and deliver structured reports. === Common Techniques === * Service version detection through banner parsing and protocol negotiation * CVE mapping based on software fingerprints and patch levels * Authenticated configuration checks via SSH, WinRM, or API tokens * Web vulnerability signatures (XSS, SQLi, LFI, SSRF) matched by pattern engines * Policy compliance tests against CIS or DISA benchmarks * Continuous integration hooks that scan each code push or image build === Tools === * [[Nessus]] (commercial vulnerability scanner with extensive plugin library) * [[OpenVAS]] / [[Greenbone]] (open-source scanner aligned with CVE feeds) * [[Nuclei]] (YAML-based fast scanner driven by community templates) * [[Qualys VMDR]] (cloud platform for large-scale asset and patch management) * [[Nikto]] (web server vulnerability discovery) * [[WPScan]] (WordPress-specific scanner) * [[Trivy]] (container image scanner for OS packages and SBOM data) * [[Clair]] (static container image analysis) === Vulnerability Databases & References === * [https://www.exploit-db.com exploit-db.com] (archived exploits and shellcode mapped to CVEs) * [https://nvd.nist.gov NVD] (official National Vulnerability Database with CVSS scoring) * [https://cve.mitre.org CVE List] (unique identifiers for publicly disclosed vulnerabilities) * [https://packetstormsecurity.com Packet Storm] (daily advisories, exploit code, and patches) * [https://vulners.com Vulners] (aggregated search across exploits, advisories, and vendor bulletins) * [https://cvedetails.com CVE Details] (searchable CVE catalog with vendor and product statistics)
Summary:
Please note that all contributions to HackOps may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
HackOps:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Create account
Log in
Namespaces
Page
Discussion
English
Views
Read
Edit
Edit source
View history
More
Search
Navigation
Tools
What links here
Related changes
Special pages
Page information