Vulnerability Mapping And Exploitation

Created On 30. Apr 2020

Updated: 2021-05-02 02:56:34.838602000 +0000

Created By: acidghost

there are various vulnerability scanners that can be used to map vulnerabilities. I will stick to Nessus for a while, because it comes with clean functionality and has a wide support. You can get nessus from You will need to register for free on their site to get an activation code, but after that you can follow the commands on the screen and access is on port 8834 on linux. Paste your registration code when asked and create your profile. Mind that plugin compilation might take a while on slower machines. After the setup is done, fire you first scan against your target.

the metasploit framework is a powerful tool that can be used for most of known types of attacks by combining exploits with payloads.
It can be accessed from terminal by typing 'msf'. The tool itself cannot be well covered even in a book. Here is a good one by the way However, some techniques will be still shown on this site, and of course, I will make them as cool as possible.

one of the best methods to work your way through exploits, is by directly checking them in metasploit's exploit db located in /usr/share/exploitdb/. Most of scripts are written in ruby and you will also find subdirectories that refer to different platforms. If you want to look for specific exploits, you can grep the output like this for example:
$ grep smb files.csv
You can check out the file for the results. You can grep further like this:
$ grep smb files.csv | grep windows
This will check exploits that have smb in the file name and reffered to a windows path.

lets you perfrom social engineering attacks based on peoples' security mistakes in an organization.
You can create custom payloads towards powershell or using an Arduino and automate a mass email attack. Or create a fake mirror website to trick the victim into giving you access to whatever credentials they are using.

Burp Suite
this is a quite sphisticated tool that let's you test many types of vulnerabilities allowing to load different extensions in itself. It owns a structured UI and comes loaded with it's own documentation on handling among it's own flow.
You can start checking it h͙e͙r͙e͙

this is a specifically made vulnerable machine that can be used to be tested against. As soon it is connected to network, it can be accessed by its IP, where some applications can be found that await someone to hack them. There will be more examples that will be demonstrated against it. You can get it here

Section: Web