Automated Vulnerability Scanners
Everyone on the interwebz that says they know something about pentesting will talk shit about nessus and say that it is for lazy pentesters, it creates too much noise, and that it produces too many false positives. That may be true, I don't know. But from a learning perspective it can be really great. It can help to show you what kind of vulnerabilities are out there. So whatever, do what you want.
Server side scanning
Nessus
Register and download it here.
http://www.tenable.com/products/nessus-home
Then
dpkg -i nameOfFile
Start it
/etc/init.d/nessusd start
Nmap Scripting Engine
Scripts are found on kali at:
/usr/share/nmap/scripts
nmap --script-help default
Or for a specific script:
nmap --script-help nameOfScript
Run all default scripts together with a port-scan. These scripts could possibily crash certain servers. Causing a denial-of-service. So never run this on production servers.
nmap -sC 192.168.1.101
Nmap has categoriesed their scripts into several different categories to make it easier to run a few of them together
uth
broadcast
default
discovery
dos
exploit
external
fuzzer
intrusive
malware
safe,
version
vuln
So if you want to test all the vuln-scripts you do
nmap 192.168.1.10 -sC vuln
OpenVas
OpenVas is another popular open-soruce vulnerability scanner.
If you are on Kali linux you have to firt run the initial setup scripts, like this
openvas-setup
Make sure to write down the password that the initialisation-scripts gives you
This will download some stuff and start setting everything up. WHen everything is set up you go to the web-interface:
https://127.0.0.1:9392/login/login.html
Metasploit Scanner Module
Web Application Scanner
Nikto
nikto -h example.com
Gobuster
gobuster -u http://INSERTIPADDRESS -w /usr/share/seclists/Discovery/Web_Content/common.txt -s '200,204,301,302,307,403,500' -e -t 50
Uniscan
uniscan -h 192.168.1.102
Metasploit - Wamp
Found in metasploit
load wamp
help
Read more here
https://www.offensive-security.com/metasploit-unleashed/wmap-web-scanner/