This page contains a library of Nessus plugins with detailed information about each plugin. Each entry contains plugin details, detailed vulnerability information, list of publicly available exploits for verifying the vulnerability (Metasploit, Exploit-DB or GitHub links), the risk information (VPR, CVSS, STIG etc.), plugin source with instructions on how to run the plugin if needed, […]
Nessus Plugin Library Read More »
In this article we will look on 12 free and open-source vulnerability scanners for CMS (Content Management System) such as WordPress, Joomla, Drupal, Moodle, Typo3 and similar publishing platforms. We will look on Droopescan, CMSmap, CMSeeK, WPXF, WPScan, WPSeku, WPForce, JoomScan, JoomlaVS, JScanner, Drupwn, Typo3Scan vulnerability scanners that were developed specifically to find vulnerabilities in
CMS Vulnerability Scanners for WordPress, Joomla, Drupal, Moodle, Typo3.. Read More »
In this article, we will look on the top 20 vulnerabilities and misconfigurations of the Microsoft Azure cloud that are commonly found during credentialed security audits and architecture reviews. Information in this post can hopefully aid security architects, auditors and other professionals in assessment of the security posture of a given Azure cloud environment. Introduction
Top 20 Microsoft Azure Vulnerabilities and Misconfigurations Read More »
In this tutorial we will be detailing installation and update of the Nessus Professional vulnerability scanner and its plugins using the Offline method. Offline method is useful in situations where we are required to perform a vulnerability scan of an isolated environment, without having access to the Internet. This tutorial follows the official Tenable instructions
Install Nessus and Plugins Offline (with pictures) Read More »
Looking for default passwords during penetration tests is not always fun. It’s actually hard work, especially when we have a large environment. How can we check all those different web interfaces? Is there a viable automation? This article introduces a new and completely free scanner of default password logins (default-http-login-hunter) which can be useful for
Default Password Scanner (default-http-login-hunter.sh) Read More »
Introducing yanp.sh – Yet Another Nessus Parser! This small tool provides quick and easy way of extracting vital information from Nessus scan results. It can parse multiple results in one go and in the end create a consolidated report from all results combined. This tool helps us speed up the reporting phase, but not only
Nessus CSV Parser and Extractor Read More »
In this article we will look on how to install Nessus vulnerability scanner into a Docker container on a typical Kali Linux installation. We will also cover how to integrate Nessus with Hydra in order to give Nessus login brute forcing capabilities. As the first step we have to make sure that we have Docker
Install Nessus in Docker Read More »
When it comes to security, Tenable products and their Nessus Professional vulnerability scanner belong to the top preferred choices today by many leading companies and security professionals. This article provides closer look and discusses some of the key aspects and reasons why Nessus is so popular in the security industry. Let’s dive right into it.
Detailed Overview of Nessus Professional Read More »
