Scanning

Vulnerability Scanning

By this point you should be ready to start and already have completed these things:

1. Signed Rules of Engagement
2. Scoping information
3. Validated scope
4. Sent kickoff email

Nessus

tenable.com/products/nessus $$$

Nessus Essentials is free:
tenable.com/products/nessus/nessus-essentials

Alternatives to Nessus

1. Astra Pentest
2. Indusface WAS
3. Invicti (formerly Netsparker)
4. Intruder
5. ManageEngine Vulnerability Manager Plus
6. Acunetix
7. Open VAS
8. Metasploit
9. Burp Suite
10. Qualys Cloud Platform
11. Tennable.io
12. OpenSCAP
13. Tripwire

Scan Demo

Demo is based on tesla at bugcrowd. bugcrowd.com/tesla
To use bugcrowd.com you needs an account set up and configured.

Note: In this case you would need to find out if automated scanning is out of scope.

Steps

Interface is probably different now and steps may have changed.

• Nessus - Advanced Scan
  • Name, description.
  • Targets: paste in IP address from scope.
  • Schedule: you can set when it will run.
  • Discovery: usually left at default for external.
  • Port Scanning: 1-65535
  • Service Discovery: leave as default.
  • Web Applications: Turn on Scan web applications.
  • Check through the rest of the settings and understand what they are for.