====== Scanners de vulnérabilités ======

===== Nikto =====

https://github.com/sullo/nikto

  * https://tools.kali.org/information-gathering/nikto

Le ''Run as a Docker container'' à partir d’un ''git clone'' fonctionne très bien.

<code bash>
docker run --rm -v /home/user/tmp:/tmp sullo/nikto \
 -h https://www.internet.net/ \
 -o /tmp/out.json \
 -Save /tmp/false_positive1
</code>

On trouve des choses comme https://framagit.org/Cyrille37/fail2ban-tools#d%C3%A9tecter-httpd-scanner mais aussi https://github.com/sullo/nikto/issues/474.

===== Metasploit framework =====

  * https://github.com/rapid7/metasploit-framework/

  * https://tools.kali.org/exploitation-tools/metasploit-framework

==== Run with docker ====

  * https://github.com/rapid7/metasploit-framework/tree/master/docker

Les fichiers de données sont dans ''/usr/src/metasploit-framework/data/''.

Une fois msfconsole lancé:
<code>
msf6 auxiliary(scanner/ssh/ssh_version) > search ssh_version

Matching Modules
================

   #  Name                                       Disclosure Date  Rank    Check  Description
   -  ----                                       ---------------  ----    -----  -----------
   0  auxiliary/fuzzers/ssh/ssh_version_15                        normal  No     SSH 1.5 Version Fuzzer
   1  auxiliary/fuzzers/ssh/ssh_version_2                         normal  No     SSH 2.0 Version Fuzzer
   2  auxiliary/fuzzers/ssh/ssh_version_corrupt                   normal  No     SSH Version Corruption
   3  auxiliary/scanner/ssh/ssh_version                           normal  No     SSH Version Scanner


Interact with a module by name or index. For example info 3, use 3 or use auxiliary/scanner/ssh/ssh_version

msf6 auxiliary(scanner/ssh/ssh_version) > use auxiliary/scanner/ssh/ssh_version
msf6 auxiliary(scanner/ssh/ssh_version) > show options

Module options (auxiliary/scanner/ssh/ssh_version):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   RHOSTS   146.59.178.83    yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   RPORT    22               yes       The target port (TCP)
   THREADS  1                yes       The number of concurrent threads (max one per host)
   TIMEOUT  30               yes       Timeout for the SSH probe

msf6 auxiliary(scanner/ssh/ssh_version) > set RHOSTS 146.59.178.83
RHOSTS => 146.59.178.83
msf6 auxiliary(scanner/ssh/ssh_version) > run

[+] 146.59.178.83:22      - SSH server version: SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7 ( service.version=7.4p1 openssh.comment=Debian-10+deb9u7 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH service.cpe23=cpe:/a:openbsd:openssh:7.4p1 os.vendor=Debian os.family=Linux os.product=Linux os.version=9.0 os.cpe23=cpe:/o:debian:debian_linux:9.0 service.protocol=ssh fingerprint_db=ssh.banner )
[*] 146.59.178.83:22      - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/ssh/ssh_version) > 
</code>