Security Tools Exploration

Md. Atiqur Rahman

Roll:1417
IIT
University of Dhaka
Burp Suite
In the field of web application security testing, Burp Suite has established itself
as a powerful and widely-used tool. Burp Suite is a graphical platform for web
application security testing developed by the company PortSwigger. It is a
popular tool used by security professionals to identify vulnerabilities in web
applications. Burp Suite consists of a number of different tools that can be used
to manually or automatically test a web application. Some of the core features
of Burp Suite are following:
 Burp Suite’s core functionality lies in its ability to intercept and
manipulate HTTP traffic between a web application and the client. The
Intercept feature can be used to pause and modify HTTP requests and
responses to inspect and analyze the data exchanged.
 Burp Suite offers automated vulnerability scanning capabilities, enabling
to identify common web application security issues quickly. With its
built-in scanner, Burp Suite can crawl a website, discover different
components, and perform security checks for vulnerabilities like SQL
injection, cross-site scripting, and insecure direct object references.
 Burp Suite includes a web spidering tool that automatically navigates
through a website, discovering and mapping its structure. This feature
helps in comprehensively testing all available functionalities and finding
hidden or forgotten parts of a web application.
Reference: https://portswigger.net/burp
Nmap
Nmap is short for Network Mapper. It is an open-source Linux command-line
tool that is used to scan IP addresses and ports in a network and to detect
installed applications. Nmap allows network admins to find which devices are
running on their network, discover open ports and services, and detect
vulnerabilities. Gordon Lyon wrote Nmap as a tool to help map an entire
network easily and to find its open ports and services.
Nmap helps to quickly map out a network without sophisticated commands or
configurations. It also supports simple commands (for example, to check if a
host is up) and complex scripting through the Nmap scripting engine.
Other features of Nmap include:
 Ability to quickly recognize all the devices including servers, routers,
switches, mobile devices, etc on single or multiple networks.
 Helps identify services running on a system including web servers, DNS
servers, and other common applications. Nmap can also detect
application versions with reasonable accuracy to help detect existing
vulnerabilities.
 Nmap can find information about the operating system running on
devices. It can provide detailed information like OS versions, making it
easier to plan additional approaches during penetration testing.
Reference: https://nmap.org/book/intro.html
Nikto
Nikto is an Open Source web server scanner which performs comprehensive
tests against web servers for multiple items, including over 6700 potentially
dangerous files/programs, checks for outdated versions of over 1250 servers,
and version specific problems on over 270 servers. It also checks for server
configuration items such as the presence of multiple index files, HTTP server
options, and will attempt to identify installed web servers and software. Scan
items and plugins are frequently updated and can be automatically updated.
Nikto is not designed as a stealthy tool. It will test a web server in the quickest
time possible. The goal of the project is to examine a web server to find
potential problems and security vulnerabilities, including:
 Server and software misconfigurations
 Default files and programs
 Insecure files and programs
 Outdated servers and programs
 Pointers to lead a human tester to better manual testing
Nikto is built on LibWhisker2 (by Rain Forest Puppy) and can run on any
platform which has a Perl environment. It supports SSL, proxies, host
authentication, attack encoding and more.
Reference: https://github.com/sullo/nikto
OpenVAS
OpenVAS (Open Vulnerability Assessment System) is a comprehensive and
powerful vulnerability scanner that is used to identify and assess security
weaknesses in systems and networks. It is a free and open-source tool that is
widely used by security professionals and organizations of all sizes. Here are
some key points about OpenVAS:
 OpenVAS scans networks, hosts, and applications to identify known
vulnerabilities, misconfigurations, and potential security weaknesses.
 OpenVAS utilizes a plugin-based system that allows it to support a wide
range of vulnerability checks and security tests. New plugins can be
added and updated to keep up with the latest vulnerabilities.
 It can be used to assess compliance with various security standards and
regulatory requirements, such as PCI DSS, HIPAA, and CIS benchmarks.
 OpenVAS helps organizations identify and catalog all devices and
systems connected to their network, helping maintain an up-to-date
inventory.
 OpenVAS can scan web applications for common vulnerabilities,
including SQL injection, cross-site scripting (XSS), and insecure
authentication.
 Users can configure OpenVAS scans by specifying target hosts, scan
policies, and other parameters to tailor scans to their specific needs.
 OpenVAS supports scanning with credentials, allowing for more in-depth
assessments of hosts, including software inventory and configuration
checks.
 OpenVAS can integrate with other security tools and platforms, such as
SIEM systems, to provide a comprehensive security ecosystem.

Reference: https://github.com/greenbone/openvas-scanner
Nuclei
Nuclei is a fast vulnerability scanner designed to probe modern applications,
infrastructure, cloud platforms, and networks, aiding in the identification and
mitigation of exploitable vulnerabilities.At its core, Nuclei uses templates—
expressed as straightforward YAML files, that delineate methods for detecting,
ranking, and addressing specific security flaws. Each template delineates a
possible attack route, detailing the vulnerability, its severity, priority rating, and
occasionally associated exploits. This template-centric methodology ensures
Nuclei not only identifies potential threats, but pinpoints exploitable
vulnerabilities with tangible real-world implications.
General features
 Nuclei offers a vast collection of community-powered templates for
targeted scans of various vulnerabilities and attack vectors.
 Support for various target specification options, such as URLs, IP ranges,
ASN range, and file input, allowing flexibility in defining the scanning
scope.
 Perform bulk scanning by specifying multiple targets at once, enabling
efficient scanning of a large number of assets or websites.
 Customize scanning templates to fit specific needs, allowing tailored
scanning and focusing on relevant security checks.
 Supports parallel scanning, reducing scanning time and improving
efficiency, especially for large-scale targets.
 Generates detailed reports with actionable insights, including
vulnerability details, severity levels, affected endpoints, and suggested
remediation steps.
 Seamlessly integrate Nuclei into CI/CD pipelines for automated security
testing as part of the development and deployment process.
 Execute custom code within Nuclei templates to incorporate user-defined
logic, perform advanced scanning actions, and more.
Reference: https://github.com/projectdiscovery/nuclei