Kali Linux Software

Good Day

I evaluated quite a lot of the so called vulnerability scanners that is available in Kali Linux and the ones that cab be downloaded from various websites like Github.

My question to you guys - Do you also have conflicting results where WP scan pics up 1 or 2 vulnerabilities but CMSeek and CMSmap gives you some more.

I am under the impression that some of the software is not up to scratch.

What are you guys using to find vulnerabilities in a website, and what is your attack angle if the site is NOT selling anything therefore does not need any form of database

@RiaanN I tend to get false positives. Yeah most scanners do not put same triggers. I tend to use Nikto and Nmap with custom scripts. I like using separate scanners and taking the time to explore the vulnerabilities in order from severity.


CMS scanners are only useful for finding common misconfigurations and enumerating usernames.

1 Like