When we talk of service scanning using open source scripts, the first thing that comes to mind is making use of various NSE scripts to get the service versions and associated vulnerabilities with the configured services. Now, in a typical manual network penetration test, we not only make use of NSE scripts to get the job done, we also use various Ruby, Perl, and Bash scripts, and Java class files. We also run Metasploit auxiliary modules for service scanning and exploit modules to exploit vulnerabilities and to create a POC. We may also run various Kali tools, such as Nikto for web scanning, or SQLmap, w3af, and Wireshark to capture clear-text usernames and passwords for improperly configured FTP or SSH services. All of these tools and scripts produce a huge information pool that a tester needs to enumerate manually and consolidate. False positives must also be eliminated to arrive to a conclusion as to which services possess which vulnerabilities. The other aspect of manual service scanning is that it lacks standardization and relies more on an individual's expertise and the choice of scripts used. It is important to bear in mind that the scripts to be used are mostly disintegrated from one another such that a person has to follow a sequential approach to run all the desired scripts and modules. We can achieve limited parallelism.

In this chapter, we will see how our vulnerability scanner can automate all of these activities and bring standardization to the whole ecosystem. We will also see how the automated scanner invokes and orchestrates all the amazing tools that Kali has to produce an integrated report for the penetration tester to walk through, giving them a consolidated view that can be used for quick analysis. We will also study the GUI version of the vulnerability scanner, which has more advanced features and complements existing vulnerability scanners such as Nessus. It must be noted that when I use the word complements, by no means am I comparing our scanner with Nessus or Qualys. They are both excellent commercial products that have evolved over years of R&D, and have some excellent engineers working on them. However, we will build something that works amazingly well; knowing the code gives you an opportunity to contribute to the scanner, which in turn helps to make it better and bigger over time.