FORUM

Welcome to the AZ Managed IT Community Forum

Support • Collaboration • Expertise

Helping businesses across Arizona, New Mexico, California & Texas with expert tech support, system administration, and cybersecurity guidance. Use this space to troubleshoot, learn, and collaborate with our support team and peers.

Website Vulnerability Scan Using Kali Linux – Tools, Tips & What I Found

0 Replies

0 Subscribed to this topic

0 Subscribed to this forum

Sort:

Author

Messages

SuperUser Account

Posts: 11

6/26/2025 9:22 PM

Hey everyone,

I wanted to share my experience running a website scan using Kali Linux and get some feedback or suggestions from others who do similar testing.

I spun up Kali and used a few of the standard tools to evaluate the security posture of a client website (with permission, of course). Here’s a quick breakdown of what I did:

Tools Used:

nmap – for port scanning and service detection
nikto – quick web server vulnerability scan
dirb – brute-force directory and file discovery
whatweb – to fingerprint the web technologies in use
gobuster – for faster directory brute-forcing
wpscan – since it’s a WordPress site
sslscan / sslyze – to check SSL/TLS configurations

Sample Command Highlights:

bash

nmap -sV -T4 targetsite.com nikto -h https://targetsite.com gobuster dir -u https://targetsite.com -w /usr/share/wordlists/dirb/common.txt wpscan --url https://targetsite.com --enumerate p

Findings:

SSL settings need hardening (e.g., TLS 1.0 still enabled)
Admin panel was accessible without IP restrictions
Outdated WordPress plugins detected
Some hidden directories exposed via gobuster

Next Steps:
I’m drafting a formal report now, but I’d love any advice on:

Additional tools I should be using for deeper inspection
Best ways to validate false positives
Open-source tools for automated report generation from scan outputs

Let me know what your typical workflow looks like, or any newer tools you’ve added to your Kali setup.

Cheers!
—Joseph