1. VMSA-2021-0020.1. VMware. (2021, September 20). Retrieved February 13, 2022, from https://www.vmware.com/security/advisories/VMSA-2021-0020.html

  2. Williams, B. D. (2021, November 24). 'the game has changed': VMware exec says defense industry faces destructive cyberattacks, belligerent foes. Breaking Defense. Retrieved February 13, 2022, from https://breakingdefense.com/2021/11/the-game-has-changed-vmware-exec-says-defense-industry-faces-destructive-cyberattacks-belligerent-foes/#:~:text=VMware%20recently%20released%20its%20latest,attacks%2081%25%20of%20the%20time.

  3. “A Look at Linux: Threats, Risks, and Recommendations.” Security News, https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/a-look-at-linux-threats-risks-and-recommendations.

  4. A look at Linux: Threats, risks, and recommendations. Security News. (n.d.). Retrieved February 13, 2022, from https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/a-look-at-linux-threats-risks-and-recommendations

  5. Treuberg, M. (2021, May 24). 7 types of WordPress attacks (and how to avoid them). CreativeMinds. Retrieved February 16, 2022, from https://www.cminds.com/7-types-wordpress-attacks/

  6. https://documentation.wazuh.com/current/index.html

  7. https://documentation.wazuh.com/current/installation-guide/open-distro/all-in-one-deployment/all-in-one.html

  8. About Jason Hoffman I am the Director of Sales and Marketing at Wisdomplexus, et al. “OpenVAS vs. Nessus: How Different Are the Two?” WisdomPlexus, 27 May 2021, https://wisdomplexus.com/blogs/openvas-vs-nessus/.

  9. Automated all-in-one OS command injection exploitation tool. Commix Project. (n.d.). Retrieved March 26, 2022, from https://commixproject.com/?msclkid=f1262423ad3a11ecb81cb84c5b10ff11

  10. Cupp - common user passwords profiler. Haxf4rall. (2019, July 27). Retrieved March 26, 2022, from https://haxf4rall.com/2018/01/24/cupp-common-user-passwords-profiler/?msclkid=8833916fad4211ecabc4eb5c3d319149

  11. Cheruiyot, R., reviewer1804125, reviewer1593909, & reviewer1785186. (2021, November 4). WAZUH reviews, competitors and pricing. Unbiased reviews from the tech community. Retrieved March 24, 2022, from https://www.peerspot.com/products/wazuh-reviews?msclkid=fee62a34abe911eca583c855f2947304

  12. Duc, H. N. (2020, February 6). Legion - Open-Source Network Penetration Testing Tool. Hakin9. Retrieved March 24, 2022, from https://hakin9.org/legion-open-source-network-penetration-testing-tool/?msclkid=15d0710fabeb11ecb729d23574fd158a

  13. Gobuster - penetration testing tools in Kali Tools. GeeksforGeeks. (2021, July 18). Retrieved March 26, 2022, from https://www.geeksforgeeks.org/gobuster-penetration-testing-tools-in-kali-tools/?msclkid=47d34aa3ad3611eca868b25c7bd00198

  14. How to install Gobuster tool on Kali Linux - javatpoint. www.javatpoint.com. (n.d.). Retrieved March 26, 2022, from https://www.javatpoint.com/how-to-install-gobuster-tool-on-kali-linux?msclkid=47d3515ead3611ec9eff7ec0725590fe

  15. How to use Faraday Ide in Kali Linux? – Systran box. (n.d.). Retrieved March 26, 2022, from https://www.systranbox.com/how-to-use-faraday-ide-in-kali-linux/

  16. Kamran, R. (2019, November 5). BURP suite tutorial. Medium. Retrieved March 26, 2022, from https://medium.com/@ramsha.kamran/burp-suite-tutorial-f3ca5bc3368#:~:text=Burp%20Suite%20is%20a%20Java%20based%20Web%20Penetration,and%20verify%20attacks%20that%20are%20affecting%20the%20applications.?msclkid=b89e7577ad4511ec9bcc52a869644476

  17. Keane, J. C. K. (n.d.). Mad irish . NET. Mad Irish:: Hydra Brute Force Utility. Retrieved March 25, 2022, from http://www.madirish.net/429#:~:text=Hydra%20can%20be%20used%20for,with%20anti%2DXSRF%20form%20tokens.

  18. Legion tool in Kali Linux. GeeksforGeeks. (2020, December 24). Retrieved March 24, 2022, from https://www.geeksforgeeks.org/legion-tool-in-kali-linux/msclkid=15cedfbfabeb11ecb8b09161f90714ba

  19. Nessus. (n.d.). Retrieved March 25, 2022, from https://www.cs.cmu.edu/~dwendlan/personal/nessus.html

  20. Nikto. Nikto - an overview | ScienceDirect Topics. (n.d.). Retrieved March 24, 2022, from https://www.sciencedirect.com/topics/computer-science/nikto#:~:text=Nikto%20is%20an%20open-source%20vulnerability%20scanner%2C%20written%20in,and%20nearly%20300%20version-specific%20problems%20on%20web%20servers.?msclkid=769ef0cdabeb11ec93620d5265663ec2

  21. Nmap. (n.d.). Retrieved March 24, 2022, from https://nmap.org/?msclkid=355c5fd7abe811ecaab0393859934a8c

  22. Open vulnerability assessment scanner. OpenVAS. (n.d.). Retrieved March 24, 2022, from https://openvas.org/?msclkid=2d48c640abea11ecb3e45e1782e2dd81

  23. Penetration testing tools. (n.d.). Retrieved March 26, 2022, from https://en.kali.tools/?p=1305

  24. Python-faraday: Kali Linux tools. Kali Linux. (2022, February 10). Retrieved March 25, 2022, from https://www.kali.org/tools/python-faraday/?msclkid=291ab727aca511ecac3219e1fc1b45d5

  25. -, R., By, -, & Ranjith. (2020, May 30). Faraday: Collaborative penetration test & vulnerability management. Kali Linux Tutorials. Retrieved March 25, 2022, from https://kalilinuxtutorials.com/faraday/?msclkid=291a8880aca511ec8b9364a06f07c929

  26. -, R., By, -, & Ranjith. (2019, March 10). Legion: An open-source network penetration testing tool. Kali Linux Tutorials. Retrieved March 24, 2022, from. https://kalilinuxtutorials.com/legion-penetration-testing/? msclkid=15d032c7abeb11ec8100b56fcd6cc674

  27. Shivanandhan, M. (2020, October 2). What is Nmap and how to use it – a tutorial for the greatest scanning tool of all time. freeCodeCamp.org. Retrieved March 24, 2022, from https://www.freecodecamp.org/news/what- is-nmap-and-how-to-use-it-a-tutorial-for-the-greatest-scanning-tool-of-all-time/? msclkid=3559cabcabe811ec83998f7df97bdca3

  28. Shivanandhan, M. (2021, July 15). Web server scanning with nikto – A beginner's guide. freeCodeCamp.org. Retrieved March 24, 2022, from https://www.freecodecamp.org/news/an-introduction-to-web-server-scanning-with-nikto/?msclkid=76a10ad8abeb11ecb0682c77b6c34c13

  29. Sqlmap®. sqlmap. (n.d.). Retrieved March 25, 2022, from https://sqlmap.org/

  30. Veiga, M. S. da. (2019, May 2). Recon-ng how-to I. Medium. Retrieved March 24, 2022, from https://medium.com/hacker-toolbelt/recon-ng-how-to-i-61c866919bcb

  31. Wazuh. (2020, October 27). WAZUH · The Open-Source Security Platform. Wazuh. Retrieved March 24, 2022, from https://wazuh.com/?msclkid=afdde3b7abe911eca41e0bc47a4dfad8

  32. Wazuh¶. Wazuh - Security Onion 2.3 documentation. (n.d.). Retrieved March 24, 2022, from https://docs.securityonion.net/en/2.3/wazuh.html?msclkid=afdf8818abe911eca289cfecba205a99

  33. What is Hashcat - Javatpoint. www.javatpoint.com. (n.d.). Retrieved March 26, 2022, from https://www.javatpoint.com/what-is-hashcat#:~:text=Hashcat%3A%201%20One%20of%20the%20most%20popular%20hacking,Generates%20more%20demand%20for%20the%20implementation%20of%20WPA3?msclkid=8f1138bdad3e11ec8d522a6083de7c36

  34. What is Metasploit? GeeksforGeeks. (2021, January 25). Retrieved March 26, 2022, from https://www.geeksforgeeks.org/what-is-metasploit/?msclkid=100e308cad4411ecb6d189c9f068c7c1

  35. What is Nikto and its usages? GeeksforGeeks. (2021, November 19). Retrieved March 24, 2022, from https://www.geeksforgeeks.org/what-is-nikto-and-its-usages/?msclkid=76a02057abeb11eca79f152d7d6a1f9b

  36. What is OpenVas? - vulnerability assessment. Rhyno Cybersecurity. (2021, September 29). Retrieved March 24, 2022, from https://rhyno.io/what-is-openvas/?msclkid=2d4951e6abea11ec8b8efc6a24ae532a

  37. Wikimedia Foundation. (2022, March 19). Metasploit project. Wikipedia. Retrieved March 26, 2022, from https://en.wikipedia.org/wiki/Metasploit_Project#:~:text=The%20Metasploit%20Project%20is%20a%20computer%20security%20project,aids%20in%20penetration%20testing%20and%20IDS%20signature%20development.?msclkid=100d6ffbad4411ecbc4d0f5b55911e6c

  38. WPSCAN WordPress Security Scanner. (n.d.). Retrieved March 26, 2022, from https://wpscan.com/wordpress-security-scanner?__cf_chl_jschl_tk__=pmd_54811ac696d381f75d6acaeb36ab7b50066adb3c-1626799900-0-gqNtZGzNAiKjcnBszQgi

  39. Xsser Review (cross-site scripting scanner). Linux Security Expert. (n.d.). Retrieved March 26, 2022, from https://linuxsecurity.expert/tools/xsser/#:~:text=XXSER%20helps%20to%20get%20from%20XSS%20to%20Remote,penetration%20testing%2C%20security%20assessment%2C%20or%20web%20application%20analysis.?msclkid=dcfd1818ad3c11ecafefc3c3f97fba37

  40. Zorz, M., & 6, J. (2016, July 6). Faraday: Collaborative PEN Test and Vulnerability Management Platform. Help Net Security. Retrieved March 26, 2022, from https://www.helpnetsecurity.com/2016/07/06/faraday-pen-test/

  41. 22, M., 15, M., 8, M., & 1, M. (2021, June 6). A brief introduction to the OpenVAS Vulnerability Scanner. Infosec Resources. Retrieved March 24, 2022, from https://resources.infosecinstitute.com/topic/a-brief-introduction-to-the-openvas-vulnerability-scanner/?msclkid=2d497072abea11ec98c8f856babc098b

  42. 22, M., 15, M., 8, M., & 1, M. (2021, August 10). Nmap from beginner to advanced [updated 2021]. Infosec Resources. Retrieved March 24, 2022, from https://resources.infosecinstitute.com/topic/nmap/#:~:text=Nmap%20is%20a%20very%20powerful%20utility%20that%20can,Detect%20the%20vulnerability%20and%20security%20holes%20%28Nmap%20scripts%29?msclkid=35594820abe811ec870705ede2a5a5e7

  43. 25, J., 16, D., 7, S., & 5, J. (2021, November 29). Commix – an automated tool for Command Injection. Infosec Resources. Retrieved March 26, 2022, from https://resources.infosecinstitute.com/topic/commix-an-automated-tool-for-command-injection/?msclkid=f1249fefad3a11ecb92bedff76a0ff72