# Module 5. Vulnerability Assessment Vulnerability assessments scan networks for known security weaknesses: it recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channel; and evaluates the target systems for vulnerabilities such as missing patches, unnecessary services, weak authentication, and weak encryption. Additionally, it assists security professionals in securing the network by determining security loopholes or vulnerabilities in the current security mechanism before attackers can exploit them. The information gleaned from a vulnerability assessment helps you to identify weaknesses that could be exploited and predict the effectiveness of additional security measures in protecting information resources from attack. The labs in this module will give you real-time experience in collecting information regarding underlying vulnerabilities in the target system using various online sources and vulnerability assessment tools. {% embed url="" %} ### Objective The objective of this lab is to extract information about the target system that includes, but not limited to: * Network vulnerabilities * IP and Transmission Control Protocol/User Datagram Protocol (TCP/UDP) ports and services that are listening * Application and services configuration errors/vulnerabilities * The OS version running on computers or devices * Applications installed on computers * Accounts with weak passwords * Files and folders with weak permissions * Default services and applications that may have to be uninstalled * Mistakes in the security configuration of common applications * Computers exposed to known or publicly reported vulnerabilities --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ceh-practical.cavementech.com/module-5.-vulnerability-assessment.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.