# 2. Perform Vulnerability Assessment using Various Vulnerability Assessment Tools

{% embed url="<https://rumble.com/embed/v6m4n36/?pub=4jw86f>" %}
Vulnerability Scanning CEH labs complete walkthrough
{% endembed %}

## 1. Vulnerability assessment using openVAS

Run the following command to load the openVAS docker.

```
docker run -d -p 443:443 –-name openvas mikesplain/openvas
```

In a browser , go to **<https://127.0.0.1/>**. OpenVAS login page appears, log in with **admin**/**admin**.

<figure><img src="https://2218819509-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrUBnODuUX4EQ8P27uc5D%2Fuploads%2FqFOO1pPBsJJ0RhIfVqvs%2Fimage.png?alt=media&#x26;token=f1d9d84a-9e1a-492a-87c5-de6b14653c0f" alt=""><figcaption></figcaption></figure>

1. Navigate to **Scans --> Tasks** from the **Menu** bar.

   > If a **Welcome to the scan task management!** pop-up appears, close it.

   ![](https://labondemand.blob.core.windows.net/content/lab168798/screens/sl2cu4pi.jpg)
2. Hover over wand icon and click the **Task Wizard** option.

   ![](https://labondemand.blob.core.windows.net/content/lab168798/screens/w3yqa1o5.jpg)
3. The **Task Wizard** window appears; enter the target IP address in the **IP address** **or hostname** field (here, the target system is **Windows Server 2022 \[10.10.1.22])** and click the **Start Scan** button.

   ![](https://labondemand.blob.core.windows.net/content/lab168798/screens/3njlyzvf.jpg)
4. The task appears under the **Tasks** section; OpenVAS starts scanning the target IP address.
5. Wait for the **Status** to change from **Requested** to **Done**. Once it is completed, click the **Done** button under the **Status** column to view the vulnerabilities found in the target system.

   > It takes approximately 20 minutes for the scan to complete.

   > If you are logged out of the session then login again using credentials **admin**/**admin**.

   ![](https://labondemand.blob.core.windows.net/content/lab168798/screens/021k4b3a.jpg)
6. **Report: Results** appear, displaying the discovered vulnerabilities along with their severity and port numbers on which they are running.

   > The results might differ when you perform this task.

   ![](https://labondemand.blob.core.windows.net/content/lab168798/instructions267935/open1.jpg)
7. Click on any vulnerability under the **Vulnerability** column to view its detailed information.
8. Detailed information regarding selected vulnerability appears, as shown in the screenshot.

   ![](https://labondemand.blob.core.windows.net/content/lab168798/instructions267935/open4.jpg)
9. Similarly, you can check other Reports by hovering over the **Report:** **Results** section to view other Reports regarding the vulnerabilities in the target system.

## <mark style="color:red;">2. Vulnerability assessment using Nessus</mark>

Paid tool, industry standard.

{% embed url="<https://www.tenable.com/products/nessus>" %}

## <mark style="color:red;">3. Vulnerability assessment using GFI LanGuard</mark>

Windows tool

{% embed url="<https://www.gfi.com/products-and-solutions/network-security-solutions/languard>" %}

## <mark style="color:red;">4. Nikto scanner</mark>

Nikto help

```
nikto -H
```

start the scan

```
nikto -h islamabadtrafficpolice.gov.pk -Tuning x
```

{% hint style="info" %}
-h specifies the targer

-Tuning scan perimenters, x specifies run all scans against the target
{% endhint %}

Finding cgi directories

```
nikto -h certifiedhacker.com -Cgidirs all
```

saving the scan

```
nikto -h certifiedhacker.com -o result -F txt
```

{% hint style="info" %}
-o filename where result will be saved

-F file type
{% endhint %}

{% embed url="<https://www.udemy.com/course/ethical-hacker-practical/?referralCode=289CF01CF51246BCAD6C>" %}