# 2. Perform Vulnerability Assessment using Various Vulnerability Assessment Tools {% embed url="" %} Vulnerability Scanning CEH labs complete walkthrough {% endembed %} ## 1. Vulnerability assessment using openVAS Run the following command to load the openVAS docker. ``` docker run -d -p 443:443 –-name openvas mikesplain/openvas ``` In a browser , go to ****. OpenVAS login page appears, log in with **admin**/**admin**.

1. Navigate to **Scans --> Tasks** from the **Menu** bar. > If a **Welcome to the scan task management!** pop-up appears, close it. ![](https://labondemand.blob.core.windows.net/content/lab168798/screens/sl2cu4pi.jpg) 2. Hover over wand icon and click the **Task Wizard** option. ![](https://labondemand.blob.core.windows.net/content/lab168798/screens/w3yqa1o5.jpg) 3. The **Task Wizard** window appears; enter the target IP address in the **IP address** **or hostname** field (here, the target system is **Windows Server 2022 \[10.10.1.22])** and click the **Start Scan** button. ![](https://labondemand.blob.core.windows.net/content/lab168798/screens/3njlyzvf.jpg) 4. The task appears under the **Tasks** section; OpenVAS starts scanning the target IP address. 5. Wait for the **Status** to change from **Requested** to **Done**. Once it is completed, click the **Done** button under the **Status** column to view the vulnerabilities found in the target system. > It takes approximately 20 minutes for the scan to complete. > If you are logged out of the session then login again using credentials **admin**/**admin**. ![](https://labondemand.blob.core.windows.net/content/lab168798/screens/021k4b3a.jpg) 6. **Report: Results** appear, displaying the discovered vulnerabilities along with their severity and port numbers on which they are running. > The results might differ when you perform this task. ![](https://labondemand.blob.core.windows.net/content/lab168798/instructions267935/open1.jpg) 7. Click on any vulnerability under the **Vulnerability** column to view its detailed information. 8. Detailed information regarding selected vulnerability appears, as shown in the screenshot. ![](https://labondemand.blob.core.windows.net/content/lab168798/instructions267935/open4.jpg) 9. Similarly, you can check other Reports by hovering over the **Report:** **Results** section to view other Reports regarding the vulnerabilities in the target system. ## 2. Vulnerability assessment using Nessus Paid tool, industry standard. {% embed url="" %} ## 3. Vulnerability assessment using GFI LanGuard Windows tool {% embed url="" %} ## 4. Nikto scanner Nikto help ``` nikto -H ``` start the scan ``` nikto -h islamabadtrafficpolice.gov.pk -Tuning x ``` {% hint style="info" %} -h specifies the targer -Tuning scan perimenters, x specifies run all scans against the target {% endhint %} Finding cgi directories ``` nikto -h certifiedhacker.com -Cgidirs all ``` saving the scan ``` nikto -h certifiedhacker.com -o result -F txt ``` {% hint style="info" %} -o filename where result will be saved -F file type {% endhint %} {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ceh-practical.cavementech.com/module-5.-vulnerability-assessment/2.-perform-vulnerability-assessment-using-various-vulnerability-assessment-tools.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.