search

2. Perform Vulnerability Assessment using Various Vulnerability Assessment Tools

A vulnerability assessment is an in-depth examination of the ability of a system or application, including current security procedures and controls, to withstand exploitation.

https://www.youtube.com/watch?index=8&list=PL-Fa25Pu8l6wV1Se-bPY-Onc6t_mUTZHW&pp=gAQBiAQB&t=964s&v=6OuSAuTY1Vwwww.youtube.comchevron-right

hashtag
1. Vulnerability assessment using openVAS

Run the following command to load the openVAS docker.

In a browser , go to https://127.0.0.1/. OpenVAS login page appears, log in with admin/admin.

  1. Navigate to Scans --> Tasks from the Menu bar.

    If a Welcome to the scan task management! pop-up appears, close it.

  2. Hover over wand icon and click the Task Wizard option.

  3. The Task Wizard window appears; enter the target IP address in the IP address or hostname field (here, the target system is Windows Server 2022 [10.10.1.22]) and click the Start Scan button.

  4. The task appears under the Tasks section; OpenVAS starts scanning the target IP address.

  5. Wait for the Status to change from Requested to Done. Once it is completed, click the Done button under the Status column to view the vulnerabilities found in the target system.

    It takes approximately 20 minutes for the scan to complete.

    If you are logged out of the session then login again using credentials admin/admin.

  6. Report: Results appear, displaying the discovered vulnerabilities along with their severity and port numbers on which they are running.

    The results might differ when you perform this task.

  7. Click on any vulnerability under the Vulnerability column to view its detailed information.

  8. Detailed information regarding selected vulnerability appears, as shown in the screenshot.

  9. Similarly, you can check other Reports by hovering over the Report: Results section to view other Reports regarding the vulnerabilities in the target system.

hashtag
2. Vulnerability assessment using Nessus

Paid tool, industry standard.

LogoNessus Vulnerability Scanner: Network Security SolutionTenable®chevron-right

hashtag
3. Vulnerability assessment using GFI LanGuard

Windows tool

https://www.gfi.com/products-and-solutions/network-security-solutions/languardwww.gfi.comchevron-right

hashtag
4. Nikto scanner

Nikto help

start the scan

circle-info

-h specifies the targer

-Tuning scan perimenters, x specifies run all scans against the target

Finding cgi directories

saving the scan

circle-info

-o filename where result will be saved

-F file type

LogoExam Prep & Training for CEH Practical (Unofficial Course)Udemychevron-right
Previous1. Perform Vulnerability Research with Vulnerability Scoring Systems and DatabasesNext3. Perform Vulnerability Analysis using AI

Last updated