Scribd
Upload
50 views

Practical 7

Uploaded by

Bhavik Sanghar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
50 views

Practical 7

Uploaded by

Bhavik Sanghar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

240280723022 AC&NS

Practical – 7
Objective: Exploring Vulnerability Assessment Tools

Introduction to Vulnerability Assessment Tools

Vulnerability assessment tools are essential in cybersecurity for


detecting and analyzing security flaws. These tools assist security
professionals in identifying vulnerabilities, misconfigurations,
outdated software, and compliance gaps. They are integral to
proactive security practices, ensuring that potential attack vectors
are addressed before exploitation.

Here’s a list of widely used vulnerability assessment tools :

1. Nmap (Network Mapper)


 A network scanning tool that detects open ports, running
services, and potential vulnerabilities in a network.
2. OpenVAS (Greenbone Vulnerability Management)
 Open-source scanner for comprehensive vulnerability
assessments of networks and systems.
3. Nessus
 A commercial vulnerability scanner for identifying
software vulnerabilities, misconfigurations, and
compliance issues.
4. Qualys Free Scanner
 A cloud-based tool offering lightweight scanning and
reporting for vulnerabilities and compliance.
5. Burp Suite
 A penetration testing tool for identifying
vulnerabilities like SQL injection and XSS in web
applications.
6. OWASP ZAP (Zed Attack Proxy)
 Open-source alternative to Burp Suite for web application
security testing.
7. Metasploit Framework
 A tool for vulnerability assessment, exploitation, and
penetration testing, used to validate vulnerabilities.
8. Nikto
 A lightweight tool for scanning web servers to detect
outdated software, misconfigurations, and common
vulnerabilities.

pg. 1
240280723022 AC&NS

What is Nmap?

Nmap (Network Mapper) is an open-source tool used for network exploration and security
auditing. It can:

 Discover hosts on a network.


 Identify services (e.g., web servers, DNS servers) running on specific ports.
 Detect open ports and possible vulnerabilities.
 Fingerprint OS versions (determine the operating system running on a host).
 Conduct network inventory or perform vulnerability assessments

Basic Ping Scan (Host Discovery) This scans a network to find which hosts are online (like
an advanced ping):

-sn: Ping scan. Only check if hosts are up, without port scanning.

Simple Port Scanning This scans for open ports on a target host:

pg. 2
240280723022 AC&NS

Vulnerability Assessment

Scan for open ports and services: nmap -sV <target>

Use Nmap Scripts for Vulnerability Scanning:


Nmap’s vuln scan will run the tool’s default vulnerability scanning
scripts against a target. These are great for finding common
vulnerabilities that you may be able to exploit.

nmap --script=vuln <target>

When to Use Vuln


Nmap’s vuln scan is a great option for scanning for commonly abused
vulnerabilities on legacy systems or when you do not have an Internet
connection.

pg. 3
240280723022 AC&NS

The output returned from this scan shows the following:


1. The command line that was used to run the vuln scan. This is
followed by the default Nmap reporting header, as described
above.
2. The File Transfer Protocol (FTP) service is running on port 21
of the target machine. The specific service being used
is vsFTPd version 2.3.4, which is supposedly vulnerable
to CVE-2011-2523. Nmap even provides several references and a
Metasploit module you can use to exploit the vulnerability.
3. The Simple Mail Transfer Protocol (SMTP) service is running on
port 25. This service is vulnerable to CVE-2014-3566. Again,
Nmap provided references to this vulnerability.

Using Vulners

The vulners vulnerability scan is able to use the online


database vulners.com to scan a target for the latest
vulnerabilities. To perform this scan, use the following syntax:
nmap -sV --script vulners <target>

pg. 4
240280723022 AC&NS

The output returned from this scan shows the following:


1. The command line that was used to run the vulners scan.
2. The Secure Shell (SSH) service is running on port 22 of the
target machine. The specific service being used is OpenSSH
version 4.7p1 Debian 8ubuntu1, which is supposedly vulnerable
to several CVEs. The vulners script provides a reference to
each CVE or other vulnerability ID.
3. The *EXPLOIT* flag next to a vulnerability ID indicates that
this vulnerability is exploitable, and you should be able to
manually exploit it or find the exploit code online. You want
to explore these vulnerabilities further, as they may lead to
a successful exploit.
4. The Domain Name Service (DNS) service is running on port 53.
The specific service version running is ISC BIND 9.4.2, which
is supposedly vulnerable to a range of vulnerabilities. Again,
the vulners script provides a reference for each one and if
the vulnerability is exploitable with the *EXPLOIT* flag.

When to Use Vulners


Nmap’s vulners scan is perfect for scanning for the latest
vulnerabilities on a modern system. Its speed and accuracy make it
the go-to option for most of your vulnerability scanning needs.

Conclusion:
Nmap has evolved beyond a simple network scanning tool. With the
addition of the powerful Nmap Scripting Engine (NSE), it has become
a versatile and comprehensive command-line application for
vulnerability scanning and network security assessments. This
flexibility makes Nmap an indispensable tool for cybersecurity
professionals and enthusiasts alike.

pg. 5

You might also like