Scribd Logo
Upload

Welcome to Scribd!

  • Day 27 - Vulnerability Analysis

    Uploaded by

    Binayak Prasad Gupta
    7 views17 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views17 pages

    Day 27 - Vulnerability Analysis

    Uploaded by

    Binayak Prasad Gupta

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 17

    copyright© Binayak Prasad Gupta.

    Demo 1: Nessus.

    Installing Nessus:

    ● Please access your virtual machine running Windows Server 2019 by opening its windows.

    ● Log in to the machine using the password "Pa$$w0rd."

    ● Next, launch the web browser and look for the specified link: https://www.tenable.com/downloads/nessus?
    loginAttempted=true
    ● Afterward, the subsequent web page will display similar content as shown in the screenshot.

    copyright© Binayak Prasad Gupta.


    ● Proceed by selecting "Download" to initiate the download of Nessus.

    ● Subsequently, a pop-up window will emerge, mirroring the appearance depicted in the screenshot. Click on "I
    Agree" to proceed.

    ● Th Subsequently, you'll notice that the download has commenced.

    copyright© Binayak Prasad Gupta.


    ● Next, access the folder location where you saved the downloaded file.

    ● Please proceed by initiating the setup by double-clicking on the "Nessus-10.6.3-x64" file.

    ● Next, a window will appear, resembling the one depicted in the screenshot. Proceed by selecting "Next" to
    continue.

    copyright© Binayak Prasad Gupta.


    ● Upon the appearance of the second window, select the option "I accept the terms stated in the license
    agreement," followed by clicking on "Next".

    ● Then when the next window appears click on “Next” to continue.

    ● Proceed by selecting "Install" to initiate the installation process.

    ● Subsequently, upon completion of the installation, click on "Finish" to proceed.

    copyright© Binayak Prasad Gupta.


    How to use Nessus:

    ● Upon the installation completion, a webpage will open as depicted in the provided screenshot.

    ● Select the option "Connect via SSL."

    ● Next, a page will appear where you should click on "Advanced."

    ● Subsequently, select "Acknowledge the Risk and Proceed" or "Accept the Risk and Continue."

    copyright© Binayak Prasad Gupta.


    ● The subsequent window, as illustrated in the screenshot, will appear. Proceed by selecting "Continue."

    ● Choose "Start a trial of Nessus Professional" and then click on "Continue."

    ● Please utilize a corporate email address (e.g., an email ending with @google.com or @yahoo.com is not
    permissible).
    ● Afterward, proceed by selecting "Continue."

    copyright© Binayak Prasad Gupta.


    ● Subsequently, input the necessary account information and then select "Start Trial."

    ● At this point, the trial license information will be displayed. Proceed by selecting "Continue."

    copyright© Binayak Prasad Gupta.


    ● Next, configure the username and password within the "User Accounts" section, then proceed by clicking on
    "Submit."

    ● Following that, you'll observe Nessus downloading plugins.

    copyright© Binayak Prasad Gupta.


    ● Upon completion, a page resembling the screenshot provided will open.

    ● Next, select "Create a new Scan" as displayed in the screenshot.

    ● Upon clicking, you will be directed to the subsequent page where you should select "Advanced Scan".

    copyright© Binayak Prasad Gupta.


    ● Upon selecting that option, the subsequent window, as indicated in the screenshot, will appear.

    ● Now in name add “Bee-Box”.

    ● And in targets add the IP address of the Bee-Box i.e 192.168.1.10

    ● Next, select the arrow adjacent to the "Save" button, as illustrated in the screenshot.

    copyright© Binayak Prasad Gupta.


    ● Subsequently, the option "Launch" will appear, proceed by selecting "Launch."

    ● Following that, you'll observe the scanning process commencing, akin to the presentation in the screenshot.

    ● Once the scanning process is finished, select the highlighted section as depicted in the screenshot.

    ● Subsequently, the displayed information will become visible.

    copyright© Binayak Prasad Gupta.


    copyright© Binayak Prasad Gupta.
    ● To export the information into a file, it is necessary to select the "Report" icon.

    ● Next, a window similar to the one depicted in the screenshot will appear.

    copyright© Binayak Prasad Gupta.


    ● Proceed by selecting "Generate Report."

    ● Subsequently, the resulting PDF file will be saved in the Downloads folder.

    ● Please open and view the contents of the PDF file by double-clicking on it.

    Demo 5: Nikto Scanner


    Problem Statement:
    Find the vulnerabilites on target website/ host using Nikto scanner.
    Solution:
    1. Open Kali Linux, go to Applications and then select Terminal

    copyright© Binayak Prasad Gupta.


    2. Enter the command nikto to open tool.

    3. To scan the target website to find the vulnerabilities by using below commands and get the results shown
    below: “nikto –h 192.168.0.116 –p 80”

    copyright© Binayak Prasad Gupta.


    copyright© Binayak Prasad Gupta.

    You might also like