Course Name: Securing Windows and Linux Lab Course code: CSB-472

Experiment 2.3
Aim: Write an experiment to perform penetration testing in Linux.

Software Used: Metasploit (instead of NeWT vulnerability scanner as it is paid)

Description:
Vulnerability scanning is the process of assessing and identifying security vulnerabilities in a system, network,
or application. It involves using software tools to scan and analyse the target for any security weaknesses that
can be exploited by attackers. The purpose of vulnerability scanning is to identify and fix security flaws before
attackers can exploit them.
The benefits of vulnerability scanning include:

1. Early detection of security vulnerabilities

2. Reduction of the risk of a successful cyberattack
3. Improved security posture
4. Compliance with industry regulations
5. Cost-effectiveness by reducing the potential for data breaches and their associated costs

There are different types of vulnerability scanning, including:

1. Network Scanning: scans the network infrastructure, including routers, switches, and firewalls, for
vulnerabilities.
2. Web Application Scanning: scans web applications for vulnerabilities such as SQL injection, cross- site
scripting (XSS), and cross-site request forgery (CSRF).
3. Database Scanning: scans databases for vulnerabilities that can be exploited by attackers.
4. Wireless Scanning: scans wireless networks for vulnerabilities such as weak passwords, rogue access
points, and unsecured network protocols.

Name: Shubham Bharti UID: 19BCS2848

 Course Name: Securing Windows and Linux Lab Course code: CSB-472

Some examples of vulnerability scanners include:

1. Nessus: a widely used network vulnerability scanner that can identify vulnerabilities in servers,
applications, and network devices.
2. Acunetix: a web application vulnerability scanner that can detect vulnerabilities such as SQL injection,
XSS, and CSRF.
3. OpenVAS: an open-source vulnerability scanner that can scan networks, web applications, and
databases for vulnerabilities.
4. Qualys: a cloud-based vulnerability management platform that can scan for vulnerabilities in networks,
web applications, and databases.
5. Nmap: a network exploration and security auditing tool that can be used for vulnerability scanning as
well.

Output:

Name: Shubham Bharti UID: 19BCS2848

 Course Name: Securing Windows and Linux Lab Course code: CSB-472

Name: Shubham Bharti UID: 19BCS2848

 Course Name: Securing Windows and Linux Lab Course code: CSB-472

Name: Shubham Bharti UID: 19BCS2848

 Course Name: Securing Windows and Linux Lab Course code: CSB-472

Name: Shubham Bharti UID: 19BCS2848