Vulnerability Analysis by : Wail Belhouchet Dr Djouad Tarek 1

plan introduction Advanced vulnerability scanning with openvas Basic vulnerability scanning with Nessus Basic vulnerability scanning with Nexpose Basic vulnerability scanning with openvas Advanced vulnerability scanning with Nexpose Advanced vulnerability scanning with Nessus conclusion 2

Once access to a network has been gained and the systems within that network have been identified, the next step is establishing a foothold and persistent access. There are several tools that are available to help identify and exploit systemic vulnerabilities, but we will be focusing only on three of them in this chapter(OpenVAS, Nessus, Nexpose ) introduction 3

Basic vulnerability scanning with OpenVAS 4

Basic vulnerability scanning with openvas 5 OpenVAS successfully installed and configured Access to the Kali system confirm the IP address of lab network

Basic vulnerability scanning with openvas 6

Basic vulnerability scanning with openvas 7 Scans | Tasks | Task Wizard

Basic vulnerability scanning with openvas 8

9

10

Basic vulnerability scanning with openvas 11

Advanced vulnerability scanning with OpenVAS 12

advanced vulnerability scanning with openvas 13 Navigate to Configuration | Credentials

advanced vulnerability scanning with openvas 14 Navigate to Configuration | Targets

advanced vulnerability scanning with openvas 15 Navigate to Configuration | Scan Configs

advanced vulnerability scanning with openvas 16 The Fast and Full Scan is the configuration we used for our scan We put these three components – target, credentials, and a scan configuration together to create a task From this point deep vulnerability scan will be run

advanced vulnerability scanning with openvas 17 Navigate to Scans | Tasks, and click on the New Task icon From this point deep vulnerability scan will be run

Basic vulnerability scanning with Nessus 18

Basic vulnerability scanning with Nessus 19 Kali Linux is running and you are logged in as root Start the Metasploitable virtual machine Nessus is started

Basic vulnerability scanning with Nessus 20

Basic vulnerability scanning with Nessus 21

Basic vulnerability scanning with Nessus 22

Basic vulnerability scanning with Nessus 23

Basic vulnerability scanning with Nessus 24

Basic vulnerability scanning with Nessus 25

Basic vulnerability scanning with Nessus 26

Basic vulnerability scanning with Nessus 27

Advanced vulnerability scanning with Nessus 28

Advanced vulnerability scanning with Nessus 29

Advanced vulnerability scanning with Nessus 30

Advanced vulnerability scanning with Nessus 31

Advanced vulnerability scanning with Nessus 32

Advanced vulnerability scanning with Nessus 33

Advanced vulnerability scanning with Nessus 34

Basic vulnerability scanning with Nexpose 35

36 Basic vulnerability scanning with Nexpose Kali Linux is running use the NAT network on all VMs Start Metasploitable and Windows XP machine with the NAT network

37 Basic vulnerability scanning with Nexpose

38 Basic vulnerability scanning with Nexpose

39 Basic vulnerability scanning with Nexpose

40 Basic vulnerability scanning with Nexpose

41 Basic vulnerability scanning with Nexpose

42 Basic vulnerability scanning with Nexpose

43 Basic vulnerability scanning with Nexpose

Advanced vulnerability scanning with Nexpose 44

Advanced vulnerability scanning with Nexpose 45

Advanced vulnerability scanning with Nexpose 46

Advanced vulnerability scanning with Nexpose 47

Advanced vulnerability scanning with Nexpose 48

Advanced vulnerability scanning with Nexpose 49

conclusion  In this chapitre analys ulenarability we se the technique of scaninc to find vulinablitys in the machin targert (victime),we used diffrents tools (openvas,nessus,nexpose) 50

T 51