Vulnerability scanning



Description

This is an automated process that uses software tools to scan the system or network for known vulnerabilities.


Examples/Methods/Results

Zed attack Proxy

The application will do many attacks on the target and scan for the vulnerabilities. It will provide the attacks it did, the severity of the vulnerability found, solutions and much more. Directory browsing is also done here and can be made better with configuring the lists for brute forcing. Record all the data that can be verified from this application. Other applications such as Nessus may also have a web penetration testing automated tool. To run the automated scan, select the Automated scan button.

No image found

Write down the target URL then click on attack

No image found

It will map out the target and give a list of found vulnerabilities. The details will be clear on the right.

No image found

The automated scan performs the following tasks and they can be increased in strength in the setting but would make the application slower.

No image found

Nikto

Nikto will also perfom vulnerability scans and attacks and will map the target. For starters test 'nikto -h URL' in the terminal as shown below

No image found

It will give the tester all the information it has acquired such as outdated or unsecure versions of anything on the host.

No image found

Text generative AI Tools (ChatGPT/Bard)

Paste code or HTML into the chatbot and ask if its vulnerable. It will inform you what is vulnerable and you may ask it how to fix it.

No image found

Nmap

Note down the open ports for testing (if in scope). Thenstart by checking open ports then specifically target the open ports for more information, by adding like -A in the command. It will give you more information on the ports that are open such as the services, maybe operating system etc. You may search the services online on if they are outdated and if they can be hacked. EXTRA HINT: Can search services on Metasploit.

No image found

Next check Cipher grades record all the results for documentation. Not easy to hack these.

No image found

Further Readings

Owasp Zap Tutorial
Nikto Tutorial