[project]Perform Vulnerability Assessment using Nessus, Nikto

Vulnerability Analysis Using Nessus

overview

First, I create a new policy and set up some policies such as host discovery, port scanning, and service delivery.

The target host is Windows Server 2012 (10.10.10.12)

After the scan, this summary was output as a result.

-The number of vulnerabilities:76

-Name of vulnerability: Windows SMB1 multiple vulnerabilities

-Severity: Critical

-Remediation: update version to KB4019216

The result can be exported to PDF.

CGI Scanning with Nikto

overview

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version-specific problems on over 270 servers. It also checks for server configuration items such as multiple index files, HTTP server options and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. Nikto is not a stealthy tool; it scans a web server in the shortest time but will get logged in an IDS/IPS.

In this case, I used -Tuning option, which has a deep and comprehensive scan for a webserver.

The result shows IP address, hostname, port number, and architecture information such as Server Version.

This helps to identify vulnerabilities from a command line.