BOOK THIS SPACE FOR AD
ARTICLE ADHere I will learn how to set up and use Nessus, a popular vulnerability scanner.
Task 2 :Installation:
If you feel a problem in this paragraph you can read my article on the installation of Nessus in Linux.
Task 3: Navigation and Scans:
What is the name of the button which is used to launch a scan?
Answer: New Scan
Note:
What side menu option allows us to create custom templates?
Answer: Policies
Note:
Click on the Create new policies
What menu allows us to change plugin properties such as hiding them or changing their severity?
Answer: plugin rules
Note:
Now click on the “Create a new plugin rule” and create a new plugin.
In the ‘Scan Templates’ section after clicking on ‘New Scan’, what scan allows us to see simply what hosts are alive?
Answer: Host Discovery
Note:
One of the most useful scan types, which is considered to be ‘suitable for any host’?
Answer: Basic Network Scan
Note:
What scan allows you to ‘Authenticate to hosts and enumerate missing updates’?
Answer: Credential Patch Audit
The Scan TemplateCredentialed Patch AuditWhat scan is specifically used for scanning Web Applications?
Answer: Web Application Tests
Note:
The Scan TemplateThe Web Applications testsTask 4: Scanning!:
Create a new ‘Basic Network Scan’ targeting the deployed VM. What option can we set under ‘BASIC’ (on the left) to set a time for this scan to run? This can be very useful when network congestion is an issue.
Answer: Schedule
Note:
But remember if you are using free Nessus then off the Schedule before scanning otherwise no scan will happen
Under ‘DISCOVERY’ (on the left) set the ‘Scan Type’ to cover ports 1–65535. What is this type called?
Answer: Port Scan (all ports)
Note:
What ‘Scan Type’ can we change to under ‘ADVANCED’ for a lower bandwidth connection?
Answer: Scan low bandwidth links
Note:
Now press the Launch button. After that, it will show in the dashboard.
After the scan completes, which ‘Vulnerability’ in the ‘Port scanners’ family can we view the details of to see the open ports on this host?
Answer: Nessus SYN scanner
Note:
After the scan, finish click on the “dvwa” and enter there.
After entering the program.
Click on the blue line and see the list of the vulnerabilities.
What Apache HTTP Server Version is reported by Nessus?
Answer: 2.4.99
Note:
The version is 2.4.25. but the answer is not acceptable. The acceptable answer is 2.4.99. But I do not know why.
Task 5: Scanning a Web Application!:
What is the plugin id of the plugin that determines the HTTP server type and version?
Answer: 10107
Note:
Select the “New Scan” button from the dashboard.
Select the “Web Application Tests” option.
Inside the template.
Set up everything as the previous process done in Basic Network Scan.
The vulnerabilities list:
Click on the yellow marked column below.
Inside the yellow mark select the “HTTP Server Type and Version” option:
The plugin ID:
What authentication page is discovered by the scanner that transmits credentials in cleartext?
Answer: login.php
Note:
Select the option “HyperText Transfer Protocol (HTTP) Redirect Information”:
What is the file extension of the config backup?
Answer: .bak
Note:
Visit the “Backup Files Disclosure” option.
Inside the option.
Which directory contains example documents? (This will be in a php directory)
Answer: /external/phpids/0.6/docs/examples
Note:
Visit the yellow marked option below:
Visit the “HTTP Methods Allowed (per directory)” :
The example file path.
What vulnerability is this application susceptible to that is associated with X-Frame-Options?
Answer: Clickjacking
Note:
So, Happy learning happy journey.
To get more interesting and detailed articles follow my blog