Week 4: Vulnerability Assessment

Path: Ethical Hacking | Module: 4 of 8

Finding the Weakness

Now that you know the services (e.g., "Apache 2.2.8"), you check if they are vulnerable. This can be automated or manual.

1. Vulnerability Scanners

Automated tools that check a database of known flaws against your target.

  • Nessus: The industry standard (Closed source, free version available).
  • OpenVAS: Open source alternative.

2. CVE and CVSS

  • CVE (Common Vulnerabilities and Exposures): The ID number for a specific bug (e.g., CVE-2017-0144).
  • CVSS (Common Vulnerability Scoring System): A score from 0.0 to 10.0 indicating severity.
    • 9.0 - 10.0: Critical (Drop everything and fix).
    • 7.0 - 8.9: High.

🔬 Lab Exercise: Nessus Scan

Objective: Automate the finding process.

  1. Install Nessus Essentials on your VM.
  2. Point it at your Metasploitable VM.
  3. Run a "Basic Network Scan".
  4. Read the report. It should light up like a Christmas tree. Look for "Bind Shell Backdoor".
← Previous Week Next: Exploitation Basics →