Network vulnerability assessment

Introduction

In this blog post, we will learn about vulnerability assessment, how to perform, and tools to perform a vulnerability assessment.

What is Vulnerability Assessment ?

Vulnerability Assessment is the process, that we used to sort the vulnerability list present in the target system. We exploit the target system using found vulnerabilities and loopholes in the target system.

How to do Vulnerability Assessment?

We can do a vulnerability assessment in two ways:

Manualy: Using our previous finding in target system.

Automated: Using Vulnerability Assessment tool.

We have discussed sensitive findings of target network using manual approaches, in this blog we will discuss automated network assessment tools and how to use them.

Nmap vulnerability scanning

As we have discussed Nmap is a powerful tool, we can also use it to scan vulnerabilities in the target system.

# nmap --script vulners -sV <TargetIP>

Or you can also specify particular ports to scan for vulnerabilities.

# nmap --script vulners -sV -p 21-443 <TargetIP>

If you want to run all vulnerability scan in Nmap script

# nmap --script vuln <TargetIP>

It will run all scripts against target and give valuable results…

Vulnerability Assessment Through Metaspoit

Metasploit-framework is a powerful tool, we can use it also to perform vulnerability assessment against the target.

Using openvas in metasploit

openvas comes preconfigured in Parrot-OS, we can use it directly or integrate it with the Metasploit framework.

Set openvas credentials

# openvasmd -- -user=admin -- -new-password=password

Run msfconsole

# msfconsole

To run msfconsole, you need load it first

msf5 > load openvas
[*] Welcome to OpenVAS integration by kost and averagesecurityguy.
[*] 
[*] OpenVAS integration requires a database connection. Once the 
[*] database is ready, connect to the OpenVAS server using openvas_connect.
[*] For additional commands use openvas_help.
[*] 
[*] Successfully loaded plugin: OpenVAS 

List commands

msf5 > openvas_help

Connect openvas

msf5 > openvas_connect <openvas username> <openvas password> <host port> <ssl-confirm>
msf5 >  openvas_connect admin password localhost 9900 ok

register target to scan

msf5 > openvas_target_create “Dushman” 192.168.0.1 “Myscan”

Now check openvas config list

msf5 > openvas_config_list

check target list

msf5 > openvas_target_list

And create a task

openvas_task_create <scanname> <comment> <scanconfig ID> <targetID>
msf5 > openvas_task_create Dushman Myscan  3 1

And start task

openvas_task_start <taskID>
msf5 > openvas_task_start 0

to check task list and status

msf5 > open_vas_list

After completing the scan collect report

msf5 > openvas_report_list 

You can collect report in many file formats

msf5 > openvas_format_list

To collect the report below is the syntax

openvas_report_download <report id> <format id> <path for saving report> <report name>

Lets collect report in html.

msf5 > openvas_report_download 1 2 ~/Desktop dushman

It’s done check it on your desktop

Using Nessus in Metasploit

Download nessus free trial software for linux to see its working click here

And follow its configuration setup from here

Run msfconsole in your terminal

# msfconsole
msf5 > load Nessus
[*] Nessus Bridge for Metasploit
[*] Type nessus_help for a command listing
[*] Successfully loaded plugin: Nessus
msf5 > nessus_help

Now connect it with the localhost to start the scan.

nessus_connect <Your Username>:<Your Password>@localhost:8834 <ok>

To list nessus policies

msf5 > nessus_policy_list

It will show you

ID  Name                    Comments
--  ----                    ---------
2   Internal Network Scan
3   External Network Scan

Now scan target network

msf5 > nessus_scan_new <policy ID> <scan name> <Target IP>
msf5 > nessus_scan_new 2 Myscan 10.10.10.189

To check the scan status

msf5 > nessus_scan_status

It will automatically create a scan report, to check

msf5 > nessus_report_list

And collect your report

msf5 > nessus_report_get <report id>

You can also use Nessus directly I just additionally show you how to integrate Nessus with Metasploit.

Conclusion

We have learned network VA from this blog post, use Nessus GUI also on your localhost, follow above links.