Scribd
Upload
64 views30 pages

Vulnerability Analysis - Hol

This document provides an overview of steps for conducting a vulnerability analysis using Nmap, Nessus, and GFI LanGuard. It outlines running Nmap to scan for open ports and vulnerabilities, exploring Nmap scripts for various purposes like authentication, malware detection, and exploits, and using searchsploit to find details on vulnerabilities identified by port scans. It also covers downloading, installing, and running Nessus to perform vulnerability scans.

Uploaded by

muh julyawan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
64 views30 pages

Vulnerability Analysis - Hol

This document provides an overview of steps for conducting a vulnerability analysis using Nmap, Nessus, and GFI LanGuard. It outlines running Nmap to scan for open ports and vulnerabilities, exploring Nmap scripts for various purposes like authentication, malware detection, and exploits, and using searchsploit to find details on vulnerabilities identified by port scans. It also covers downloading, installing, and running Nessus to perform vulnerability scans.

Uploaded by

muh julyawan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 30

Vulnerability Analysis

Hands On Lab
1. Nmap
2. Nessus
3. GFI LanGuard

Module Flow
Resource
NMAP
 Jalankan Metasploit menggunakan Virtualbox
 Setting Vmbox
 Unzip File
 Type Os : Linux
 Version : Other Linux (64-bit)
 Ram : 512 Mb (recommended)
 Hard disk Use an Existing Virtual Hard disk file (VMDK) –
Metasploit  Pilih Hard disk dari folder yang diextract (*.vmdk)
 Network Setting Attached
 Pilih Bridge Adapter
 start
 Cek IP Address dari Metasploit (ifconfig)
 Catat IP Address Metasploit

msfadmin:msfadmin
 Jalankan VmBox Kali Linux
 Lokasi File : usr/share/nmap/scripts
 Gunakan command ls untuk melihat daftar script yang dimiliki oleh nmap

Nmap - Script

Official Reference : https://nmap.org/book/nse-usage.html


Auth
These scripts deal with authentication credentials (or bypassing them) on the target
system. Examples include x11-access, ftp-anon, and oracle-enum-users. Scripts
which use brute force attacks to determine credentials are placed in the brute
category instead.

::recommended Kembali ke Folder Desktop

Nmap
auth

Analisis File auth.txt


Auth Analysis
Testing
Credential
malware
These scripts test whether the target platform is infected by
malware or backdoors. Examples include smtp-strangeport, which
watches for SMTP servers running on unusual port numbers, and
auth-spoof, which detects identd spoofing daemons which provide a
fake answer before even receiving a query. Both of these behaviors
are commonly associated with malware infections.

Nmap
malware
Nmap
Banner
Exploit
These scripts aim to actively exploit some vulnerability. Examples
include jdwp-exec and http-shellshock.

Nmap
exploit
 Info scipt :: sudo nmap –script-help firewall-bypass.nse

Nmap
(particular script)

firewall-bypass.nse
Nmap
(particular script)

ftp-anon.nse
1. Find Vulnerability by Open Port
2. Searchploit
What Next?
Find
Vulnerability
by Open Port
Find
Vulnerability
by Open Port
Find
Vulnerability
by Open Port
Find
Vulnerability
by Open Port
searchploit
searchsploit
searchsploit
Nessus
Download
https://www.tenable.com/downloads/nessus?loginAttempted=true

Nessus
Installation
Nessus
Installation
Nessus
Installation
Nessus Scan
Nessus Scan
Nessus Scan
Running
Nessus Scan

You might also like