Certificate

Candidate’s Declaration
We hereby declare that the work presented in this report entitled “In-depth Vulnerability
Scanning with Metasploitable2” in partial fulfillment of the requirements for the
certification of the short term internship of IIDT BLACKBUCKS in CyberSecurity
submitted on 28-07-2024 , which was carried out over a period of June 2024 to July 2024
Which was taught by MOHAMMAD IRFAN ALI .
The matter embodied in the report has not been submitted for the award of any other
degree or diploma.

(Student Signature)

This is to certify that the above statement made by the candidates is true to the best of my
knowledge.

1
 Acknowledgement

We wish to express our deep appreciation to Dr. Mohammad Irfan Ali training professor at
the IIDT black bucks Short-term internship, for providing his uncanny guidance, invaluable
support and encouragement throughout the Project work, without which the work would have
been an exercise in vainness.
We would like to thank all our teaching professors , who have given us moral support and
their relentless advice throughout the completion of this work.
Finally, we would like to thank god for not letting us down at the time of crisis and showing
us the silver lining in the dark clouds.

2
 LIST OF FIGURES

S.NO TITLE

1. Nmap Command

2. Nmap output

3. Open ports and services

4. Nikto Tool

5. Nikto how to use

6. Nikto output

7. Metasploit Exploitation

3
 Table of Contents

CERTIFICATE ........................................................................................................ii

ACKNOWLEDGEMENT …...................................................................................iii

LIST OF FIGURES ............................................................................................... iv

ABSTRACT………………………...……………………………………………………….vii

1)INTRODUCTION……………………………….7
1.1) General Introduction …………..……………..…………………..…………………7
1.2)Problem Definition ……………………..……………………….…………...………8
1.3)Objective……………..…………………………….……….….…….………………8
1. 4)Methodology……………..…………………………….……….….…..…………….9
2)LITEATURE SURVEY……………………………………………. 10
2.1) Passive Reconnaissance………………………………………..…………..…....10
2.1.1) Types of passive reconnaissance……………………………………..………..11
2.1.2) Scope and ROE…………………….…………………………………………..13
2.1.3) Tools………………………………………………………………………….. 14
2.2) Active Reconnaissance…………………………………..…………………….. 14
2.3)Nmap………………………………………………15
2.3.1)Nmap Features……………………………….……………………………...…15
2.3.2)Typical uses of Nmap………………………………………………………….15
2.3.3)Nmap output formats…………………………………….……………….........16
2. 4)Metasploit……………………………………………………16
2.4.1)Metasploit-Framework………………………...………….……………….......17

4
 2.4.2)Exploits………………………………………….…………………..…..…......17
2.4.3)Payloads…………………………………………….………….………............17
3.) ATTACK NARRATIVE…………………………………….18
3.1)Open ports and Services……………………………………………………..18

3.2) NIKTO TOOL

3.2.1) Description………………………………………………………………………………………20

3.2.2)How to Use………………………………………………………………………………………20

3.3)Exploiting through msfconsole………………………………………… 21

3.3.1)Description…………………………………………………………22
3.3.2)Exploitation…………………………………………………………22
4)CONCLUSION…………………………………………………..…………................25
5) REFERENCES……………………………………………………….….................... 26

5
 ABSTRACT

In today's interconnected digital world, safeguarding computer networks against security

breaches is of utmost importance. This project aims to bolster network security through
comprehensive vulnerability scanning using Metasploit, a robust penetration testing
framework known for its extensive assessment capabilities. Unlike traditional vulnerability
scanners that may miss intricate vulnerabilities or offer limited remediation guidance, this
project capitalizes on Metasploit's dynamic scanning modules and exploit tools to conduct
thorough vulnerability assessments. The project commences with an introductory overview
underscoring the critical role of robust vulnerability management in protecting organizational
assets from evolving cyber threats. It addresses the core problem: the inadequacies of
conventional scanning tools in identifying and mitigating complex vulnerabilities, prompting
the need for a more sophisticated approach. The project's scope and objectives are detailed in
an overview, emphasizing Metasploit as the cornerstone tool for vulnerability scanning and
penetration testing. Key components include the versatile Metasploit Framework, pivotal for
scanning, exploiting vulnerabilities, and conducting post-exploitation analysis. Supplementary
tools for network reconnaissance, vulnerability identification, and comprehensive reporting
complement the project's holistic approach. A critique of existing systems highlights their
reliance on static vulnerability databases and signature-based scanning, often resulting in false
negatives and insufficient coverage of emerging threats. In response, the proposed architecture
integrates Metasploit's real-time scanning capabilities, adaptive exploit modules, and detailed
reporting features to overcome these shortcomings. The architecture design delineates the
project's workflow, starting with network discovery and reconnaissance phases, followed by
automated vulnerability scanning using Metasploit's advanced modules. Simulated
exploitation of identified vulnerabilities validates potential risks and assesses their impact,
ensuring a thorough evaluation. Post-exploitation analysis provides deeper insights into
system vulnerabilities, facilitating effective mitigation strategies. In conclusion, the project

6
aims to deliver comprehensive vulnerability assessment reports detailing identified risks, their
severity levels, and actionable mitigation recommendations. By harnessing Metasploit's
advanced functionalities, organizations can proactively mitigate security risks, prioritize
remedial actions, and fortify their overall cybersecurity posture. This project endeavors to
showcase the efficacy of Metasploit in conducting in-depth vulnerability scanning and
underscores its significance in modern cybersecurity practices. Through practical
implementation and thorough analysis, it aims to offer valuable insights into enhancing
network resilience and fortifying defenses against cyber threats in today's ever-evolving threat
landscape.

1) INTRODUCTION

1.1) General Introduction

In the ever-evolving landscape of cybersecurity, ensuring the security of systems and networks is
paramount. Vulnerability scanning and penetration testing are critical practices in identifying and
addressing potential weaknesses before they can be exploited by malicious actors. One of the most
widely used tools for this purpose is Metasploit, a powerful and versatile framework that provides
comprehensive capabilities for security assessments.

Vulnerability Scanning involves systematically examining a system or network to identify security

vulnerabilities. These vulnerabilities can range from outdated software versions to misconfigured
settings that could potentially be exploited by attackers. By identifying these issues, organizations can
take proactive measures to secure their systems and mitigate risks.

Penetration Testing (Pen Testing) goes a step further by simulating real-world attacks on a system.
This process involves using a variety of tools and techniques to exploit identified vulnerabilities, with
the goal of understanding how an attacker could gain unauthorized access, escalate privileges, or
exfiltrate sensitive data. Penetration testing provides a more in-depth understanding of an organization's
security posture and helps in validating the effectiveness of existing security measures.

7
Metasploit is a widely adopted open-source platform that facilitates both vulnerability scanning and
penetration testing. It offers a rich set of tools and modules, including exploits, payloads, and
auxiliaries, that enable security professionals to conduct thorough assessments. Metasploit's extensive
database of known vulnerabilities and exploits, along with its user-friendly interface, makes it an
essential tool for both beginners and experienced cybersecurity practitioners.

In this project, we delve into the use of Metasploit for in-depth vulnerability scanning . We explore the
process of identifying vulnerabilities in target systems, leveraging Metasploit's capabilities to exploit
these weaknesses, and providing actionable insights to enhance security measures.

1.1) Problem Definition

Computer applications are becoming more complex day by day and the risks associated with
them are also increasing. Developers and administrators cannot fully ensure the safety of the
system . Hence we need to attack the system from the perspective of an attacker. There are
many automated scanners like nessus but they also does not ensure full safety of the system.
These Automated scanners that searches for vulnerabilities are good enough to identify well
known vulnerabilities but they fails to identify security misconfigurations.
Also automated scans does not ensures the safety of the system and in some cases, these can
perform Denial of Service on the system. Further they can leave backdoors in system after
checking and exploiting system.
So, we need to manually verify the security misconfigurations that these scanners fails to
identify. Further we need to ensure that no damage is made while performing Vulnerability
scanning on the system.

1.2) Objective

8
The objective of this project is to identify security vulnerabilities on the system and to what
extent they can be exploited and what are the risks associated with these .Besides these we
have the following objectives:

• Perform broad scans to identify potential areas of exposure and services that may act
as an entry point.
• Perform targeted scans and manual investigations to validate vulnerabilities.
• Identify issues of immediate consequence.
• Considerate safety of system at every point of the attack.
•
1.3) Methodology

In-depth vulnerability scanning with Metasploit involves a systematic approach to identifying,

analyzing, and exploiting security vulnerabilities in target systems. The methodology typically follows
several key phases, each designed to comprehensively assess the security posture of the systems under
examination. Below are the primary phases involved in this process:

1. Reconnaissance and Information Gathering

The first phase involves gathering as much information as possible about the target system or network.
This phase is crucial for understanding the environment and identifying potential entry points. Key
activities include:

 Network Scanning: Identifying active hosts, open ports, and services running on the network.

 Service Enumeration: Gathering detailed information about the services and software versions
running on the target, including operating system details.

 Passive Information Gathering: Using publicly available information, such as social media,
company websites, and public databases, to gain insights into the target's infrastructure and
potential vulnerabilities.

2. Vulnerability Identification

In this phase, the information gathered during reconnaissance is used to identify potential
vulnerabilities in the target systems. This involves:

9
  Automated Scanning: Using Metasploit's built-in vulnerability scanners, such as
auxiliary/scanner modules, to identify known vulnerabilities based on software versions and
configurations.

 Manual Analysis: Analyzing the output of scans and enumerations to identify

misconfigurations, weak passwords, and outdated software that might not be captured by
automated tools.

3. Exploitation

Once potential vulnerabilities are identified, the next phase is exploitation. This involves using
Metasploit's extensive library of exploits to test whether the vulnerabilities can be successfully
exploited. Key steps include:

 Selecting and Configuring Exploits: Choosing the appropriate exploit module in Metasploit,
setting the necessary options (such as target IP, payload type, etc.), and launching the exploit.

 Payload Delivery: Delivering payloads (such as reverse shells, meterpreter sessions, etc.) to
gain control of the target system or to demonstrate the impact of the vulnerability.

 Post-Exploitation Activities: Once access is gained, further actions can be taken to explore the
extent of the compromise, such as privilege escalation, data exfiltration, and lateral movement
within the network.

4. Post-Exploitation and Reporting

After successful exploitation, the focus shifts to documenting findings and providing actionable
recommendations. This phase includes:

 Data Collection: Gathering evidence of the vulnerabilities and the impact of exploitation,
including screenshots, logs, and session data.

 Analysis and Documentation: Analyzing the data collected to understand the root causes of the
vulnerabilities and the potential impact on the organization.

 Reporting: Creating a comprehensive report that details the vulnerabilities found, the methods
used to exploit them, the potential risks, and recommended remediation steps.

10
 2.LITERATURE SURVEY

2.1) Passive Reconnaissance

This is also known as Open Source Intelligence (OSINT) or simply Information Gathering,
the idea behind passive reconnaissance is to gather information about a target using only
publicly available resources.

Some references will assert that passive reconnaissance can involve browsing a target’s
website to view and download publicly available content whereas others will state that
passive reconnaissance does not involve sending any packets whatsoever to the target site.

2.1.1) Types of passive reconnaissance

Reconnaissance, often the first phase in penetration testing and ethical hacking,
involves gathering information about a target system, network, or organization to identify
potential vulnerabilities. This phase can be divided into two main types: Passive
Reconnaissance and Active Reconnaissance. Each type has specific methods and tools used to
collect information.

1. Passive Reconnaissance
Passive reconnaissance involves gathering information without directly interacting with the
target systems. This approach is non-intrusive and less likely to alert the target of the
information-gathering activity. Common methods include:

 Publicly Available Information: Searching for information on the target through

publicly accessible sources like company websites, social media, forums, and news
articles.

 Whois Lookup: Using tools like Whois databases to find domain registration details,
including the organization's contact information, domain owner, and administrative
contacts.

11
  DNS Queries: Querying the Domain Name System (DNS) to gather information about
the domain's infrastructure, such as IP addresses, mail servers, and subdomains.

 Google Dorking: Using advanced search operators in Google to find specific

information about a target, such as exposed directories, file types, or sensitive
information.

 Public Code Repositories: Reviewing publicly available code repositories, like

GitHub, for potentially sensitive information, such as API keys, credentials, or system
configurations.

2. Active Reconnaissance
Active reconnaissance involves direct interaction with the target systems to gather
information. This approach can potentially alert the target but provides more detailed
information. Common methods include:

 Port Scanning: Using tools like Nmap to scan the target system for open ports and
services, which can reveal the software versions and operating systems in use.

 Network Scanning: Identifying active hosts on a network and mapping the network
structure to understand the topology and identify key systems.

 Service Enumeration: Gathering detailed information about the services running on

the target, including version numbers, configurations, and potential vulnerabilities.

 Banner Grabbing: Capturing the banners displayed by services (like web servers,
FTP servers, etc.) to identify software versions and configurations.

 Traceroute: Using traceroute tools to map the route packets take to reach the target,
helping to identify intermediate devices and potential network security measures.

 Social Engineering: Direct interaction with employees or individuals related to the

target organization to gather information, often through phishing emails, phone calls,
or in-person interactions.

2.1.2) Scope and ROE

12
Scope
The scope of this project defines the boundaries and objectives of the in-depth vulnerability scanning
and penetration testing activities. It outlines what will be included in the testing and ensures that all
stakeholders understand the extent and limitations of the assessment.

1. Target Systems and Networks:

o Specific IP addresses, domains, or network ranges that are authorized for testing.
o The types of devices and systems included, such as web servers, databases, network
infrastructure, and applications.
o Exclusion of systems that are out-of-scope or not authorized for testing to avoid
unintentional damage or data exposure.
2. Types of Testing:
o Vulnerability Scanning: Automated and manual scanning to identify known
vulnerabilities and misconfigurations.
o Exploitation Testing: Using Metasploit to attempt exploitation of identified
vulnerabilities to demonstrate potential risks.
o Post-Exploitation Activities: Limited to data collection and analysis, without causing
disruption or data loss.
3. Objectives:
o Identify security weaknesses in the target systems and networks.
o Assess the potential impact of vulnerabilities on the organization's security posture.
o Provide recommendations for mitigating identified vulnerabilities.
4. Tools and Techniques:
o Use of Metasploit for vulnerability scanning, exploitation, and post-exploitation
activities.
o Other tools such as Nmap, Nikto, or custom scripts may be used for reconnaissance and
information gathering.
5. Data Sensitivity:
o Handling of sensitive data discovered during testing with strict confidentiality.
o Avoidance of any actions that could lead to unauthorized data access or leakage.

Rules of Engagement (ROE)

The Rules of Engagement (ROE) establish the guidelines and boundaries for conducting the penetration
testing activities. They ensure that the testing is carried out ethically, legally, and with minimal risk to
the organization.

1. Authorization:

13
 o Written permission from the organization to conduct testing on specified systems and
networks.
o Clear communication of the testing schedule, including start and end dates, to minimize
operational disruptions.
2. Communication:
o Establishing a point of contact within the organization for coordination and
communication during the testing.
o Regular updates to the designated contact, including immediate reporting of any critical
vulnerabilities or incidents.
3. Testing Limitations:
o Avoidance of Denial of Service (DoS) attacks or other techniques that could disrupt
services.
o Exclusion of sensitive areas or systems, such as those involving personal data, critical
infrastructure, or healthcare data, unless explicitly authorized.
o Avoiding testing outside the specified scope without prior approval.
4. Data Handling and Reporting:
o Secure handling and storage of any data obtained during the testing.
o Immediate notification to the organization of any accidental data breaches or significant
findings.
o Detailed reporting of all findings, including vulnerabilities identified, methods used,
potential impacts, and recommended mitigation steps.
5. Post-Testing Activities:
o Ensuring that all testing activities are ceased at the end of the engagement period.
o Deleting any access credentials, data, or tools used during the testing from the tester's
systems.
o Assisting the organization in verifying the remediation of identified vulnerabilities, if
requested.

2.1.3) Tools used in Passive Reconnaissance

 Whois: This tools provides the where the site is located, who owns h ip block. Also there
can be contacts listed.

• Nslookup: This tool provides the ip address of the target name address. This simply
works on DNS queries.

• The-harvester: A python based tool that can be used to extract mail address on a
domain by searching on Google and other social networking sites.

14
 • Recong-ng: A gui tool for organizing and viewing all passive information gathering.

 Shodan: This site can give information about open ports and services on an internet device.

2.2) Active reconnaissance

Active reconnaissance involves actual integration with the target to get information about it.
This type of information gathering is more accurate than the the passive one . The only
disadvantage is that it sometimes can damage the system and is easier to be detected by the
target machine.

2.3) Nmap
Nmap, short for "Network Mapper," is a popular open-source tool used for network
discovery and security auditing. Developed by Gordon Lyon (also known by his pseudonym
Fyodor), Nmap is widely used by network administrators, system administrators, and
cybersecurity professionals for various tasks

2.3.1)Nmap features:

• Host discovery – Identifying hosts on a network. For example, listing the hosts that
respond to TCP and/or ICMP requests or have a particular port open.
• Port scanning – Enumerating the open ports on target hosts [3].
• Version detection – Interrogating network services on remote devices to determine
application name and version number.
• OS detection – Determining the operating system and hardware characteristics of network
devices.
• Scriptable interaction with the target – using Nmap Scripting Engine (NSE) and Lua
programming language.

Nmap can provide further information on targets, including reverse DNS names, device
types, and MAC addresses.

15
2.3.2)Typical uses of Nmap:
 Network Inventory and Mapping: Identify live hosts and map network topology.
 Port Scanning: Discover open ports and running services.
 Operating System Detection: Determine the OS of target systems.
 Security Auditing: Test firewall/IDS effectiveness and find vulnerabilities.
 Performance Monitoring: Check service availability and response times.
 Compliance Auditing: Ensure network devices comply with security policies.
 Penetration Testing: Gather information for security assessments.
 Troubleshooting: Diagnose network issues and verify configurations.
 Research and Learning: Study network protocols and security techniques.

2.3.3) Nmap output format

• Interactive: This mode is interactive and it asks for users at times to enter various
options and it is updated in realtime.

• XML: This format can be further processed by XML tools.It can be converted to a
HTML report using XSLT.

• Normal: The output is seen when running Nmap from the command line,but saved to
a file.

• Script Kiddie: Meant to be an amusing way to format the interactive output replacing
letters with their visually alike number representations. For example, interesting ports
be becomes Int3restIng pOrtz.

2.4) Metasploit

The Metasploit Project is a computer security project that provides information about
security vulnerabilities and aids in penetration testing and IDS signature development.

16
 Its best-known sub-project is the open source Metasploit Framework, a tool for
developing and executing exploit code against a remote target machine. Other important
subprojects include the Opcode Database, shellcode archive and related research.

The Metasploit Project is well known for its anti-forensic and evasion tools, some of which
are built into the Metasploit Framework.

2.4.1)Metasploit Framework
The Metasploit Framework is a widely used open-source platform for developing, testing, and
executing exploits against target systems. It is a powerful tool in the field of cybersecurity,
particularly in penetration testing, vulnerability assessment, and research. Developed by
Rapid7, Metasploit provides a comprehensive suite of tools and resources to help security
professionals identify, validate, and exploit vulnerabilities.
Metasploit runs on Unix (including Linux and Mac OS X) and on Windows. The Metasploit
Framework can be extended to use add-ons in multiple languages.

To choose an exploit and payload, some information about the target system is
needed, such as operating system version and installed network services. This information
can be gleaned with port scanning and OS fingerprinting tools such as Nmap. Vulnerability
scanners such as Nexpose, Nessus, and OpenVAS can detect target system vulnerabilities.
Metasploit can import vulnerability scanner data and compare the identified vulnerabilities
to existing exploit modules for accurate exploitation.

2.4.2)Exploits

Metasploit currently has over 1613 exploits, organized in different categories like:

• Firefox is a collection of (mostly) remote code execution for this browser.

• Android and Apple's iOs are dedicated to mobile phone [5].
• Linux, Windows, BSD, Irix, Solaris, … are targeting specific operating systems
• Multi for exploits that aren't tied to a specific platform

17
2.4.3)Payloads

Metasploit currently has over 438 payloads. Some of them are:

• Command shell enables users to run collection scripts or run arbitrary commands against
the host.
• Meterpreter enables users to control the screen of a device using VNC and to browse,
upload and download files.
• Dynamic payloads enables users to evade anti-virus defenses by generating unique
payloads.

3) Attack Narrative
3.1.1)Open ports and services

The first step of this testing was scanning the ip with nmap to reveal open ports and services
along with their versions that can be used as entry points to the server. Further the operating
system was enumerated so that the target system can be identified for exploits . The
following query was performed to discover the open ports and services :

18
1
Nmap command

Ports and services along with their versions :

19
2
Nmap output

The above 30 ports are found to be open on the metasploitable2 server .The next step is to

enumerate each service and test for the security vulnerabilities.

3.2) NIKTO TOOL

20
 3.2.1) Description:
Nikto is an open-source web server scanner designed to perform comprehensive security
assessments against web servers. It scans for a wide range of vulnerabilities, including outdated server
software, insecure configurations, and potentially dangerous files and programs. Nikto supports various
web server technologies, such as Apache, Nginx, and Microsoft IIS, and can identify issues related to
common web technologies like PHP, ASP, and JavaScript frameworks. The tool includes an extensive
database of known vulnerabilities, enabling it to detect and report on common security flaws. Nikto also
supports SSL/TLS scanning, allowing it to identify issues with certificate configurations and weak
encryption settings. As an open-source tool, it is extensible and customizable, with support for plugins
and custom configurations. Nikto generates reports in multiple formats, making it easy to integrate
results into broader security assessments or compliance audits. It is widely used by penetration testers,
security professionals, and researchers to identify and address security weaknesses in web servers, and
it serves as a valuable educational tool in teaching web security fundamentals.

3.2.2) HOW TO USE

Using Nikto is straightforward and involves running it from the command line with various
options and parameters to customize the scan. Here's a basic guide on how to use Nikto:
1. Installation
Nikto can be installed on various operating systems, including Linux, Windows, and macOS. On
many Linux distributions, Nikto can be installed via package managers or from the source.
Here's a common method for installation:

21
 COMMAND : “sudo apt-get install nikto”
2.Usage
COMMAND : “nikto -h <target>”
PARAMETERS : replace <target> with your target ip address.
3. Common Options
Nikto offers a variety of options to customize the scan:
 Specify Target Host (-h):
Command :”nikto -h example.com”
 Specify Target Port (-p): By default, Nikto scans port 80. To specify a different port, use:
Command :“nikto -h example.com -p 8080”
 SSL/TLS Scan (-ssl): For HTTPS websites, you can force SSL/TLS scanning:
Command :”nikto -h example.com -ssl”

3.2.3)Output
Nikto will provide a report detailing the vulnerabilities, potential issues, and general information
about the target. The report includes findings like outdated server software, insecure configurations, and
potentially dangerous files.

22
3.3) Exploiting Using msfconsole

3.3.1)Description

Exploiting vulnerabilities using msfconsole, the interactive command-line interface of the

Metasploit Framework, involves several steps. Here's a general guide to using msfconsole to find,
configure, and exploit vulnerabilities

3.3.2Exploitation

1. Start msfconsole

Launch Metasploit by typing msfconsole in your terminal. This will bring up the Metasploit
command-line interface.

Command :”msfconsole”

2. Search for an Exploit

23
Use the search command to find an exploit for a specific vulnerability or target software. You
can search by keyword, CVE number, or other identifiers.

Command : “search [keyword]”

3. Select an Exploit Module

After finding a suitable exploit, select it using the use command. Replace [exploit/path] with the
path or name of the exploit.

Command : “use [exploit/path]”

4. View Exploit Options

Use the show options command to view the options available for the selected exploit. This
includes required settings such as the target IP address (RHOST), the target port (RPORT), and
other configurations.

Command : “show options”

5. Set Required Options

Set the necessary options for the exploit, such as the remote host (RHOST), port (RPORT), and
any payload options. Use the set command followed by the option name and value.

Command : “set RHOST [target_ip]”

“set RPORT [target_port]”

6. Select and Configure a Payload

Choose a payload, which is the code that will run on the target system after exploiting the
vulnerability. Use show payloads to list available payloads, then use set PAYLOAD to select
one.

Command : “show payloads”

“set PAYLOAD [payload/path]”

Next, set the payload options, like the local host (LHOST) and local port (LPORT) for the
reverse connection.

Command : ”set LHOST [your_ip]”

24
 “set LPORT [your_port]”

7. Run the Exploit

Finally, use the exploit command to launch the exploit against the target.

Command : “exploit”

25
 4) CONCLUSIONS

To identify threats in the system the machine should be attacked from the attacker’s
perspective. Further the best way to do this is to think the machine like a black box and
gather information about it through active and passive information gathering tools. Once the
service is detected, we can easily search the exploits on exploitdb and then we can test those
exploits on the system. Lastly to ensure that we didn’t missed a vulnerability we can use
automated security scanners, but their results should not be the only critera of selecting the
vulnerabilities. Since these can sometimes damage the system and can provide false results.
Lastly the best recommendation to mitigate these risks is to keep the system updated and do
the configurations correctly.

26
 5.) References

[1] K. Katterjohn, "Port Scanning techniques," 3 8 2007. [Online].

Available: http://www.insecure.in/papers/portscan_tech.pdf.

[2] G. F. Lyon, Nmap Network Scanning, USA: Insecure, 2009.

[3] A. Singh, Metasploit Penetration Testing Cookbook, opensource,

2013.

27