PRACTICAL- 03

Aim:-Practical on enumerating host, port, and service scanning.

Theory

Enumeration is fundamentally checking. An attacker sets up a function associated with the

objective host. The weaknesses are then tallied and evaluated. It is done mostly to look for
assaults and dangers to the objective framework. Enumeration is utilized to gather usernames,
hostname, IP addresses, passwords, arrangements, and so on. At the point when a functioning
connection with the objective host is set up, hackers oversee the objective framework.
A) Port Scanning

1. To see the help/ manual of nmap we can use the command “man nmap” (OS used kali
linux)

2. You will need to run the target machine metasploitable2 and check the ip address of the
machine using the command ifconfig.
3. Using Kali perform port scanning using nmap on the target machine by running the given
command shown below

4. You will be able to identify the operating system and the target machine’s open port
details.
5. View the output file created which stores all the scan results in metasploitable.nmap

6. Using the cat command you can display the contents of the file
B) Enumeration of Hosts

1. Find out the operating system of the target metasploitable2

2. Find out all the host services and their ports by using –sV
3. Using Legion we can also perform enumeration and search for open service ports

4. Specify the IP Subnet and Bits as shown and click on submit

5. After submitting it will start scanning all the available hosts in that subnet and you will
see the Windows XP and Metasploitable2 Operating systems also displayed in the scan.
 C) DNS Enumeration

1. To find out the host IP Address, IPv6 address and Mail Servers

2. To find out the host name servers and mail servers

3. To find the Name Servers by setting the type=ns using nslookup

4. The dig command can be used for advanced dns enumeration.

5. Use dig command to get detailed info of mail servers of the
target

Conclusion

Practical enumeration in cyber security involves systematically scanning and identifying open
ports, vulnerable services, and active hosts within a network. It plays a vital role in
vulnerability assessment, threat detection, and network optimization. Responsible and
ethical enumeration practices are crucial for maintaining strong cyber security defenses in
the face of evolving threats.

Practical No. 04
Aim: Practical on vulnerability scanning and assessment
Vulnerability Assessment and Penetration Testing (VAPT) services help in evaluating the
existing status of the security, identifying exact flaws and advising a remedial action plan to
safeguard the system. Nmap-vulners, vulscan, and vuln are the common and most popular
CVE detection scripts in the Nmap search engine. These scripts allow you to discover
important information about system security flaws.