5.

Use dig command to get detailed info of mail servers of the target

Conclusion

Practical enumeration in cyber security involves systematically scanning and identifying open
ports, vulnerable services, and active hosts within a network. It plays a vital role in
vulnerability assessment, threat detection, and network optimization. Responsible and
ethical enumeration practices are crucial for maintaining strong cyber security defenses in
the face of evolving threats.

Practical No. 04
Aim: Practical on vulnerability scanning and assessment
Vulnerability Assessment and Penetration Testing (VAPT) services help in evaluating the
existing status of the security, identifying exact flaws and advising a remedial action plan to
safeguard the system. Nmap-vulners, vulscan, and vuln are the common and most popular
CVE detection scripts in the Nmap search engine. These scripts allow you to discover
important information about system security flaws.
Our Target Machine will be metasploitable2 and target live hosts will be packtpub.com and
cyberhia.com
 A) Vulnerability Scanning using Nmap
1. Navigate to nmap scripts folder and view all the scripts in that folder

2. Update scripts

Before firing up Nmap to perform a vulnerability scan, penetration testers must update the
Nmap script database to see whether there are any new scripts added to the database, so that
they don’t miss the vulnerability identification:
3. Run Nmap to check vulnerability services running on metasploitable2

4. Let us find available scripts to find vulnerability for ssh

5. Get more info on ssh-run script

6. Let’s run the ssh-run script on our target (metasploitable2 IP Address)

7. Get available scripts for http

B) Web Server Vulnerability Scanning

Website vulnerability is a weakness or
 misconfiguration in a website or web
application code that allows an attacker to
gain some level of control of the site and
possibly the hosting server. Most
vulnerability is exploited through
automated means, such as botnets. 1. Run
metasploitable2 website on firefox in kali
linux

2. Using Nikto tool scan the target for vulnerabilities

3. By running <targetIP>/phpinfo.php you can get information about the php version
 C) Customizing Nikto
Nikto is a free software command-line vulnerability scanner that scans web servers for dangerous
files/CGIs, outdated server software and other problems. 1. List all the plugins in the Nikto tool

2. Running Nikto with specific plugin to find active users on the target server
 D) OWASP ZAP
One of the most effective scanners based on the number of verified vulnerabilities
discovered is OWASP ZAP. This tool is not preinstalled in Kali Linux 2021. 1. Install the latest
version of OWASP ZAP by

2. Run the tool

3. On start-up make the appropriate selections and update the plugins
4. Enter the URL to attack “cyberhia.com”.
 4. After the scan you can click on the identified results to drill down to specific findings.
OWASP ZAP can help you find vulnerabilities such as reflected cross-sitescripting,
stored cross-site scripting, SQL injection, and remote OS command injection.

Practical 5
Aim:- Practical on use of Social Engineering Toolkit.