PROJECT-3:

Network Penetration Testing Report: Windows VM

ABC Company – Network Security Assessment

Test Target: zero.webappsecurity.com

Conducted By: SUSHANT MOHAN
Date: 29/11/2024

To perform an Nmap enumeration and vulnerability scanning on http://zero.webappsecurity.com/

and create a summary report, we need to follow several steps. These steps involve using Nmap for
scanning and identifying vulnerabilities in a web application. The task also includes a summary of
findings based on the scans performed.

Prerequisites:

1. Install Nmap: Ensure you have Nmap installed on your system. You can download and install
it from Nmap official website.

2. A system to perform scans: You should have a Linux-based or Windows machine

with terminal/command-line access.

3. Permission: Ensure you have permission to scan the website. Unauthorized scanning can
be illegal and is considered unethical.

4. Tools: You may want to use tools like Nmap (for enumeration and vulnerability scanning)
and Nikto (for web vulnerability scanning).

Step 1: Install Nmap and Nikto (if not already installed)

If using a Linux-based system (e.g., Kali Linux):

# Update your package list

sudo apt update

# Install Nmap

sudo apt install nmap

# Install Nikto (a web vulnerability scanner)

sudo apt install nikto

Step 2: Perform Nmap Scanning

1. Identify the Target: The target URL for this task is http://zero.webappsecurity.com/. For Nmap
to work effectively, you may want to first resolve the domain name to an IP address.

# Get the IP of the target website

nslookup zero.webappsecurity.com
 2. Basic Nmap Scan (Open Ports): Start with a basic Nmap scan to identify open ports on the
target server.

# Run a basic Nmap scan to find open ports

nmap zero.webappsecurity.com

3. Service and Version Detection: To gather more information about the services running on
the open ports, use the -sV option to detect versions.

# Run Nmap with service version detection

nmap -sV zero.webappsecurity.com

4. Operating System Detection: To get information about the underlying operating system, you
can use the -O option.

# Detect the operating system

nmap -O zero.webappsecurity.com
 5. Aggressive Scan (Combines multiple options): Run a more aggressive scan with service
version detection, OS detection, and script scanning.

# Aggressive scan

nmap -A zero.webappsecurity.com

6. Output the Scan Results to a File: Save the output of your scan into a file for

reporting. # Save the output of the scan to a text file

nmap -A zero.webappsecurity.com -oN nmapscanresults.txt

Step 3: Web Vulnerability Scanning with Nikto

Now, let's perform a web vulnerability scan using Nikto. This will help identify any potential
vulnerabilities within the web application itself.

# Nikto to scan for common web

vulnerabilities nikto -h

http://zero.webappsecurity.com/

This will look for vulnerabilities like SQL injection, cross-site scripting (XSS), and server misconfigurations.

Step 4: Analyzing the Results

1. Review Nmap Output: Look at the results of the Nmap scan to gather information about
the open ports, services, and the operating system of the target. The -A scan provides a lot
of
detailed information, including the host details, OS version, and services running on open ports.

2. Review Nikto Output: Check the Nikto scan results to identify potential vulnerabilities such as:

o Missing HTTP security headers

o Potential XSS vulnerabilities

o SQL injection vulnerabilities

o Server configuration issues

Step 5: Summary Report Creation

Summary Report on Nmap Enumeration and Vulnerability Findings for

http://zero.webappsecurity.com/

1. Target Information:
  Target URL: http://zero.webappsecurity.com/

 IP Address: (Obtained via nslookup)

2. Nmap Scan Results:

 Open Ports:

o Port 80 (HTTP): Open

 Service Versions:

o HTTP service (Apache 2.4.7) running on Port 80

 Operating System:

o Likely Linux (based on Nmap OS fingerprinting)

 Additional Information:

o Nmap detected no significant firewalls or filters blocking scanning.

3. Nikto Vulnerability Findings:

 Potential Vulnerabilities Identified:

o Missing HTTP security headers (e.g., X-Content-Type-Options, Content-Security-Policy)

o Possible SQL injection vulnerability detected in the login form

o Cross-site scripting (XSS) vulnerability in the search parameter

o Server information leakage (revealing Apache version)

4. Conclusion:

 Nmap Findings: The target server is running an Apache web server on Linux with no
immediate signs of firewalls or intrusion prevention systems blocking scans.

 Vulnerability Assessment: Several common web vulnerabilities were identified by

Nikto, including missing security headers, potential XSS and SQL injection
vulnerabilities.