MODULE 5:- Scanning Network and Vulnerability

1. Introduction of port Scanning – Penetration testing
2. TCP IP header flags list
3. Examples of Network Scanning for Live Host by Kali Linux
4. important nmap commands in Kali Linux with Example
5. Techniques of Nmap port scanner – Scanning
6. Nmap Timing Templates – You should know
7. Nmap options for Firewall IDS evasion in Kali Linux
8. commands to save Nmap output to file
9. Nmap Scripts in Kali Linux
10. 10 best open port checker Or Scanner
11. 10 hping3 examples for scanning network in Kali Linux
12. How to Install Nessus on Kali Linux 2.0 step by step
13. Nessus scan policies and report Tutorial for beginner
14. Nessus Vulnerability Scanner Tutorial For beginner

---

Getting Start Nessus Scan and finding Vulnerability

When you have finished installation and configuration of Nessus How to Install Nessus on Kali Linux 2.0, then you have ready to scan and finding vulnerability of local, network, window and Linux machine. In this note I will guide you to find vulnerability of network and system step by step.

Getting Start finding Local Vulnerability by Nessus

Local vulnerability depends on what system you are using local if you are using windows operating system then you will find windows vulnerability and if you are using Linux operating system then you will find vulnerability of linux.

How to Nessus scan policies and report

Let’s start the process of find out Kali Linux vulnerabilities with Nessus by opening the Iceweacel web browser:

1. Open Nessus at http://127.0.0.1:8834. And login with credential.
2. Click on the Policies on the bar at the bottom.
3. Click on  New Policy button at the left side bar.
4. Select desired templates. In policy wizard has following Scanner templates:

Advanced Scan: Scan template for users who want total control of their policy configuration.

Audit Cloud Infrastructure: For users who want to audit the configuration of cloud-based services such as Amazon Web Services (AWS) and Salesforce.com.

Bash Shellshock Detection: Remote and credentialed checks for the Bash Shellshock vulnerability.

Basic Network Scan: For users scanning internal or external hosts.

Credentialed Patch Audit: Log in to systems and enumerate missing software updates.

GHOST (glibc) Detection: Credentialed checks for the GHOST vulnerability.

Host Discovery: Identifies live hosts and open ports.

Internal PCI Network Scan: For administrators preparing for a Payment Card Industry Data Security Standards (PCI DSS) compliance audit of their internal networks.

Mobile Device Scan: For users of Apple Profile Manager, ADSI, MobileIron, or Good MDM.

Offline Config Audit: Upload and audit the config file of a network device.

PCI Quarterly External Scan: An approved policy for quarterly external scanning required by PCI. This is offered on Nessus Enterprise Cloud only.

Policy Compliance Auditing Audit system configurations against a known baseline provided by the user.

SCAP Compliance Audit: Audit systems using Security Content Automation Protocol (SCAP) content.

Web Application Tests: For users performing generic web application scans.

Windows Malware Scan: For users searching for malware on Windows systems.

Policy Settings: Every policy has five sections under settings:

1. Basics
2. Discovery
3. Assessment
4. Report
5. Advanced

These sections allow user to make changes in the policy setting and refine the settings.

1. Basics: Basic section has two parts

• General : There are two section instide the general section:
  • Name: Provide the policy name like “Local vulnerability scan”
  • Description: Here user can provide the description about the policy
• Permission : In this section there are two option:
  • Private : this policy is used only by you.
  • Share: This policy is available for other users.
    

2. Discovery section: This section under policy settings control the following option used by policy.
   1. Host discovery
   2. Port scanning.
   3. Service Discovery.
      
      
3. Assessment: Under this section User configure “Web Application scanning” setting and SMB enumeration perform if required. If the “scan web application” is not enabled these option will not visible.
4. Report: as the name of this policy shows, that this section is used to configures the appereance of scan report and where It will be show and deliver after complete scan.
5. Advance: The Advanced section allows configuration of more advanced features, such as performance settings, additional checks, and logging features.
   

As you see there are two tab on top side one is setting and another is credential about setting I have described everything. Next, describe about credential tab

Policy Credentials:  Nessus is very effective scanner against vulnerability, checked large veriety of vulnerability, which could be exploited remotely. For remote scanning, nessus log into the system and check for vulnerability on targeted host. Following type of credential are required for policy.

• Cloud Services, which includes Amazon Web Services (AWS) and Salesforce.com
• Database, this section used to give the information about Username, password, Databse type which includes Oracle, MySQL, DB2, PostgreSQL, and SQL Server, Databse port, Authentication type, and SID. This is also include MongoDB Databse.
• Host, which includes Windows logins, SSH, and SNMPv3
• Mobile Device Management
• Patch Management servers
• VMware, Red Hat Enterprise Virtualization (RHEV), IBM iSeries, Palo Alto Networks PAN-OS, and directory services (ADSI and X.509)
• Plaintext authentication mechanism including FTP, HTTP, POP3, and other services

When you enter all the required field then save the policy. Policy has been saved you can use at the time of Scan.

SCAN After creating the policy next step to create a New scan.

Creating, launching and Scheduling Scan

At the top near policies you will find another option scan click on scan and in the left side bar you find New Scan button click on it, you can create new policy, scanner templates, or you can select user created policies that you have created earlier.

There are three sections under scan setting

1. General :
   1. Name : Provide any name for scan to remember later.
   2. Description: Enter the short description about scan
   3. Folder: My scanner by default
   4. Scanner: Type of scanner local or remote
   5. Targets: most important section, targets. You can enter single IP addres (192.168.1.10) or hostname (Kali System) or enter multiple target at time every targets should be separated by comma example ( 192.168.1.10, 192.168.1.14, 192.168.1.28, 192.168.1.36,test.com), or you can provide entire network for scan (192.168.1..0/24)
   6. Upload Targets: In this section you can upload file consist targets list.
2. Schedule: you scan schedule your scan to perform scanning time to time, by default it is disabled so enable it. Once enabled you can find out following options;
   1. Launch: you can select you launch option once, daily, weekly, monthly or yearly.
   2. Starts on: Select here start scanning data and time
   3. Time zone: Select time Zone
   4. Summary: summary will be display
      
3. Email Notification: Here you should enter the email address single or multiple where you want to send notification. To proper work of this section your SMTP should be configure.

Scan Results and Reports

Nessus allow user to view the scan results and generate reports

View Scan Result : Scan results are displayed with name of scan, and date of last scan. When you click on the completed scan you will find the results. Above the scan results, there are four buttons for working with the scan result:

Configure Navigates you back to the scan settings.

Audit Trail Pulls up the audit trail dialogue. Audit trails are covered later in this section.

Launch Pulls up two choices to launch a scan: Default and Custom. The custom option allows you to define different targets for the scan, where default will run the scan with the predefined targets.

Export Allows you to save the scan result in one of four formats: Nessus (.nessus), HTML, CSV, or Nessus DB. Exporting scan results is covered later in this section.

Here Nessus allow user to export and download the report in five formats nessus, pdf, html, CSV and Nessus DB.

For example if you want to download report in PDF format click on export then PDF, New window will be popup there are two option select Executive summary for default and custom for changes. Click in the export. Download will be ready save the file. And Analyze the report