Penetration Testing with Kali Linux OffSec


səhifə92/132
tarix21.12.2023
ölçüsü
#187693
1   ...   88   89   90   91   92   93   94   95   ...   132
PEN-200

Vulnerability 
Scanning
.
277
Vulnerability scanners come in many different forms, from individual scripts that identify a single 
vulnerability to complex commercial solutions that scan for a broad variety. Automated 
vulnerability scanners can be invaluable for penetration testers as they help quickly establish a 
baseline on the target network before performing a more thorough manual testing analysis to get 
adequate coverage. Common types of vulnerability scanners are web application and network 
vulnerability scanners. 
In this Module, we will analyze automated network vulnerability scanning. We’ll begin with the 
theory behind vulnerability scanning and then use 
Nessus
278
and 
Nmap
279
to perform different 
kinds of vulnerability scans. 
7.1
Vulnerability Scanning Theory 
This Learning Unit covers the following Learning Objectives: 

Gain a basic understanding of the Vulnerability Scanning process 

Learn about the different types of Vulnerability Scans 

Understand the considerations of a Vulnerability Scan 
In this Learning Unit, we’ll discuss the theory behind vulnerability scanning. Before inspecting our 
tools, we need to outline the basic workflow of a vulnerability scanner and understand how it 
finds vulnerabilities. We will also review the different types and considerations of a vulnerability 
scan. 
7.1.1
How Vulnerability Scanners Work 
Every vulnerability scanner has its own customized workflow but the basic process behind 
vulnerability scanning is implementation independent. The basic process of an automated 
vulnerability scanner can be described as: 
1.
Host discovery 
277
(Wikipedia, 2021), https://en.wikipedia.org/wiki/Vulnerability_scanner 
278
(Tenable, 2022), https://www.tenable.com/products/nessus 
279
(Nmap, 2022), https://nmap.org 


Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 
164 
2.
Port scanning 
3.
Operating system, service, and version detection 
4.
Matching the results to a vulnerability database 
The 
Host Discovery
280
tells the scanner if the target is up and responding. The scanner then uses 
various techniques to identify all open ports on the system and detect all remotely accessible 
services with corresponding versions. In addition, operating system detection will be done in this 
step. Based on all gathered information, the vulnerability scanner will then query a vulnerability 
database to match the found data to vulnerabilities. Examples for vulnerability databases are the 
National Vulnerability Database
281
and the 
Common Vulnerabilities and Exposures
(CVE) 
program.
282
Most commercial vulnerability scanners also have the functionality to verify 
found vulnerabilities by attempting to partially or fully exploit them. This can 
significantly reduce missed vulnerabilities but can impact the stability of the 
service or system. 
Vulnerabilities are identified by the CVE system.
283
While this allows us to identify and find verified 
vulnerabilities, the CVE identifier provides no information about the severity of a vulnerability. 
The 
Common Vulnerability Scoring System
(CVSS)
284
is a framework for addressing 
characteristics and severity of vulnerabilities. Each CVE has a CVSS score assigned. The two 
major versions are CVSS v2
285
and CVSS v3.
286
Both versions use a range from 0 to 10 to rate 
vulnerabilities with different severity labels. The following figure from the 

Yüklə

Dostları ilə paylaş:
1   ...   88   89   90   91   92   93   94   95   ...   132




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin