Penetration Testing with Kali Linux OffSec
|
|
Figure 54: Result Dashboard
The initial view displays the Hosts page, which lists all scanned hosts and provides a visual representation of the vulnerability data. This allows us to identify important findings in one glance and gives us an overview of the security status of each system. On the bottom right, Nessus displays a visual representation of the distribution of all targets’ vulnerability information. Above it, we can find general information about the vulnerability scan. Nessus plugins are frequently updated. Therefore, the findings and information presented in this Learning Unit may differ slightly from the results of your vulnerability scans. Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 181 To get the list of findings from a specific host, we can click on a list entry. This shows us the list of vulnerabilities from the selected host. Let’s click on the entry for 192.168.50.124 . Figure 55: Vulnerability Result Dashboard of 192.168.50.124 The Severity column gives us a quick indicator if this is a critical finding or not. Figure 55 also shows us that there are three findings with the MIXED severity. Nessus uses this severity when it groups findings. The Count column shows us how many findings the corresponding group contains. We can click on a grouped finding to display a list of all findings in this group. Let’s click on Apache Httpd (Multiple Issues) , which is listed as Web Servers under the Family column. Figure 56: List of Grouped Findings Figure 56 shows us information on the findings, which were previously grouped. We can get more information by clicking on a finding. Let’s click on Apache 2.4.49 < 2.4.51 Path Traversal Vulnerability . Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 182 Figure 57: Detailed Information of a Finding Each finding contains a huge amount of information about the vulnerability itself, as well as the plugin that detected it. Furthermore, we get a lot of information about the associated risk, status of exploits, and other references. Next, let’s navigate back to the results dashboard shown in Figure 54 to explore our scan further. Analyzing the findings of a single target provides us with a lot of detailed information. However, we often want to get an overview of the most important vulnerabilities of all targets. To achieve this, Nessus provides a handy feature to get a prioritized overview of vulnerabilities named VPR Top Threats , which utilizes the Vulnerability Priority Rating (VPR). 318 The findings in the VPR list consist of the top ten vulnerabilities of the scan. Figure 58: VPR List of Vulnerabilities In our example, the list only contains six vulnerabilities as Nessus didn’t find more with our configuration. 318 (Tenable, 2020),https://www.tenable.com/blog/what-is-vpr-and-how-is-it-different-from-cvss Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 183 Depending on the version of Nessus, the tab VPR Top Threats may be missing while following along. However, each vulnerability finding still contains the Yüklə Dostları ilə paylaş:
|