Book of Eopi
  • 😍About the Author
  • 🤖ChatGPT for Cybersecurity
  • 📘CERTIFICATIONS
    • Certified Ethical Hacker (C|EH)(Practical)
      • Reconnaissance (Footprinting)
      • Scanning Networks
      • Vulnerability Analysis
      • System Hacking
      • Sniffing
      • SQL Injection
      • Remote code execution
      • Hacking Web Applications & Servers
        • Local and remote file inclusion
        • File upload bypass
        • Cross-site scripting
        • Cross-site request forgery
        • Server-side request forgery
      • Exploitation
        • Working with exploits
        • Password cracking
        • Metasploit
        • Buffer overflow
      • Cloud Computing
      • Cryptography
      • Mobile Pentesting Resources
      • Learning resources
  • 🏁My Hacking Materials
    • My Most Frequently Used Hacking Commands
    • RickdiculouslyEasy: 1 VulnHub WriteUp
    • Corrosion: 2 VulnHub WriteUp
    • Hackable: 3 VulnHub WriteUp
    • Empire: LupinOne Vulnhub WriteUp
  • 🐧101 Labs for Linux
    • 💻Hardware and System Configuration
      • LAB 1 - Boot Sequence
  • 🔧Mod Nintendo Switch Game
    • 🔹Pokémon Brilliant Diamond and Shining Pearl
      • 🟥Install mods on Nintendo Switch
      • 🟦Install mods on Yuzu/Ryujinx Emulator
      • 🔠Custom font for Pokémon BDSP
  • 📖SHARE TÀI LIỆU NVSP
    • 1️⃣HỌC PHẦN 1
    • 2️⃣HỌC PHẦN 2
    • 3️⃣HỌC PHẦN 3
    • 4️⃣HỌC PHẦN 4
    • 5️⃣HỌC PHẦN 5 (chưa hoàn thiện)
    • 6️⃣HỌC PHẦN 6
  • ⚔️Tổng Hợp Võ Lâm 2
    • 💰Server JX2 2014 - Bản Kinh Doanh
    • 👑Server JX2 2014 - Phiên bản Offline
    • 👑Server JX2 2017 - Phiên Bản Offline
    • 👑Server JX2 2021 - Phiên Bản Offline
Powered by GitBook
On this page
  • Introduction
  • List of Vulnerability Analysis and Assessment Tools
  • OpenVAS
  • Nessus
  • GFI LanGuard
  • Nikto
  • Acunetix web vulnerability scanner
  1. CERTIFICATIONS
  2. Certified Ethical Hacker (C|EH)(Practical)

Vulnerability Analysis

Welcome to the Vulnerability Analysis module. This note will guide you thru all the methodologies that I used while preparing for the CEH (Practical) exam.

PreviousScanning NetworksNextSystem Hacking

Last updated 2 years ago

Introduction

A vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed.

Examples of threats that can be prevented by vulnerability assessment include:

  1. SQL injection, XSS, and other code injection attacks.

  2. Escalation of privileges due to faulty authentication mechanisms.

  3. Insecure defaults: software that ships with insecure settings, such as a guessable admin password.

List of Vulnerability Analysis and Assessment Tools

OpenVAS

OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated and authenticated testing, various high-level and low-level internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test. The scanner obtains the tests for detecting vulnerabilities from a feed that has a long history and daily updates.

Nessus

Nessus is a network security scanner. It utilizes plug-ins, which are separate files, to handle the vulnerability checks. This makes it easy to install plug-ins and to see which plug-ins are installed to make sure that you are current. Nessus uses a server-client architecture.

GFI LanGuard

GFI LanGuard allows you to scan, detect, assess and rectify security vulnerabilities in your network and secure it with minimal administrative effort. It gives you a complete picture of your network setup, which helps you maintain a secure network faster and more effectively.

Nikto

Example usage of Nikto

nikto -h www.google.com -Tuning x
nikto -h www.google.com -Cgidirs all
nikto -h www.google.com -o nikto_scan_results -F txt

Acunetix web vulnerability scanner

Acunetix Web Vulnerability Scanner is an excellent software which allows you to easily secure your site. This software scans the site and uses some of the vulnerabilities and announces all the problems and ways to infiltrate it.

Nikto is an Open Source () web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

📘
GPL
LogoOpenVAS - Open Vulnerability Assessment Scanner
LogoNessus Product FamilyTenable®
LogoGFI LanGuard
Logonikto | Kali Linux ToolsKali Linux
LogoAcunetix Web Vulnerability Scanner 2019 Free DownloadGet Into PC
Crack on Windows
Crack on Linux
Screenshot Acunetix