1
00:00:10,350 --> 00:00:17,310
Let us end the vulnerability assessment section with launching a scan using Nessus in the last previous

2
00:00:17,310 --> 00:00:20,670
two lectures, we saw how to download and configure nurses.

3
00:00:21,180 --> 00:00:24,540
And in the last lecture, you saw how to create a policy.

4
00:00:25,140 --> 00:00:32,570
In this lecture, you will see how to create a network scan and you make sure we are scanning the websites.

5
00:00:32,820 --> 00:00:37,590
You know, make sure you turn off the browsing protection if you have any antivirus, because while

6
00:00:37,590 --> 00:00:44,700
scanning nurses send packets to the antivirus, to the website and antivirus niebler kinesis from visiting

7
00:00:44,700 --> 00:00:45,290
the website.

8
00:00:45,540 --> 00:00:53,670
And then there is no use so quickly logging into the nurses and let us get started with the scan.

9
00:00:55,690 --> 00:00:59,560
So as you can see, go to all scans, could create a new scan.

10
00:01:02,580 --> 00:01:06,930
And then you can go to user defined and then we can find our policy.

11
00:01:07,830 --> 00:01:13,110
Let's enter the name of the scan, which we are going to do, I will give it to the mosque and name

12
00:01:13,230 --> 00:01:17,980
and if you want to get a good description, but that's not really required by practicing.

13
00:01:18,420 --> 00:01:19,560
Again, a warning.

14
00:01:19,800 --> 00:01:24,930
Please do not use Nessus to scan some random websites as it is out of bounds.

15
00:01:25,260 --> 00:01:33,150
And you may face legal action for doing this because all these scanners send packets to the target machine.

16
00:01:33,150 --> 00:01:39,150
And if the target machine has a firewall, they may detect from where the packets are coming and you

17
00:01:39,150 --> 00:01:40,160
may get compromised.

18
00:01:40,470 --> 00:01:47,160
So without having any prior permission, do not use such scans and also the other tools which are going

19
00:01:47,160 --> 00:01:48,980
to demonstrate in future videos.

20
00:01:49,800 --> 00:01:56,670
Now it is time to put the target so we will enter the target IP address of 30 year old hacker dot com

21
00:01:56,670 --> 00:01:57,210
website.

22
00:01:58,410 --> 00:02:02,490
We know how to find out the target IP address of certified hacker.

23
00:02:03,000 --> 00:02:09,360
We will use or assign the tools or website for, you know.

24
00:02:11,160 --> 00:02:17,790
Hacking, so in this tutorial, we are not going to use certified hacker, but we will use a different

25
00:02:17,790 --> 00:02:18,370
website.

26
00:02:18,510 --> 00:02:22,970
So these 15 vulnerable websites are legally used to hacking practice skills.

27
00:02:23,610 --> 00:02:26,700
So let's scroll down and let's pick one of them.

28
00:02:35,760 --> 00:02:39,000
So I will go with the let's say.

29
00:02:41,330 --> 00:02:43,370
Matilda is already installed.

30
00:02:44,060 --> 00:02:52,270
Uh, you can go to the website, so I will just use a demo test pilot website so you can just Google

31
00:02:52,280 --> 00:02:54,980
and this is a little mutual something there.

32
00:02:54,990 --> 00:02:58,750
But this website is only meant for hacking, so you can legally use it.

33
00:02:58,760 --> 00:03:03,050
So I will use the demo to test fired minute website.

34
00:03:03,740 --> 00:03:06,090
Now I want the IP address of this website.

35
00:03:06,710 --> 00:03:09,830
So how will I find out the IP address?

36
00:03:11,330 --> 00:03:17,320
We have learned how to gather information and we have also learned how to use the authentic framework.

37
00:03:19,160 --> 00:03:26,420
So we'll go to Assante framework and I will just go to IP address section IP four years IP before and

38
00:03:26,420 --> 00:03:28,490
then I will pick one of them I will go with.

39
00:03:28,490 --> 00:03:32,120
The first one is lookup and then it just entered the IP address.

40
00:03:34,790 --> 00:03:37,910
I will go and you go.

41
00:03:39,160 --> 00:03:44,900
Exclusive domain and click search in the moment, you will get the results Vola.

42
00:03:45,040 --> 00:03:52,300
We have got the IP address sixty five point sixty one point one thirty seven point one one seven.

43
00:03:56,180 --> 00:03:58,760
Sixty five point sixty one.

44
00:04:03,310 --> 00:04:07,300
Point one thirty seven point one one seven.

45
00:04:10,510 --> 00:04:20,890
And then click save to scan so I can see a scan has been saved and we now launch the scan, so depending

46
00:04:20,890 --> 00:04:28,060
upon the target Web site how long it is, the scan will take place around one and a half hour to one

47
00:04:28,060 --> 00:04:30,780
hour for complete scan to get completed.

48
00:04:30,790 --> 00:04:37,090
But also while scanning, we can see the vulnerabilities and the hosts.

49
00:04:37,540 --> 00:04:40,780
So let us wait till the scan gets completed.

50
00:04:48,190 --> 00:04:53,020
As you can see, the scan is still going and I guess we have found something we have found.

51
00:04:53,200 --> 00:05:00,640
So you can see these are the five types of vulnerabilities, critical, high, medium, low and just

52
00:05:00,640 --> 00:05:01,300
information.

53
00:05:02,110 --> 00:05:10,360
So you can see the NSA scanner is using a map half board scanner to scan the target website for 443.

54
00:05:10,360 --> 00:05:14,770
PXP was found to be open for eight years, found to be open.

55
00:05:15,070 --> 00:05:18,460
Port 88, that is HTP was also found to be open.

56
00:05:20,700 --> 00:05:26,070
That is headed back to one liberties and let's wait for something more interesting.

57
00:05:30,590 --> 00:05:36,890
Now, we have got something interesting, we have got eight medium one tragedies and too low and then

58
00:05:36,890 --> 00:05:37,460
almaty's.

59
00:05:40,040 --> 00:05:42,650
Around 94 percent of the scan is completed.

60
00:05:43,400 --> 00:05:45,910
Let's go to vulnerabilities, let's see the mixed.

61
00:05:46,340 --> 00:05:52,700
Yes, the first one says SSL cannot be trusted, which is obvious because the site isn't having a secure

62
00:05:52,700 --> 00:05:53,300
connection.

63
00:05:53,300 --> 00:05:56,260
It is not GPS, it's at GDP.

64
00:05:56,690 --> 00:06:03,740
So if you can click on the so you can see it's not secure, which means it is not using HDD and therefore

65
00:06:04,130 --> 00:06:06,530
the SSL certificate is not configured.

66
00:06:06,980 --> 00:06:10,970
Now, if you click on the vulnerability, you can see the description.

67
00:06:11,070 --> 00:06:15,560
You can also see the solution and you can see what is the one that would be exactly doing.

68
00:06:16,340 --> 00:06:19,710
So, you know, it's a great tool, Nessus.

69
00:06:19,730 --> 00:06:21,170
It gives you references.

70
00:06:21,170 --> 00:06:22,700
It gives batching assistance.

71
00:06:22,700 --> 00:06:25,610
It also gives their description about the realities.

72
00:06:26,150 --> 00:06:29,150
So this is one of the main advantage of using Anissa's.

73
00:06:29,990 --> 00:06:33,770
So make sure you read everything before generating reports.

74
00:06:34,100 --> 00:06:36,410
As we have discussed, there are two types of reports.

75
00:06:36,740 --> 00:06:41,540
This type of description is required in the upper management level type of report.

76
00:06:42,990 --> 00:06:50,330
Again, as a security expert, you shouldn't fully rely on Nessa's or any other scanning tool because

77
00:06:50,330 --> 00:06:52,220
they are not 100 percent accurate.

78
00:06:53,010 --> 00:06:59,030
Uh, so as you can see on the screen, we have good solution references, output boards which are scanned,

79
00:06:59,600 --> 00:07:01,190
the CSV information.

80
00:07:01,520 --> 00:07:07,580
And, you know, if you actually go to that, uh, we can actually see that when the rabbit is present

81
00:07:07,580 --> 00:07:14,350
in the common vulnerability database and you can see this is the description of the vulnerability.

82
00:07:14,810 --> 00:07:21,920
This is the CVS version, it's law based score, and these are the links, the resources that you should

83
00:07:21,920 --> 00:07:23,140
probably go after.

84
00:07:23,990 --> 00:07:30,500
And that is why our security experts always prefer Nessus, because it is a comprehensive tool and it

85
00:07:30,500 --> 00:07:32,090
is constant under development.

86
00:07:38,640 --> 00:07:43,380
One main thing we're scanning is you have to be patient, you won't get results in two to three minutes.

87
00:07:43,830 --> 00:07:51,020
We have to wait until at least for two hours to get a complete scan result.

88
00:07:53,850 --> 00:08:00,780
So as you can see, the server is using Apache and it reveals a lot of information, basically manual

89
00:08:00,780 --> 00:08:05,190
penetration testing is also needed to verify the results and then only you present the results.

90
00:08:05,820 --> 00:08:09,280
So this is how Nessa's is used for temporary purposes.

91
00:08:09,300 --> 00:08:14,700
I will stop the scan or just let it go, but make sure you wait till the scan is complete.