Disclaimer: This blog is for educational purpose only!!!
This blog will give some idea how vulnerability scanning softwares can help to find out loopholes in IT infrastructure, network services and web applications.
To perform vulnerability scanning we will use our IT infrastructure or Lab which we have created for showing practicals or demos.
First we installed and configured Nessus on our Kali Linux base machine. Now, we started Nessus vulnerability scanner using terminal to scan our IT infrastructure and find out vulnerabilities in it.
After login to Nessus first we need to create new scan and add all scanning targets IP or IP ranges then set all required settings according to testing environment type such as prod/pre-prod/UAT/test, Nessus will scan automatically and find all IPs which are coming in that range and scan all machines.
Now click on “Start” button and Nessus Scanning will start. The Nessus Scanning will stop automatically after completion or if scanner faces any issue while performing scanning and gives output.
When scanning is completed it shows List of Hosts scanned, Vulnerabilities in Hosts or IPs, Remediations & History about it.
We can export output in HTML, PDF, Excel or in Nessus file format as per requirements.
Now, In next blog we will analyze vulnerabilities, try to reproduce those vulnerabilities manually or by using tools and exploit them.