-
[This project documents the execution of a comprehensive vulnerability assessment based on a cybersecurity internship task. A virtual lab was established using Kali Linux to deploy and configure the Nessus vulnerability scanner. A full system scan was performed on a target machine to identify security weaknesses and misconfigurations. The findings were analyzed, and a professional report with a prioritized remediation plan was created to address the high-impact vulnerabilities.]
-
Basic Nessus Command-Line Management Below is a quick reference for some of the basic commands used to manage the Nessus installation on a Linux system from the terminal.
Managing the Nessus Service (systemctl) These commands control the main Nessus background service.
sudo systemctl status nessusd.service
- Checks if the Nessus service is currently running and shows its status.
sudo systemctl start nessusd.service
- Starts the Nessus service.
sudo systemctl stop nessusd.service
- Stops the Nessus service.
sudo systemctl restart nessusd.service
- Restarts the Nessus service. Useful after applying changes.
sudo systemctl enable nessusd.service
-
Configures the service to start automatically on system boot.
-
-
.jpeg)
.jpeg)
.jpeg){kind=link}
.jpeg){kind=link}
- [1ST WE PERFORMED HOST DISCOVERY SCAN ON 3 MACHINES WITH THE SINGLE INTERNET (MAC,WINDOWS AND LINUX)]
In the html file only we can get the information about the host discovery [ip of the linux machine]
10.140.63.116
[ip of the Windows machine]
10.140.63.32
[ip of the MAC machine]
10.140.63.55
when we download the report for only over machine it will be like this host discovery_self machine
As the Scan is basic and the host discovery we will get to kmow about the information of the OS
Complete Advanced Scan Report advanced scan on the same machine(linux)
The scan identified a number of security weaknesses, including 3 Critical, 2 High, and 5 Medium severity vulnerabilities.
The most urgent issues are related to outdated and unsupported software components, including Apache Log4j, ClamAV, Ruby RACK, and SQLite. These vulnerabilities pose a significant risk, potentially allowing for Remote Code Execution (RCE), Denial of Service (DoS), or arbitrary code execution.
The following steps should be taken to address the most severe vulnerabilities, listed in order of priority.
- The Problem: An unsupported version of Log4j (
1.2.16) is installed. This version is End-of-Life and contains multiple critical vulnerabilities, includingCVE-2021-4104, which can lead to Remote Code Execution. - Location:
/usr/share/javasnoop/lib/log4j-1.2.16.jar - Solution: The safest and most direct solution is to remove the vulnerable library. As it is part of an optional tool (
javasnoop), its removal is unlikely to impact core system functionality.sudo rm /usr/share/javasnoop/lib/log4j-1.2.16.jar
- The Problem: The installed version of the ClamAV antivirus engine (
1.4.2) is vulnerable to multiple issues, including a buffer overflow (CVE-2025-20260) that could be triggered by a malicious file, leading to a crash or potential code execution. - Location:
/usr/bin/clamscan - Solution: Upgrade ClamAV to the latest version by performing a full system update.
sudo apt update && sudo apt full-upgrade -y
- The Problem: A version of the Ruby RACK library (
2.2.11) used by Metasploit is vulnerable to a Denial of Service attack (CVE-2025-46727), where a specially crafted request could crash the application. - Location:
/usr/share/metasploit-framework/vendor/bundle/ruby/3.3.0/gems//rack-2.2.11 - Solution: This library is a dependency of another application. The recommended fix is to run a full system update, which will update Metasploit and its components.
- The Problem: The installed version of SQLite (
3.46.1) contains multiple vulnerabilities, includingCVE-2025-3277, which can lead to a heap buffer overflow and allow an attacker to execute arbitrary code. - Location:
/bin/sqlite3 - Solution: A full system update will upgrade SQLite to the latest patched version.
- SSL Certificate Cannot Be Trusted (Medium): The scan flagged the SSL certificate on port
8834. This is the Nessus web interface itself, which uses a self-signed certificate by default. For local use, this finding is expected and can be safely ignored.
The majority of the critical and high-severity vulnerabilities identified in this report can be resolved with a single, comprehensive action: performing a full system update and upgrade. This is the most effective way to apply security patches across a Debian-based system like Kali Linux.
sudo apt update && sudo apt full-upgrade -y-
Vulnerability Scanner: Nessus Essentials For this project, Nessus Essentials was selected as the primary vulnerability scanning tool. Nessus is a powerful and widely-used remote security scanner developed by Tenable, Inc. The Essentials version is a free-to-use edition ideal for educational purposes and for scanning in smaller environments.
-
Setup and Installation The installation and configuration of Nessus were performed on a Kali Linux system. The process involved several key steps:
Registration: A license for Nessus Essentials was obtained by registering on the official Tenable website, which provided a unique activation code via email.
Installation: The appropriate .deb package for Debian-based systems was downloaded. The installation was carried out from the terminal using the dpkg -i command.
Service Initialization: After installation, the Nessus background service (nessusd) was started and enabled using systemctl.
Web-Based Setup: The final configuration was completed through the web interface, accessible at https://localhost:8834. This involved creating an administrator account and providing the activation code.
- ##COMPREHENSIVE VULNURABILITY ANALYSIS
The scan identified several high-priority vulnerabilities that require immediate attention. These are primarily caused by outdated software packages with known exploits.
| Severity | Vulnerability | Cause & Impact | Recommended Solution |
|---|---|---|---|
| Critical | Apache Log4j 1.x End-of-Life | An unsupported logging library (log4j-1.2.16.jar) is present. This exposes the system to multiple flaws, including Remote Code Execution (RCE). |
Remove the vulnerable library, as it is part of a non-essential tool (javasnoop). |
| Critical | ClamAV < 1.4.3 Multiple Vulnerabilities | The installed antivirus engine (1.4.2) is outdated and vulnerable to buffer overflows, which could allow for RCE. |
Perform a full system upgrade to install the latest security patches. |
| High | Ruby RACK < 2.2.14 Denial of Service | An outdated Ruby library (rack-2.2.11), a dependency of Metasploit, can be crashed by a malicious web request, causing a Denial of Service (DoS). |
Remediated by performing a full system upgrade, which will update all framework dependencies. |
| High | SQLite < 3.50.2 Memory Corruption | The system's database engine (3.46.1) is outdated and contains memory corruption flaws that could be exploited. |
Remediated by performing a full system upgrade. |
A full system upgrade will resolve the majority of these critical software vulnerabilities.
sudo apt update && sudo apt full-upgrade -yVulnerability scanning is an automated process that identifies security weaknesses (vulnerabilities) in your computers, networks, and applications. It uses a software tool called a vulnerability scanner, which checks your systems against a database of thousands of known security flaws. The end result is a report that lists potential security holes, allowing you to fix them before an attacker does. Think of it as a routine security check-up for your digital infrastructure. 🩺
While they both aim to improve security, they are very different activities. The key difference is between listing weaknesses and exploiting them.
| Feature | Vulnerability Scan | Penetration Test |
|---|---|---|
| Method | Automated 🤖 | Manual & Human-led 👩💻 |
| Goal | Find potential weaknesses | Confirm & exploit weaknesses |
| Scope | Broad (breadth over depth) | Narrow (depth over breadth) |
| Frequency | High (e.g., weekly/monthly) | Low (e.g., annually) |
Most vulnerabilities on personal computers stem from simple oversights. Common ones include:
- Outdated Software: The single biggest risk. Not installing updates for your OS (Windows, macOS) or applications (Chrome, Adobe Reader) leaves known, fixable holes open.
- Weak or Reused Passwords: Passwords that are easy to guess or used across multiple websites.
- Phishing & Social Engineering: Falling for scam emails or messages that trick you into revealing sensitive information or installing malware.
- Missing or Outdated Antivirus: Lacking protection to detect and remove malicious software.
- Misconfigured Firewalls: Turning off the built-in firewall or having incorrect rules that expose your computer to the internet.
Vulnerability scanners act like automated detectives. They systematically probe a target system and compare what they find to a massive database of known flaws. Their primary methods include:
- Banner Grabbing: The scanner identifies the software and version number of services running on the system (e.g., "Apache Web Server version 2.4.53"). It then checks its database to see if that specific version has any known vulnerabilities.
- Signature Analysis: It sends specific, crafted requests to the system and analyzes the response. A particular response can act as a "signature" that confirms the presence of a vulnerability.
- Configuration Check: The scanner looks for common misconfigurations, such as default passwords, open ports that shouldn't be, or insecure protocol settings.
- Credentialed Scans: If given login access, the scanner can perform a much deeper check from the inside, looking for things like missing security patches and weak user permission settings.
CVSS stands for the Common Vulnerability Scoring System. It's an open, industry-standard framework for rating the severity of a security vulnerability.
CVSS assigns a numerical score from 0.0 to 10.0, along with a severity rating:
- 0.0: None
- 0.1 - 3.9: Low
- 4.0 - 6.9: Medium
- 7.0 - 8.9: High
- 9.0 - 10.0: Critical 🚨
This standardized score helps organizations prioritize which vulnerabilities pose the greatest threat and need to be fixed first.
The ideal frequency depends on the system's importance and regulatory requirements, but a good general guideline is:
- Critical Systems: For public-facing servers or systems handling sensitive data, scans should be run frequently, such as weekly or even daily.
- Internal Networks: For general internal office systems, monthly or quarterly scans are often sufficient.
- After Major Changes: Always run a scan after deploying a new application, server, or making significant network changes.
A false positive is an error where the scanner reports a vulnerability that does not actually exist. It's a false alarm.
This can happen if the scanner misinterprets a system's response or if a security patch has been applied in an unusual way that doesn't update the software's version number. False positives are problematic because they waste security teams' time investigating non-existent issues.
A scan can return hundreds of results. Effective prioritization is crucial and involves looking beyond just the raw numbers:
- Start with CVSS Score: Address Critical and High severity vulnerabilities first. This is the most important starting point.
- Consider Asset Criticality: A vulnerability on a public, payment-processing server is far more urgent than the same vulnerability on an isolated test machine. Ask, "How important is this system to the business?"
- Check for Active Exploits: Is there a known, easy-to-use exploit for this vulnerability available to attackers? A vulnerability that is being actively exploited "in the wild" should be moved to the top of the list.
- Evaluate Mitigating Controls: Are there other security layers (like a firewall or access restrictions) that make the vulnerability harder to exploit? This can help lower its immediate priority.
By combining these factors, you move from a simple list of vulnerabilities to a strategic, risk-based remediation plan.
- [NOTE : THE MOST OF THE CONTENT FROM THE AIs with MY OBSERVATION and THOUGHTS]