OpenSource SecTools (Nessus, nmap, Wireshark, Snort, Metasploit)

Question 1

What’s your experience with Nessus?

Answer 1

• Setup and Configuration
• Scan Analysis
• Reviewing a Scan
• Saving Reports

Question 2

Basic steps in performing a vulnerability scan?

Answer 2

• Define scan parameters
• Create and Launch the scan
• Analyze results

Question 3

Two methods for performing a vulnerability scan?

Answer 3

• Network scanning
  (external details and vulnerability analysis)
• Credentialed scanning
  (internal misconfigurations and hidden vulnerabilities)

Question 4

Vulnerability Management?

Answer 4

Vulnerability Management Phases

1. Define the desired state of security
2. Create baslines
3. Prioritize vulnerabilities
4. Mitigate vulnerabilities
5. Monitor the Environment

Question 5

What Security Tools to use for Assessing Vulnerability?

Answer 5

◦ Network Mapping	
            Nmap
        ◦ Vulnerability Scanning
        ◦ Network Sniffing
            Wireshark 
        ◦ Password Analysis
            Cain & Able

Question 6

Nmap use?

Answer 6

❏ network asset inventory
❏ vulnerability assessment
❏ penetration testing

Question 7

Nmap common options ?

Answer 7

sS: Syn (Until an RST is sent back)
sT: Full connect scan (establish three-way-handshake)
-sU: Sends UDP packets
-p: Specify a port number
-sn: Disables port scanning
-T: Flag for speed (T0 slowest - T5 fastest)
-sV: see the versioning of the software

Question 8

Getting Help - NM?

Answer 8

All OS commands:
o “nmap -V” -> Nmap version information, platform running on and how it was
compiled.
o “nmap” or “nmap -h” -> Provides the list of simple scan options available, with
examples.
o “nmap –script-help ” -> Provides details of the script, as published
by the author

Question 9

Scan Phases of Nmap?

Answer 9

o Phase 1: Script Pre-scanning

o Phase 2: Target Enumeration

o Phase 3: Host Discovery

o Phase 4: Reverse-DNS resolution

o Phase 5: Port Scanning

o Phase 6: Version Detection

o Phase 7: OS Detection

o Phase 8: Traceroute

o Phase 9: Script scanning

o Phase 10: Output

o Phase 11: Script post-scanning

Question 10

Nmap, Does the order of command options matter?

Answer 10

No. Can come before or after the target.

Question 11

Nmap target options?

Answer 11

hostname(s)
IP address(s)
Network w/cider notation

Question 12

Nmap output options

Answer 12

• oN : Outputs results to text file in normal Nmap format.
• oX: Outputs to an XML formatted file.
• oS: Outputs to script kiddy file format
• oG: Greppable formate (for use with grep)
• oA : outputs normal, XML, and greppable format.
• v or -vv: determines the level of details/verbosity

Question 13

Snort experience?

Answer 13

• Using Snort and Wireshark to analyze traffic
• Create custom rules
• Monitoring Network Traffic
• IDS Setup

Question 14

Metasploite experience?

Answer 14

• Linux exploitation
  (Vulnerable Apache and open SSL - Heartbleed)
  and
  (Bash and CGI_Apache - Remote Command Execution)
• Using Armitage
• Using MSFVenom (Very high view)

Question 15

Common Snort Commands?

Answer 15

• snort -V: Shows Version
• snort -l: Log file Location placement
• the -c: where to place snort.conf
• the -T: Test configuration
• the -r: Read the following capture file

Question 16

Metasploit Hands-On Course?

Answer 16

• Metasploit Payloads & Stagers

- Vulnerability Scanners (Nessus)