You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This project, conducted during my internship at CYBLACK x LetsDefend SOC Academy, focuses on Vulnerability Management by conducting Credentialed Scan and Web application scan on a Linux Server and setting up Nessus to automatically send vulnerabilities via email.
Background
You have been hired as a cybersecurity analyst at CyberTech Solutions, a company that
specializes in managing client networks and ensuring their security posture. The company has
tasked you with assessing its internal infrastructure to identify vulnerabilities in its Linux systems
and web applications. Your role involves performing a credentialed scan on the Linux server,
conducting a web application scan, and configuring Nessus to send automated reports via
email.
Organization
- CYBLACK
Utilities Used
Tenable Nessus
Gedit Text Editor
Environments Used
Kali
Program walk-through:
Download Nessus:
Configure and Install Nessus:
Start Nessus:
Navigate to Nessus web interface and select continue:
Register for Activation Code:
Create User:
Wait for the plugins to finish downloading:
Task 1: Credentials Scan Configuration:
The company’s security policies require Linux systems to be regularly audited for vulnerabilities.
You will perform a credentialed scan to check the security of the server.
Select Credential Patch Audit to perform the scan:
In the Credentials tab, select SSH
Set the Username to root.
In the Password field, enter kali (for Kali Linux users) or the password for the
root account (for Ubuntu users if applicable).
For Elevate Privileges, choose su.
Set Custom Password Prompt to password.
Use the command ssh -V to check for the version of OpenSSH running on the
system and input that into the scan configuration:
Task 2: Web Application Vulnerabilty Scan:
The IT team wants to assess the security of a web application running on the Linux server. Your
objective is to perform a web application scan using Nessus.
In Nessus, create a Web Application Test scan.
Use the default scan settings without configuring authentication
Task 3: Email Configuration for Automated Reporting:
The IT team requires that Nessus send automated email reports after each scan. You are
tasked with configuring Nessus to send these reports using Gmail’s SMTP server.
In Nessus Settings tab, select SMTP.
Launch the scan
Task 4: CVE Research and Analysis:
Upon completing the scans, Nessus will detect certain Common Vulnerabilities and Exposures
(CVEs) in the Linux system and web application. Conduct research on the CVEs identified in the
scan results to understand the risks they present, possible exploitation methods and their
potential impact.
Task 5: Comprehensive Report:
After completing the credentialed scan and the web application scan, you are required to create
a comprehensive report of all the activities you performed.
![Disk Sanitization Steps](https://i.imgur.com/D97eAe5.pngg")
