Justin Cook

CSOL-570-01-SP20
Assignment 4 – Scanning for Vulnerabilities
Step 1
Criteria Weight
This tool must provide reporting 25
features to visually depict the results
of the vulnerability scan.
The tool must have a robust database 25
of known vulnerabilities and provide
administrators the ability to stay up to
date to test for new vulnerabilities.
The tool must be free open-source 20
software that includes free online
documentation and resources.
The tool must be compatible with the 20
CVE program.
The tool must be simple to use and 10
easy to analyze the results.
Total 100

Step 2

The above table lists out the set of criteria which will be used to evaluate two different
vulnerability scanning tools. These vulnerability scanning tools are NESSUS and Nikto, which are
both free and open-source applications. Nikto does have the ability to produce reports that
explain the vulnerabilities in several different formats, (HTML, CSV, XML, etc.). However, the
reports that Nikto produced do not provide any graphics or charts, which are useful when
discussing the vulnerabilities with management. Nikto can perform comprehensive tests against
web servers for over 6700 potentially dangerous files/programs. Nikto does have a robust
database of known vulnerabilities, which is updated often, but Nikto is mainly used to scan for
vulnerabilities in web servers and software. This limited functionality is one of the main
negatives for Nikto, as it can not scan for vulnerabilities in other servers such as database or
exchange servers. The next item on the criteria is being compatible with the CVE program,
which Nikto is not. Lastly, the last piece of criteria is that the tool must be simple to use and
easy to analyze results, which Nikto seems to be.

Criteria Weigh Score

This tool must provide reporting features to
visually depict the results of the vulnerability
scan.
The tool must have a robust database of
known vulnerabilities and provide
administrators the ability to stay up to date to
test for new vulnerabilities.
The tool must be free open-source software
that includes free online documentation and
resources.
The tool must be compatible with the CVE
program.
The tool must be simple to use and easy to
analyze the results.
Total
t
25 19 – Nikto is able to provide reports in
table format but lacks the ability to
produce graphics such as charts or other
visual figures.
25 15 - Nikto has a robust database of
known vulnerabilities however these are
specifically for web servers. There is no
support for scanning vulnerabilities on
other types of servers or software.
20 20 – Nikto is free and open-source, and
there is lots of online documentation and
resources.
20 0 – Nikto is not compatible with the CVE
program.
10 10 – Nikto is easy to use and the results
of a scan are easy to interpret.
100 64/100

Nessus has the ability to produce very detailed reports of the scans that are performed.
Additionally, these reports have the ability to produce visuals such as pie charts and bar graphs.
This is a very good feature since these reports can often be used during meetings with upper-
level management to provide an overview of the state of the network without having to
analyze detailed, low-level reports. Nessus does have a robust database of known
vulnerabilities and can scan for a wide variety of vulnerabilities such as web servers, database
servers, various, software applications, and many common vulnerabilities and exposures (CVEs).
The online documentation was much more detailed for Nessus, and their online user guide has
over 400 pages of information to get install and configure Nessus on a server. Additionally,
Nessus has many scanner templates that fall into three categories: discovery, vulnerabilities,
and compliance. These templates provide administrators with an easy way to get started using
Nessus. Nessus is also compatible with the CVE program, which is important since it is able to
scan for this database of known vulnerabilities. Lastly, Nessus is simple to use at a basic level,
and the reporting features make it easy to analyze the results.

Criteria Weigh Score

t
This tool must provide reporting features to 25 25 – Nessus is able to provide very
visually depict the results of the vulnerability detailed reports, and includes the option
scan. to use visuals such as graphs and other
charts.
The tool must have a robust database of 25 25 – Nessus has a robust database of
known vulnerabilities and provide known vulnerabilities that are updated
administrators the ability to stay up to date to regularly. Additionally, Nessus can scan
test for new vulnerabilities. for many types of vulnerabilities and
CVEs.
The tool must be free open-source software 20 20 – Nessus is free and open-source, and
that includes free online documentation and the documentation and resources online
resources. are plentiful.
The tool must be compatible with the CVE 20 20 – Nessus is compatible with the CVE
program. program.
The tool must be simple to use and easy to 10 10 – Nessus is simple to use when getting
analyze the results. started, and the results are simple to
analyze.
Total 100 100/100

Step 3

After evaluating both Nikto and Nessus, the decision was made to move forward with the
evaluation of Nessus. Using the criteria in the table from step 1, Nikto scored a 64/100 and
Nessus scored a perfect 100/100. The main issues with Nikto were that it was not compatible
with the CVE program, lacked the ability to produce visuals in its reports, and is tailored
specifically for scanning vulnerabilities in web servers.

Step 4

For this step, I installed Nessus onto my Kali-VM virtual machine. There are multiple options for
Nessus, but for this assignment, since there are few virtual machines in the lab environment,
Nessus home was a suitable option since it is free. I installed the Nessus .deb file from
Tenable.com and saved it onto my Kali-VM.
To install Nessus I used the dpkg -i command:

Next, I started the Nessus service on the Kali-VM

Once the service was started, I was able to access the web interface of Nessus
In order to use Nessus, I had to register my email and obtain an activation code

After I entered the activation code, Nessus began to initialize on my Kali-VM system. The
initialization process took around 40minutes for me, but once it was done I was able to sign into
the Nessus web console successfully. Next, I began to familiarize myself with the Nessus web
interface and created a new scan.

There are many predefined scans to choose from which fall under the categories of Discovery,
Vulnerabilities, and Compliance. For this assignment, I chose to initiate a Basic Network Scan.
For this scan, I simply entered some basic information and provided the range of the private
LAN subnet of my virtual lab environment.
After this step, I ran into errors with the Nessus program and I kept on receiving ‘Corrupt
Database’ errors. It turns out that the underlying issue was with storage. When I created a scan,
it filled up the root ‘/’ directory.

To resolve this issue, I was going to increase the storage space of the / directory, but I realized
that I missed an important part during the installation. The hardware requirements to run
Nessus were larger than I thought.

At this point, I created a new Kali Linux virtual machine names Kali-VM2 and made sure to
provide it more resources, (4 cores, 4GB of memory and a 70GB hard disk). I configured this
new virtual machine to use the same NAT network as the other VMs and ran through the
previous installation steps to install Nessus.

Now I was able to successfully launch my first basic network scan.

As the first scan ran, it produced results in a very clear and easy to read format. Including different
colors to show Critical, High, Medium, and Low vulnerabilities, as well as lots of info.
The virtual machine with the most vulnerabilities was the Metasploitable-VM (192.168.15.5).
Each vulnerability that was discovered could be further analyzed in detail to learn more about
it:

Overall, I was impressed with the Nessus tool. I was able to configure it in under an hour and
the web interface was very easy to comprehend and analyze the results of the basic scan.
Additionally, there are many other pre-defined scanning templates to use.