Vulnerability Scanning with Nessus Home

Oak Academy
A free video tutorial from Oak Academy
Web & Mobile Development, IOS, Android, Ethical Hacking, IT
4.4 instructor rating • 165 courses • 82,787 students

Learn more from the full course

Metasploit Framework: Penetration Testing with Metasploit

Become Hacker: Learn ethical hacking and penetration testing using Metasploit and start your cyber security career

07:20:49 of on-demand video • Updated April 2021

  • Become an Expert in Using Metasploit
  • Learn Ethical Hacking from scratch with Metasploit
  • Importance of Penetration Testing
  • Types of Penetration Testing
  • Basics of Penetration Testing
  • Metasploit Filesystem and Libraries
  • The Architecture of MSF
  • Auxiliary Modules
  • Payload Modules
  • Exploit Modules
  • Encoder Modules
  • Post Modules
  • Metasploit Community
  • Metasploit Interfaces
  • Armitage
  • MSFconsole
  • Enumeration
  • Nmap Integration and Port Scanning
  • SMB and Samba Enumeration
  • MySQL Enumeration
  • FTP Enumeration
  • SSH Enumeration
  • HTTP Enumeration
  • SNMP Enumeration
  • MTP Enumeration
  • Using Shodan with MSF
  • Vulnerability Scanning
  • Exploitation and Gaining Access
  • Post-exploitation-Meterpreter
  • Meterpreter Commands
  • Pass The Hash with Metasploit
  • John the Ripper Module
  • Meterpreter Python/Powershell Extension
  • Antivirus Evasion and Cleaning
  • MSFvenom
  • Using Custom Payload Generators
  • Deceiving File System Using Timestomp
  • The very latest up-to-date information and methods
  • During the course you will learn both the theory and how to step by step setup each method
English [Auto] It's now I'm gonna check the NSA service and started okay. So open your browser now and type HDTV s colons less slash Carly colon 8 8 3 4 and then this will take you to the NSA so log in screen at the beginning you may see an initialization screen like this one so just enter your credentials and hit the sign and button Hey so now this is the NSA is home page it has a pretty clear and clean interface. So what I'm going to do is quickly add a folder from my scans and name it. BW M S F so create the folder. Let's go into the folder okay. So now you have two options here. You can either create a scan directly or you can create a policy and then use this policy for a particular scan. Me I always create policies because then I can use them in every penetration test that I do. So I would advise you to do the same. Just follow along. So even now I'm going to show you how to create a policy so click here to start right. So now these are the predefined policies for your purpose you can choose one of them but also you have the option to start a custom policy so over here on the upper left corner there's an advanced scan so click here. All right. So let's give it a name and description and that's gonna be your first scan. So this is provides you an ability to share your policy or scan with other users so if you want under the permission tab select can use as an option under the discovery menu you'll find how to discover hosts and services and you also can figure how to scan the ports on the target and there's really nothing change here assessment menu. It provides extra assessment configuration now here under brute force segment. I want you to check this box to not try after successful long in all right. So you have web applications in our lab. Open it. I won't change anything under Windows and malware segment. Now you can specialize your reports but I think it doesn't allow much more than that. This might be. If there is one a negative side of Knesset and the advanced menu you know I think I've said this before but being stealthy is important. So you've got a check here to randomly scan Target's also check here to prevent network congestion and under the credentials tab. NASA's gives you the opportunity to scan targets with custom discovered credentials NASA's will perform more tests on the targets if valid credentials are given and you can also add hashes as well as a mother's service account so earlier we have discovered how to use the vagrant username and password so that's what I'm going to use compliance tab not gonna change anything here this. This could be a good benefit for you when you perform a vulnerability assessment now here. There are many compliance checklists you can choose a bunch of them and run a scan. But for now I don't need that. And here's a plugins tab. So this is actually takes its power from plugins every plugin performs a particular task and an SS team divides plug ins into families. So for example the denial of service plugins resides under this category. Now you also have to be careful to check the plugins because every unrelated plugin will create congestion in the network and that prevents you from being stealthy and also some plug ins could very well crash a system. Sorry. Now I am going to quickly uncheck unrelated plug in families not gonna touch plugins that sell but you can be that specific. So finally save the policy. Okeydoke. So now you need to create a scan that's gonna use this policy so go up here to the top menu scans and here are the predefined scanned but if you want to use your policy like I do. Follow me and go to the user defined tab and click your policy. Now this screen comes up. So name your scan and give it a description. And I'm going to choose the folder. P. W M.S. F. And now you can add targets so of course we're gonna use the both the matter portable 2 and 3 IP addresses. All right. So let's save the scan now. Let's check the scan here. And from that menu just launch it or reconfigure it. I'm going to launch it OK so now you can watch the progress and examine what NASA's find scans. Gonna take some time so I'll just let it finish up and I'll get right back to you.