Khizar ALi Shah

Lab task 04
231358
sudo gvm-start
The Greenbone Security Assistant login page is displayed.

Type the credentials in the Username and Password text box and click
Login.
The dashboard for OpenVAS is displayed.

Click Scans and select Tasks.

The Tasks page is displayed. Click Task Wizard on the upper left side —
just below the menu.

In the Task Wizard pop-up window,i entered the following in the IP address
or hostname field:

192.168.0.4
Waiting for the scan to complete.
On Task 1 of 1, clicking on 1 in the Reports field.
Clicking the entry in the Date field.

Selecting the Results field on the Immediate scan of IP 192.168.0.4 task

results window.
Selecting Ports on the Immediate scan of IP 192.168.0.4 task results
window.

In the Ports field, the open ports of the scanned host are displayed.
The scanned host’s operating system is identified as Microsoft Windows.
Several other fields of information gathered from the scanned host can be
explored.

Nikto Vulnerability Analysis:

I conducted a vulnerability scan on a website and identified several
vulnerabilities. Initially, I performed a simple scan using Nikto, which
revealed some vulnerabilities. Subsequently, I conducted various types of
testing on the host to further examine its security posture.

2nd test:

1. Overview This report summarizes the vulnerability assessment

performed using Nikto on the test website testphp.vulnweb.com. The
objective was to identify security weaknesses that could be exploited by
attackers. The assessment focused on HTTP headers, outdated software,
and misconfigurations.
2. Scan Details

 Target Hostname: testphp.vulnweb.com

 Target IP: 44.228.249.3

 Target Port: 80 (HTTP)

 Web Server: nginx/1.19.0

 PHP Version: 5.6.40-38 (outdated and vulnerable)

 Scan Date: March 7, 2025

3. Vulnerabilities Identified

1. Missing X-Frame-Options Header

o The website does not have the X-Frame-Options header set.

o Impact: This makes the website vulnerable to clickjacking

attacks.

o Reference: Mozilla Developer Docs

2. Missing X-Content-Type-Options Header

o The X-Content-Type-Options header is not set.

o Impact: Attackers could exploit MIME-type sniffing to execute

malicious scripts.

o Reference: Netsparker

3. Insecure Client Access Policy Files

o Found clientaccesspolicy.xml and crossdomain.xml files

with wildcard entries.

o Impact: These files can be used for cross-domain access

attacks and data exfiltration.

o Reference: Acunetix Client Access Policy Issue

4. Outdated PHP Version (PHP 5.6.40-38)

o The server is running an outdated version of PHP that is no

longer supported.

o Impact: This version has known security vulnerabilities that

could be exploited.

o Recommendation: Upgrade to the latest stable PHP version.

4. Recommendations
  Implement X-Frame-Options: DENY or SAMEORIGIN to prevent
clickjacking.

 Set X-Content-Type-Options: nosniff to protect against MIME-

based attacks.

 Remove or properly configure clientaccesspolicy.xml and

crossdomain.xml files.

 Update PHP to a secure and supported version.

5. Other Types of Scans with Nikto Nikto can perform various types of
scans beyond basic vulnerability detection:

1. Tuning Scans (-Tuning): Allows selecting specific types of

vulnerability tests.

o Example: nikto -h http://example.com -Tuning 4 (Scans for

information disclosure issues)

2. SSL Scans (-ssl): Checks for SSL/TLS misconfigurations.

o Example: nikto -h https://example.com -ssl

3. Mutation Scans (-mutate): Generates non-standard test cases for

deeper analysis.

o Example: nikto -h http://example.com -mutate 2

o User-Agent Spoofing (-useragent): Tests how the server

responds to different Example: nikto -h http://example.com -o
report.html

4. Conclusion The Nikto scan identified several vulnerabilities,

including missing security headers, outdated software, and insecure
policy files. It is highly recommended to implement the suggested
mitigations to enhance the security posture of the web application.
Nessus Vulnerability Assessment
Report
1. Overview This report details a comprehensive vulnerability
assessment conducted using Nessus. The objective of this scan was to
identify potential security weaknesses, misconfigurations, and outdated
software within the target system. The assessment provides insights into
critical vulnerabilities and recommendations for remediation.

In this assessment, I conducted two vulnerability scans using Nessus: one

on chatgpt.com and another on my own IP and some other websites. The
objective of these scans was to identify potential security vulnerabilities,
misconfigurations, and outdated software that could be exploited by
attackers.

Step-by-Step Process

1. Setting Up Nessus

 Installed and configured Nessus on my system.

 Ensured that I had the appropriate permissions to scan my own IP

and external domains.

 Updated Nessus plugins to ensure the latest vulnerability checks

were included.

2. Performing the Scan on ChatGPT.com

 Launched a basic network scan on chatgpt.com.

 Selected target as chatgpt.com.

 Configured scan policies to detect common vulnerabilities such as

SSL/TLS misconfigurations, outdated software, and open ports.

 Executed the scan and monitored its progress.

3. Performing the Scan on My Own IP

 Identified my external IP address.

 Created a separate Nessus scan for my IP.

 Configured the scan to check for open ports, services running, and
known vulnerabilities.

 Launched the scan and analyzed the results.

Findings and Analysis

Results from ChatGPT.com Scan

  SSL/TLS Configuration: No critical vulnerabilities found, indicating
strong security measures.

 Open Ports: Only essential ports (such as HTTPS on 443) were

open, with no unexpected services detected.

 Potential Weaknesses: Minor security headers were missing,

which could be an area for improvement.

Results from My Own IP Scan

 Open Ports Detected: [List of detected ports]

 Services Running: [List of services found]

 Vulnerabilities Identified:

o [Example: Outdated Apache version running on port 80]

o [Example: SSH service with weak cipher support]

o [Example: Web server exposing sensitive directories]

Recommendations

For ChatGPT.com

 Implement additional security headers for enhanced protection.

 Continue monitoring and updating software to prevent emerging

threats.

For My Own IP

 Close unnecessary open ports to minimize attack surface.

 Update all running services to the latest versions.

 Restrict SSH access to trusted IPs and enforce strong encryption.

 Secure exposed directories to prevent information leakage.

Email Spoofing:

The mentioned website was functional for spoofing, so I used another site
as follows:

5. user agents.

o Example: nikto -h http://example.com -useragent "Googlebot"

6. Specific Port Scanning (-p): Scans web servers running on non-

standard ports.

o Example: nikto -h http://example.com -p 8080

7. Saving Scan Results (-o): Exports results in various formats.

Website;

Results:
I performed three tasks, two of which were for vulnerability scanning. This
gave me a proper understanding of how websites, IPs, and hosts are
scanned for vulnerabilities. I learned how the tools operate and, despite
time constraints, solidified my concepts by completing these tasks.

END OF REPORT.