Nmap done tells you how many IP addresses were scanned and how long it took 8. How many total IP hosts (not counting Cisco device interfaces) did Zenmap GUI (Nmap) find on the network? 5 IP host on the network 9. Based on your Nmap scan results and initial reconnaissance and probing, what next steps would you perform on the VSCL target machines? Use the file transfer buttons to download the Lab #1 LMAP scan. xml and Lab #1 topology fisheye chart. pdf Soft copy of the Zenmap GUI “Intense Scan” report in XML format . xml Topology fisheye bubble chart in PDF format
Perform a Vulnerability Assessment Scan Using Nessus This lab demonstrates the first three steps in the hacking process that is typically performed when conducting ethical hacking or penetration testing. The first step in the hacking process is to perform an IP host discovery and port/services scan (Step 1 : Reconnaissance and Probing) on a targeted IP subnetwork using ZenMap GUI (Nmap) security scanning software. The second step in the hacking process is to perform a vulnerability assessment scan (Step 2: Scanning) on the targeted IP subnetwork using Nessus@ vulnerability assessment scanning software.
Finally, the third step in the hacking process (Step 3: Enumeration) is to identify information pertinent to the vulnerabilities found to exploit the vulnerability. 1 . What is the application Zenmap GUI typically used for? Describe a scenario in which you would use this type of application. This application is used to perform an intense scan of all 36 test scripts using the profile selection or you can Just select a specific IP address using the Target selection. I would use this application to determine the vulnerability of my computer by completing an assessment scan of my ntire system. 2.
Which application is used for Step 2 in the hacking process to perform a vulnerability assessment scan? Nmap-Zenmap GUI 3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step? Create a custom Security Policy 4. What is a CVE listing? Who hosts and who sponsors the CVE database listing website? CVE listing is standardized identifiers for common computer vulnerabilities and exposures. Cybersecurity and Communications at the U. S. Department of Homeland Security, the MITRE Corporation 5.
Can Zenmap GUI detect which operating systems are present on IP servers and workstations? Which option includes that scan? Yes, service info: OS: Linux 6. If you have scanned a live host and detected that it is running Windows XP workstation OS, how would you use this information for performing a Nessus vulnerability assessment scan? I would know that would be able to perform this scan 7. Once a vulnerability is identified by Nessus, where can you check for more information regarding the identified vulnerability, exploits, and the risk mitigation solution?
Ports/Protocols, 443/tcp, Plugin Name: Service Detection 8. What is the major difference between Zenmap GUI and Nessus? Nessus scans for vulnerabilitys and Zenmap GUI is used to map network host within an open port. 9. Why do you need to run both Zenmap GUI and Nessus to perform the first three steps of the hacking process? The Zenmap has already run an intense scan on the 254 IP address to map out the network which makes Nessus able to find the vulnerability located within the 254 IP address. Zenmap GUI scan report in soft copy with your notes on what you found Nessus vulnerability scan report in HTML soft copy