1.4 Given a scenario, analyse the output from common vulnerability assessment tools

  • Web application scanner:

  • OWASP ZAP

  • Burp suite

  • Nikto

  • Arachni: evaluate web application security; scanning, scripted audits, vulnerability scans

  • Infrastructure vulnerability scanner:

    • Nessus

    • OpenVAS

    • Qualys

  • Software assessment tools and techniques:

    • Static analysis

    • Dynamic analysis

    • Reverse engineering

    • Fuzzing

  • Enumeration:

    • Nmap: returns port listing, MAC address, OS/kernel version, network distance, runtime

    • hping: sends TCP/UDP/ICMP/RAW-IP; firewall testing, TCP/IP auditing, network testing

    • Active vs passive

    • Responder: LLMNR/NBT-NS poisoner/rogue authentication server => steal NTLM hashes

  • Wireless assessment tools:

    • Aircrack-ng: suite of WiFi monitoring, attacking, testing & cracking (WEP/WPA) tools

    • Reaver: brute force against WPS PINs to recover WPA/WPA2 passphrases

    • oclHashcat: GPU-based hash cracker with dictionaries, masks, rules etc.

  • Cloud infrastructure assessment tools:

    • ScoutSuite: security posture assessment of cloud environments, highlights risks

    • Prowler: AWS security best practices assessment, auditing, hardening, forensics

Previous1.3 Given a scenario, perform vulnerability management activitiesNext1.5 Explain the threats and vulnerabilities associated with specialised technology

Last updated