In this short course, we covered vulnerabiltiy scanning & management in cyber security along with the tools used to scan for vulnerabilities such as Nmap, Metasploit, OpenVas, Nikto and OwaspZAP.

Table of Contents

– Intro to Vulnerability Scanning in Cyber Security

– Vulnerability Scanning with nmap

– Vulnerability Scanning with Metasploit

– Vulnerability Scanning with Nessus

– Vulnerability Scanning with OWASP ZAP

– Vulnerability Scanning with Nikto

– Vulnerability Scanning with OpenVas

– Vulnerability Management LifeCycle

Please watch the video at the bottom for full detailed explanation of the walkthrough.

Blue Team Study Notes

OSCP Study Notes

Vulnerability Scanning

The process of utilizing a computer program (vulnerability scanner)to find vulnerabilities in networks, computer infrastructure, or applications.

Identifying Assets
The next step is to identify the systems that will be covered by the vulnerability scans. Some organizations choose to cover all systems in their scanning process, whereas others scan systems differently (or not at all) depending on the classification of data stored on these systems, whether the system is internal or exposed to the internet, services running on the system and the nature of the system ( used for production, development or testing).


Determining the scanning frequency
You can designate a schedule that meets their security, compliance, and business requirements. You should also configure these scans to provide automated alerting when they detect new vulnerabilities using email reports.

Active vs Passive Scanning
Most vulnerability scanning tools perform active vulnerability scanning, meaning that the
tool actually interacts with the scanned host to identify open services and check for possible
vulnerabilities.

Active scanning does provide high-quality results, but those results come with some drawbacks such as noisy scans easily detected by system admins and IDS/IPS. Additionally active scanning may inadvertently exploit vulnerabilities thus interfering with the function of a production system.

Passive vulnerability scanning takes a different approach that supplements active scans. Instead of probing systems for vulnerabilities, passive scanners monitor the network, similar to the technique used by intrusion detection systems. But instead of watching for intrusion attempts, they look for the telltale signatures of outdated systems and applications. Passive scanning only capable of detecting vulnerabilities that are reflected in network traffic. They’re not a replacement for active scanning, but they are a very strong complement to periodic active vulnerability scans.

Vulnerability Exploitation

Once you have conducted your initial survey of a target, including mapping out a full list of
targets and probing them to identify potential vulnerabilities and weaknesses, the next step
is to analyze that data to identify which targets you will prioritize, what exploits you will
attempt, and how you will access systems and devices that you have compromised. In most cases, you will target the most vulnerable systems for initial exploits to gain a foothold that may provide further access. Not every vulnerability has exploit code released, and even when exploit code is released, it can vary in quality and availability.

Commercial Vulnerability scanners

  • Nesus: Full Vulnerability Scanner
  • Nexpose: Full Vulnerability Scanner
  • Acunetix: Full Vulnerability Scanner
  • Qualys: Full Vulnerability Scanner
    Open Source Vulnerability scanners
  • OWASP ZAP: Web Application Scanner
  • OpenVas: Web Application Scanner
  • Nikto: Web Application Scanner
  • Wapiti: Web Application Scanner
  • SQLmap: Database Vulnerability Scanner

Full Video Course

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles