Question.5553 - InstructionsPerform a penetration test on a website of your choice using one of these tools:NmapLinks to an external site.WiresharkLinks to an external site.MetasploitLinks to an external site.Nmap ("Network Mapper") is a free and open-source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, and what type of packet filters/firewalls are in use.Within the Nmap site, there is:Nikto, an open-source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6,400 potentially dangerous files/CGIs; checks for outdated versions of over 1,200 servers; and version specific problems on over 270 servers. It also checks for server configuration items, such as the presence of multiple index files and HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.Create a report detailing the results found from performing a vulnerability scan of a chosen website. The report should state which tool was used, as well as the name of the target website, and should list the number vulnerabilities scanned for, several important examples, how many vulnerabilities were detected, and several examples.
Answer Below:
Technical xxxxxxx Website xxxxxxxx ScanFlorida xxxxxxx March xx Security xxxxxxxxxxxxx Analysis xxxxxxxxxxxx Website xxxxx juice-shop xxxxxxxxx com xxxx Used xxxx Network xxxxxx IntroductionThe xxxxxx depicts xxx findings xxxx a xxxxxxxxxxx test xxxxxxxxx on xxx website xxxxx Shop xxxxx Nmap xxx scan xxxx an xxxx aiming xx identify xxxxxxxxx security xxxxxxxxxxxxxxx the xxxxxxx is xxxxxxx to xxxx includes xxxxxxxxx the xxxx ports xxxxxxxx services xxx also xxxxxxxxxx misconfigurations xxxx could xx exploited xx attackers xx running x Comprehensive xxxx Nmap xxxx SummaryDate xxxx of xxxx March xx EST xxxx Version xxxxxx IP xxxxxxx Host xxxxxxxxxxx Amazon xxx ec x - x - xxxxxxxx compute xxxxxxxxx com xxxxxx of xxxxx Scanned xxx and xxx Key xxxxxxxx Open xxxxxxxxx HTTPS xxxx Port xxxx Open xxxx HTTP xxx HTTPS xxxxx are xxxx implying xxxx the xxxxxxx is xxxxxxxxxx over xxxx secure xxx non-secure xxxxxxxx while xxxxxxx an xxxxxxxxxxx on xxxx without xxxxxx redirection xx HTTPS xxxxx lead xx security xxxxx such xx man-in-the-middle xxxxxxx Service xxxxxxxxxxxxx performed x detailed xxxx of xxxxxxxx The xxxx resulted xx showing xxxx the xxxxxxx is xxxxxx on xxxxxx Web xxxxxxxx AWS xxx service xxxx took xxxxxxxxxxxxx minutes xx complete xxxxxxx Discovery xxx Firewall xxxxxxxxxxx scan xxxxxxxxxx multicast xxxxxxxx on xxxxx network xxxxxxxxxx Some xxxxxxx were xxxxxxxx due xx API xxxxxxx e x Robtex-related xxxxxxx No xxxxxxxx restrictions xxxx detected xx ports xxx Vulnerability xxxxxxxxx Using xxx ScriptsNikto xxx Scanner xxxxxxxxxxx Not xxxxxxxxxx used xx this xxxx but xxxxxxxxxxx for xxxxxx analysis xx Geolocation xxxxxx due xx missing xxxxxxx database xxx Mapping xxxxxxxxxxx due xx missing xxxxxxxxxx Traceroute xxxxxxxx Successfully xxxxxx the xxxxxxx route xx the xxxxxx OS xxxxxxxxx Attempted xxx required xxxxxxx indicating xxxxxxxx obfuscation xx firewall xxxxxxxxxxxx Identified xxxxxxxxxxxxxxxxxxxxxx Open xxxx Port xxxxx the xxxxxxx should xxxxxxx HTTPS-only xxxxxxxxxxx using xxxx Strict xxxxxxxxx Security xxxx to xxxxxxx downgrade xxxxxxx secondly xxxxxxxxxx service xxxxxxxx could xx running xxxxxxxx versions xxxxx should xx verified xxx security xxxxxxx lastly xxx scan xxxxxxxx in xxxx security xxxxxx failed xxx to xxxxxxx API xxxx or xxxxxxxx tools xxxxx may xxxxxx full xxxxxxxxxxxxx assessment xxxxxxxxxxxxxxxxxxxx on xx understanding xx is xxxxxxxxx to xxxxxxxxx HTTPS xxxxxx Transport xxxxxxxx HSTS xx redirecting xxx HTTP xxxxxxx to xxxxx and xxxxxxxx HSTS xx prevent xxxxxxxx downgrade xxxxxxx secondly xxxxxxx a xxxxxx analysis xxxxx Nikto xx identify xxxxxx misconfigurations xxx outdated xxxxxxxx and xxxxxxxxxxxxxx ensure xxxx scanning xxxxx e x Nmap xxxxxxx are xxxxxxx to xxxxxx external xxxxxxxxxxxxx databases xxxxxx redirect xxxxxxxxxxxxx to xxxxxxxxxxxxx ports xxx also xxxxxxxxx Web xxxxxxxxxxx Firewall xxx to xxxxxxxx potential xxxxxxxxx attacks xxxxxxxxxxxxx Nmap xxxx of xxxxx Shop xxxxxxxxxx open xxxx and xxxxx ports xxxxxxxxx service xxxxxxxxxxxxxxxxx and xxxxxxxxxxx in xxxxxxxxxxxxx scanning xxx to xxxxxxx API xxxx based xx the xxxxxx there xxxxxxx to xx no xxxxxxxx vulnerabilities xxx it xxxxx for xxxxxxx security xxxxxxxxxxxx particularly xx enforcing xxxxx updating xxxxxxxx and xxxxxxxxxx further xxxxxxxxxxxxx assessments xxxx specialized xxxxx like xxxxxMore Articles From MGT5157: Secure Networks & Communication
.ico)
.ico)
.ico)
