Al-Janad University for Science and Technology

Information Security Lab Manual

Faculty of Engineering and Information Technology
Department of Networks and Cybersecurity

Prepared by:
Eng. Hanadi A. Ahmed (Research Assistant)

2024
University Vision

To locally lead, regionally compete in education and scientific research, and effectively

contribute to community service.

University Mission

Al Janad University for Science and Technology strives for excellence in teaching, learning,

scientific research and community service through a motivating educational environment that

keeps up with quality standards; it effectively utilizes technology and human resources, embodies

a local and regional partnership, fosters the national allegiance, and contributes to sustainable

development.

College Vision

Leadership in engineering and information technology locally and regionally

College Mission

The college of Engineering and Information Technology at Al-Jand University for Science and

Technology strives to prepare qualified engineers capable of working efficiently and responsibly

through an excellent educational environment. It also focuses on developing scientific research

and providing consultations that contribute to serving the community according to

comprehensive quality standards

Program Mission

Providing excellent education to prepare qualified graduates in the field of networks and

information security, capable of contributing to community development, keeping pace with

technological advancements and scientific research developments, while committing to high

levels of ethics and professional values

Program Educational Objectives (PEO’s):

_______ To be filled out by department ________

Program Specific Outcomes (PSO’s)

_______ To be filled out by department ________

Course Name: Information Security Lab
Course Code: (Un-known)
Course Degree: 30 degrees
Course Description:
This course is designed to introduce you to the fundamentals of information security and provide you
with practical skills to safeguard digital systems. Through a combination of theoretical concepts and
hands-on labs, you will gain a comprehensive understanding of key topics in the field. The labs will
focus on various aspects, including creating virtual machines, password strength, malware analysis,
network scanning, and vulnerability assessment.
Course Outcomes:
By the end of this course, you will be able to:
1. Understand the importance of information security in today's digital landscape.
2. Create and configure virtual machines using VMware.
3. Evaluate the strength of passwords and implement secure password practices.
4. Analyze and identify different types of malwares, such as Prorat and JPS Virus Maker.
5. Capture packets and analyze HTTP and HTTPS traffic.
6. Perform port scanning using Nmap.
7. Conduct host-based scans using Nessus.
8. Perform internal scans using OpenVAS.
9. Conduct web application scans using Invict.
10. Perform assessment scans using Rapid7 Nexpose and Metasploit.
General Instructions
1. Read the lab manual thoroughly before starting any experiment.
2. Follow all safety guidelines and lab rules outlined in the manual.
3. Attend any required lab orientations or training sessions before starting the experiments.
4. Take notes during the lab sessions, documenting your observations, findings, and any challenges you
encounter.
5. If you encounter any difficulties or have questions during the lab, seek assistance from lab assistants
or the course instructor.
6. Complete the lab exercises in the specified order unless otherwise instructed.
7. Ensure that you have all the necessary materials, tools, and software required for each experiment.
8. Follow the step-by-step procedures outlined in the manual for each experiment.
9. Take screenshots or photographs as necessary to document your progress and results.
10. Record any data or measurements obtained during the experiments accurately.
11. Pay attention to any specific configurations or settings mentioned in the manual for each experiment.
12. Troubleshoot any issues that arise during the lab exercises, referring to the troubleshooting section in
the manual if needed.
13. Document your troubleshooting steps and solutions for future reference.
14. Complete any associated lab reports or assignments as instructed by the course instructor.
15. Submit all lab reports or other deliverables by the specified deadlines.
16. Engage in discussions with fellow students, if applicable, to share insights and troubleshoot
problems collectively.
17. Utilize additional resources recommended in the manual to enhance your understanding of the
subject matter.
18. Keep your workstation clean and organized, and report any equipment malfunctions or damages to
lab staff immediately.
19. Respect the privacy and confidentiality of other students' work and data in the lab.
20. Regularly backup and protect your data to prevent loss or unauthorized access.
 Lab Requirements (Per Student)

NO Type Details

1 Hardware Requirements 16 GB RAM - 256 GB hard disk space

2 Operating System Windows 10 or 11

3 Software Requirements VMware Workstation Pro

Windows 10

Ubuntu 2022
4 Virtual Machines
Kali Linux 2023

Metasploitable2 VM

5 Internet Connection High Speed internet connection

 LAB 1 – Preparatory Lab
Tasks List
Task1: Downloading virtual machines
Task1: Preparing the following topology using VMWare Adapters ssttings

Windows Ubuntu

Implementation
Task1:
1. Download and install VMware Workstation Pro as shown here
2. Download and install Ubuntu OS in VMware as shown here
3. Download and install Windows 11 OS in VMware as shown here
4. Download and install Kali Linux OS in VMware as shown here
5. Metasploitable
Task2:
Step1: Start VMware and add an adapter as following:
Step 2: Config two adapters for (Windows, Ubuntu, Kali and Metasploitable2) as following:
Step 3: Set a static ip for (Windows, Ubuntu, Kali and Metasploitable2) as following:
Step 4: Test connectivity as following:
 LAB 2 – Password and Security
Pre-requests
▪ Ubuntu virtual OS with John the ripper tool
▪ A web Browser and internet connection
Tasks List
Task1: Cracking a linux user account using John the ripper
Task2: Finding out if your email or password has been pwned
Task3: taking the survey
Implementation
TASK1:
Step1: install John the ripper in Ubuntu using terminal
sudo apt update
sudo apt install john
Step2: Create an account in Linux
sudo useradd -m janad2
Note that the -m attribute will ensure that a home directory will also be created for the user.
sudo passwd janad2
You’ll enter the password twice 12345.
Step3: View the user accounts and their hashed passwords
1. It is important to know that in Linux, there is a file /etc/passwd that stores all the basic information
about each user. This is normal for many operating systems, and you can view it with the cat command:
sudo cat /etc/passwd
2. It is also important to know that in Linux there is a file /etc/shadow that stores the hashed versions of
user passwords. You can view it by using cat to output the data:
sudo cat /etc/shadow
Naturally, you won’t be able to decipher much more than the usernames in this file.
3. Lastly, it is imperative to know that John the Ripper comes with unshadow. All unshadow does is
stitch together the passwd file and shadow file so John the Ripper can use it.
We’ll run unshadow and store the results in a file that we’ll create on the fly called tempUserPW:
sudo unshadow /etc/passwd /etc/shadow > tempUserPW
Let’s take a look and see if everything seems to be working so far:
cat tempUserPW
Step4: Crack the password
When we run John the Ripper, we’ll have to give it both the wordlist we want to use and the file we
made with unshadow. Again, we’ll be using the standard dictionary that comes with John the Ripper, not
rockyou.txt. If you wanted to use rockyou.txt, you’d have to point to it in the wordlist parameter.
sudo john -wordlist=/usr/share/john/password.lst --format=crypt tempUserPW
Yeah! We just cracked the passwords (at least, the ones that were easy to crack with the default
dictionary). The output looks daunting, but it’s not too bad to decipher.
The output shouldn’t be too cumbersome because there are only a few accounts. But if there were a lot
of accounts, we could clean up the output with the show parameter in John the Ripper:
sudo john -show tempUserPW

TASK2:
PART I: Find out if your email address has been pwned.
1. Go to https://haveibeenpwned.com/ and enter your email
2. If you have been pwned, scroll down through the list and note the sites where your email address has
been discovered.

PART II: Find out if your password has been pwned.

Go to https://haveibeenpwned.com/Passwords(or just click on the “Passwords” tab at the top of the
website) and enter a password you may have used in the past.
 Week Password

Strong Password

TASK3:
There are a number of easy ways to increase your security and privacy. This survey is meant to make
you think about what you can do to be more secure.
Conclusion
We just cracked a Linux user account with John the Ripper. There were a few things that made this
possible, but the biggest enabler is when we created a relatively weak password. This is meant to show
just how weak some passwords are. Be careful when you make passwords for various accounts.There
are simple things you can do that take little to no effort but provide substantially more security and
privacy.
 LAB 3 – Malware and Threats
Pre-requests
▪ Windows VM (2 copies host and target)
▪ JPS Virus Maker tool
▪ ProRAT tool
Tasks List
Task1: Understanding types of Malware
Task2: Generate a virus using JPS Virus Maker and examine its effection on the target system
Task3: Generate a remote access torjan using ProRAT tool and examine its effection on the target
system
Scenario
In this lab, we will be discussing and testing the impact of malicious software, also known as malware,
on a victim's system. Let's begin by setting up two virtual machines running the Windows operating
system, where one will host the malware and the other will be the target.
On the host machine, start by installing the JPS Virus Maker tool. This tool will allow us to create a
convincing malware file, which we will inject into a legitimate document such as a PDF or another
document type. Place this infected file in a shared folder between the two virtual machines. When the
victim machine opens this file, the malicious code will execute, causing damage to their system.
Next, let's use the host machine again to install the Prorat tool. This tool will enable us to inject a
Remote Access Trojan (RAT) into one of the applications. Your task will be to convince the victim to
install this application, giving you control over their system.
Finally, the instructor will recommend a similar tool for testing the impact of malware on Android
systems.
Implementation
TASK1:
Malware, or malicious software, is any program or file that is intentionally harmful to a computer,
network or server.
Types of malware include computer viruses, worms, Trojan horses, ransomware and spyware. These
malicious programs steal, encrypt and delete sensitive data; alter or hijack core computing functions and
monitor end users' computer activity. Read this article to distinguish types of malware.
TASK2:
The JPS Virus Maker tool is used to create its own customized virus. This tool has many options for
building that can be used to create a virus. Some of the tool’s features are auto-start, shutdown, disable
security center, lock mouse and keyboard, destroy protected storage, and terminate windows. An ethical
hacker and pen-tester can use the JPS Virus Maker Tool as a proof of concept to audit perimeter security
controls in an organization. After performing this task, we will end and re-launch the lab
as target machine will be infected by the virus.
In the host machine, navigate to JPS Virus Maker and double-click jps.exe. If an Open File —
Security Warning pop-up appears, click Run. The JPS (Virus Maker 4.0) window appears; tick
the Auto Startup checkbox.
The window displays various features and options that can be chosen while creating a virus file.

From the Virus Options, check the options that you want to embed in a new virus file.In this lab, the

options embedded in the virus file are Disable TaskManager, Disable Windows Update, Disable

Control Panel, Disable Drives, Hide Windows Clock, Hide Desktop Icons, Enable Remote

Desktop, Remove Bluetooth, Turn Off Windows Firewall, Turn Off Windows Defender, and Auto

Startup. Ensure that the None radio button is selected to specify the trigger event when the virus should

start attacking the system after its creation. Now, before clicking on Create Virus!, click the right arrow

icon from the right-hand pane of the window to configure the virus options.
A Virus Options window appears, as shown in the screenshot. Check the Change Windows

Password option, and enter a password (here, janad) in the text field. Check the Change Computer

Name option, and type janad in the text field. You can even configure the virus to convert to a worm. To

do this, check the Enable Convert to Worm checkbox, and provide a Worm Name (here, janad). For

the worm to self-replicate after a particular time, specify the time in seconds (here, 1 second) in the Copy

After field. Ensure that the JPG Icon radio button is selected under the Change Icon section. Ensure that

the None radio button is selected in the lower part of the window. After completing your selection of

options, click the drop-down icon next to the Create Virus! button and select x86(32Bit); click Create

Virus!
A Virus Created Successful! pop-up appears; click OK.

The newly created virus (server) is placed automatically in the folder where jps.exe is located, but with

the name Server.exe. Now, pack this virus with a binder or virus packager and send it to the victim

machine through email, chat, a mapped network drive, or other method. In this task, we are using a

mapped network drive to share the virus file to the victim machine. Assume that you are a victim and that

you have received this file. Click switch to the target machine. logging into the machine …..

Open the folder and double-click Server.exe file to execute the virus.

Once you have executed the virus, the Desktop screen goes blank, indicating that the virus has infected

the system. Surprised by the system behavior, the victim (you) attempts to fix the machine by restarting

it. Once the machine has rebooted, try to log in to the machine with the

provided Username and Password. You should receive the error message “the password is incorrect. Try

again.”. Now, login with the password that you provided at the time of virus creation (i.e., janad). You

should log in to the machine with the new password.

Then, try to open Task Manager; observe that an opening error pop-up appears, and then click OK.
This is how attackers infect a system with viruses!!!!
TASK3:

Attackers use malware to steal personal information, financial data, and business information from target

systems. ProRat is a “remote administration tool” created by the PRO Group. ProRat was written in the C

programming language and is capable of working with all Windows OSes. ProRat was designed to allow

users to control their own computers remotely from other computers. However, attackers have co-opted it

for their own nefarious purposes. Some hackers take control of remote computer systems to conduct a

Denial-of-Service (DoS) attack, which renders the target system unavailable for normal personal or

business use. These targeted systems include high-profile web servers such as banks and credit card
gateways.

As with other Trojan horses, ProRat uses a client and server. It opens a port on the computer that allows

the client to perform numerous operations on the server (the victim machine).

Some of ProRat’s malicious actions on the victim’s machine include:

• Logging keystrokes
• Stealing passwords
• Taking full control over files
• Drive formatting
• Opening and closing the DVD tray
• Hiding the taskbar, desktop, and start button
• Viewing system information

An ethical hacker or pen tester can use ProRat to audit their own network against remote access Trojans.

Repeate the same steps in task 2 using ProRAT

 LAB 4 – Packet Capturing with Wireshark
Pre-requests
▪ A web Browser and internet connection
▪ Wireshark tool
Tasks List
Task1: Understanding the Power of Wireshark
Task2: Download and Install Wireshark
Task3: Using Wireshark to Examine HTTP and HTTPS
Implementation
TASK1:
Wireshark can be useful for many different tasks, whether you are a network engineer, security
professional or system administrator. Here are a few example use cases:
 Troubleshooting Network Connectivity
 Examination of Application Layer Sessions
 Troubleshoot DHCP issues with packet level data
 Extract files from HTTP sessions
 Extract file from SMB sessions
 Detect and Examination of Malware
▪ Detect anomalous behaviour that could indicate malware
▪ Search for unusual domains or IP address endpoints
▪ Use IO graphs to discover regular connections (beacons) to command and control servers
▪ Filter out the "normal" and find the unusual
▪ Extract large DNS responses and other oddness which may indicate malware
 Examination of Port Scans and Other Vulnerability Scan types
▪ Understand what network traffic the vulnerability scanner is sending
▪ Troubleshoot vulnerability checks to understand false positives and false negatives
For more Details
TASK2:
Step1: Download and Install Wireshark
You can download Wireshark for free at www.wireshark.org. If you use Windows 10, for example,
you’d grab the 64-bit Windows installer and follow the wizard to install.
Step2: Getting Up and Running
After installation launch Wireshark, approve the administrator or superuser privileges and you will be
presented with a window that looks like this:
This window shows the interfaces on your device. To start sniffing select one interface and click on the
bluefin icon on the top left. The data capture screen has three panes. The top pane shows real-time
traffic, the middle one shows information about the chosen packet and the bottom pane shows the raw
packet data. The top pane shows source address (IPv4 or IPv6) destination address, source and
destination ports, protocol to which the packet belongs to and additional information about the packet.
Since there are a lot of packets going in and out every second, looking at all of them or searching for one
type of packets will be tedious. This is why packet filters are provided. Packets can be filtered based on
many parameters like IP address, port number or protocol at capture level or at display level. As obvious
a display level filter will not affect the packets being captured.
TASK3:
Part 1: Capture and view HTTP traffic
Step 1: Start Wireshark and select the interface whose packets you want to capture (wifi or Local Area
Connection)
Step 2: Open a web browser and navigate to www.altoromutual.com/bank/login.aspx Because this
website uses HTTP, the traffic is not encrypted. Click the Username field to see the warning pop up.

Step 3: Enter a username of janad with a password of janad and click Login.
Step 4: In the Wireshark application, filter for http and click Enter.

Step 5: Browse through the different HTTP messages and select the POST message.
 In the lower window, the message is displayed. Expand the HTML Form URL Encoded:
application/x-ww-form-urlencoded section.

Part 2: Capture and view HTTPS traffic

Step 1: Start Wireshark and select the interface whose packets you want to capture (wifi or Local Area
Connection)
Step 2: Open a web browser and navigate to https://www.netacad.com/.

Step 3: Click Log in. Enter in your NetAcad username and password. Click Log In.
Step 4: In the Wireshark application, expand the capture window vertically and then filter by HTTPS
traffic via port 443.

Enter tcp.port==443 as a filter, and click Enter.

Browse through the different HTTPS messages and select an Application Data message
Completely expand the Secure Sockets Layer section.

Finally: Apply this tutorial with using malicious files that you have generated in the prefious lab.
 LAB 5 – Port Scanning (NMAP)
Pre-requests
▪ Kali VM
▪ Metasploitable2 VM
▪ internet connection
Topology

windows-zenmap ubuntu-nmap
10.10.10.2 10.10.10.3
10.10.10.5

Scenario
Port scanning is usually part of a reconnaissance attack. There are a variety of port scanning methods
that can be used. We will explore how to use the Nmap utility. Nmap is a powerful network utility that is
used for network discovery and security auditing. For this lab, we are going to be scanning the
Metasploitable2 VM using Nmap. Launch both Kali Linux and the Metasploitable2 VM and ensure that
they are on the same isolated network using VMWare Adapter settings.
Tasks List
Task1:Download and setup Nmap
Task2: Checking for open Ports with Nmap
Task3: Impelement an OS Detection
Task4: Impelement a Complete Scanning
Implementation
Using nmap to scan our network Remember: Do not scan systems or addresses that you do not have
explicit, documented permission to scan. You may scan the addresses in the diagram provided, and
using nmap and only from the class Linux server. In this lab you will generate a series of nmap
commands for troubleshooting and/or assessing the security of a network of Metasploitable2.
Task1:
To install NMAP on Ubuntu, run the command:

sudo apt-get install nmap

Task2:
Open a Terminal window on your Backtrack system and type:

nmap -v -A 10.10.10.5 (metasploitable’s IP address)

This will show us the open ports and try to enumerate what services are running. Here is a look at the
ports:

Nmap will churn for a while while it tries to detect the actual services running on these ports. In a few
minutes you will see a screen that looks like this:
Task 3:
nmap -O 10.10.10.5
 LAB 6 – Host-Based Scans (Nessus)
Pre-requests
▪ Kali VM
▪ Metasploitable2 VM
▪ internet connection

10.10.10.4
10.10.10.5
Kali
Tasks List
Task1: Perform vulnerability research in Common Weakness Enumeration (CWE)
Task2: Perform vulnerability research in Common Vulnerabilities and Exposures (CVE)
Task3: Perform vulnerability research in National Vulnerability Database (NVD)
Implementation
Nessus is an open-source network vulnerability scanner that uses Common Vulnerabilities and
Exposures (CVE) architecture. It is widely used for vulnerability assessment and penetration testing.
Nessus server can be installed on Unix, Linux and FreeBSD whereas Nessus client is available for Unix
and Windows based operating systems. For this lab, we will be installing Nessus on Kali Linux. Nessus
can be downloaded from here. It can also be downloaded using curl as shown below (version may
change).
Once the latest version of Nessus is downloaded, it can be installed as shown below.

Once the installation is finished, enable nessus as shown below.

Then start nessus as shown below.

Nessus runs on port 8834 by default. It can be viewed in browser.

Click on “Accept the risk and continue”.

Click on “Continue”. Select the type of Nessus install you want. Since we are using a Free version of
Nessus for this tutorial we select “Register for Nessus Essentials”. Click on “continue”.
To run Nessus Essentials, you need an activation code. Get the activation code by entering the following
details.
You need a user account to login into Nessus. Create an account and most importantly remember the
user account information.

Then, Nessus will download all the required plugins. This may take some time (a bit long time
sometimes).
Once all the plugins are finished downloading, you should see this.

The installation is finished. Now, it’s time to start scanning with Nessus. Click on “New scan”. A new
popup opens. Assign a target.
 10.10.10.5

Click on “Run scan”.

The scan will start and take some time to finish. For this tutorial, we are using “Metasploitable 2” as
target.
The vulnerabilities are classified into five categories by Nessus. They are Critical, High, Medium, Low
and Information. You can view detailed information about the detected vulnerabilities by clicking on
them.

All the scans you perform are located in “My scans” section.
Nessus allows different types of scans. All the scans that can be performed using Nessus can be viewed
from “All scans” section.
 LAB 7 – Internal Scans (OpenVAS)
Pre-requests
▪ Kali VM
▪ Metasploitable2 VM
▪ internet connection
Scenario
In this lab, you will use OpenVAS to perform a vulnerability scan on the Metasploitable VM and review
the vulnerability assessment report from the scan.

10.10.10.4
10.10.10.5
Kali
Tasks List
Task1: Setup and Exploring OpenVAS
Task2: Configuring a Vulnerability Scan and report the result
Implementation
OpenVAS/GVM is a fully-featured vulnerability scanner, but it's also one component of the larger
"Greenbone Security Manager" (GSM).

Installing on Kali Linux

Installing OpenVAS on Kali requires just a few commands:

apt-get update && apt-get dist-upgrade -y

sudo apt install postgresql
reboot
apt-get install gvm -y

How to use OpenVAS/GVM

We can login to the dashboard using the following username/password details:

admin
admin

You should then see the dashboard of OpenVAS/GVM as shown here:

Our first test will be to configure a simple scan using OpenVAS/GVM on a single IP address.
Metasplotable ip as a test: 10.10.10.5

To conduct a new scan, we follow the path of: Scans > Tasks

Once the page loads, there is an option to create a new task on the top left of the screen:
Create a new task

We can click on "New Task" and fill in the details as follows:

The "Scan Targets" option is where the IP is added. It is currently greyed out because only existing
scans can be selected in the drop-down, but next to it we can create a new target.

Clicking on it, we can fill in the details as follows:

10.10.10.5/24
Now we can click on Save, which will display "Malvert1" under the "Scan Targets" option. We can
click on Save to save the task. "Once" has been chosen as the schedule option to run the scan only once.

The Schedule option is useful when your scans are targeting your own infrastructure and you want it
continuously monitored. The other options on the task have been left as default, as an exercise to see the
outcome of the scan.

Start scan

The bottom of the Task screen should look like the above. Now we click on the "Start" option to run the
scan. The scan should take some time to run, as it looks through multiple threats and scans multiple
ports. Once the scan is complete, we can look at the results under: Scans > Reports.

Performing an advanced vulnerability scan

We can now create a more advanced scan by using the different configuration options to add custom
details. In this case we'll add custom ports and a larger IP subnet to scan.

First, we will add a custom port list. Our targets will simply be the different SQL databases. Here is the
full list:

• Microsoft SQL Server: 1433

• MySQL: 3306
• Firebird: 3050
• PostgreSQL: 5432
• Pervasive SQL: 3351
All of these are TCP ports, but the Port Lists option supports both TCP and UDP. Let's add this list
under: Configuration > Port Lists:

We expect to see quite different results from the default scan above, by narrowing down our focus to the
SQL ports only.

Create a new target

Now we can move to creating a new target, which will be the larger subnet of the IP mentioned above:
10.10.10.0/24

Under Configuration > Targets, we can add the details of the subnet and our custom SQL Ports port-list:
 LAB 8 – Web Applications Scans (Invicti)
Pre-requests
▪ internet connection
Tasks List
Task1: Download Invicti tool
Task2: Install and configure Invicti tool
Task3: Configuring a Web Scan and report the result
Implementation
Task1: Download Invicti tool
Download a cracked copy from : https://github.com/Ixve/Red-Team-Tools
Task2: Install and configure Invicti tool
Run the WebAppSetup.exe file and select Next.
On the End-User License Agreement step, accept the license agreement, and select Next.

On the Ready to Install step, select Install to install the Web Application Server, and wait for a while.
The installation asks you to install the prerequisite: The Authentication Verifier Service.
On the Welcome to the Prerequisites Setup Wizard window, select Next to continue.
On the Select Installation Folder step, select Next to install the Authentication Verifier Service to the
default folder. Or select Browse to select an installation folder. Select Next.

On the Completing the Invicti Enterprise Authentication Verifier Service Setup Wizard step,
select Finish to complete the installation.
On the Completing the Invicti Enterprise Web Application Setup Wizard step, select Finish to complete
the Web Application Setup process.

Task3: Configuring a Web Scan and report the result

Step 1: Adding a target website
Before scanning, you have to add a website to your Invicti Enterprise account. To do this, from the main
menu, select Websites > New Website. Then, you can enter the necessary information, such as name,
URL, and technical contact, and select Save.
For the Agent Mode, you can select the Cloud when the website is not in your internal network and is
accessible publicly from the internet.
Step 2: Launching a scan
Now that you’ve added your website for the security scanning, you can go ahead and launch a scan. To
do this, from the main menu, select Scans > New Scan. Invicti lets you start scanning with the default
settings.
Using default settings
It provides many default configurations including Default Scan Policy with built-in Security Checks,
Report Policy, Maximum Scan Duration, Scan Scope, Heuristic URL Rewrite Mode, and Notifications.
This makes it easy to get started quickly.

You may wish to go ahead with the default settings. After selecting the target website, you need to
select Launch. Right after, Invicti will begin scanning the website.
You can monitor the progress in real-time. Also, Invicti will start reporting vulnerabilities as soon as it
identifies them.
Using customized settings
What if you need to configure the scan settings and authentication? You may have a website that
requires fine-tuning the scan settings. To meet such needs, Invicti has extensive customization options
suitable for your website. The following scenario will showcase some of these extensive customization
options.
For this scenario, you need to enter authentication information so that Invicti can crawl and attack
password-protected web pages. To do so, select Form > Form Authentication. As the PHP test website
has a straightforward login page, it is easy to configure.

Once you enter the login credentials, select Verify Login & Logout to make sure that Invicti can crawl
and attack these web pages.
Next, you may wish to configure the Scan Scope. It lets you define what part of the website can be
scanned. You can instruct Invicti Enterprise to scan only the entered URL. That means only the supplied
URL and the parameters on its page will be scanned.
Now, you may wish to configure the scan time window. As the PHP test website is in the production
environment and is accessible to visitors, you may not want to cause any disruptions. So, you can
instruct Invicti to perform scanning within non-business hours.
Remember that scan duration may vary depending on the size of the web application and the variety of
security checks enabled in the Scan Policy you’ve selected.
Step 3: Reviewing scan results
When Invicti completes the security scanning, it notifies you with an email. In this scenario, the scanner
warns you that the PHP test website is very insecure and requires immediate attention.
Now, select View the Report Online to see the scan summary. This page lists vulnerabilities grouped by
severity levels.
When you want to review the progress, you can select Issues > All Issues. This page provides you a
quick overview of vulnerabilities. For example, Invicti shows that the Blind SQL Injection is Fixed
(Unconfirmed).
This means remediation action has been taken on this issue, and the issue is updated as Fixed. Now,
select Issues > Waiting for Retest. Invicti notifies you that it is about to scan to confirm the remediation,
and when the scan is completed, you’ll be notified.
If the issue is fixed, the issue’s state will be automatically changed to Fixed (Confirmed); otherwise,
Invicti will change its status back to Present again and will assign it to the user who marked the issue
previously as Fixed.
Step 4: Integrating with issue tracking tool
To handle issues easily, you may wish to integrate Invicti Enterprise with an issue tracking system.
Invicti integrates with a wide range of software and tools that you can integrate into your existing SDLC
processes, including vulnerability management systems, issue tracking systems, continuous integration
systems, and web application firewalls. These tools help you to streamline the bug-fixing processes.

Step 5: Creating a scan report

Suppose you’ve scanned php.testsparker.com and assigned the issues to developers. While they have
been working on these issues, your managers may want to view the progress. So, you need to submit a
report to them so that they can glance through the report and understand your progress.
To generate an executive summary, from the Recent Scans window, you can select Report from the
relevant scan. Then, select Export.
From the Report drop-down, you can select the Executive Summary. From the Format drop-down,
select PDF. Then, select Export.
 LAB 9,10 – Assessment Scans (Rapid7 Nexpose)
Pre-requests
▪ internet connection
Tasks List
Task1: Download and install Nexpose
Task2: Configuring a Scan and report the result
Implementation
Task1: Download and install Nexpose
1. Visit https://www.rapid7.com/products/metasploit/download/pro/thank-you and download the
Windows installer.
2. After you download the installer, locate the installer file and double-click on the installer icon.
3. When the Setup screen appears, click Next to continue.

4. Read the license agreement. To proceed, you must accept the license agreement. Select the I
accept the license agreement option and click Next to continue.
5. Choose an installation directory for Metasploit. The directory you choose must be empty.
Click Next to continue.
 6. When the Disable Anti-Virus and Firewall screen appears, click Next if you have disabled the
anti-virus software and firewalls on your local system. If you have not disabled them, you must
disable them at this time.

If the install detects that anti-virus software or a firewall is enabled, you will see a warning. Click OK to
close the warning. The installer will not allow you to continue the installation process until the firewalls
and anti-virus software are disabled. If you cannot disable them, you will not be able to install
Metasploit.

7. Enter the SSL port that the Metasploit service should use and click Next. By default, the server
uses port 3790 for HTTPS. If the port is already bound to another process, you can use netstat to
determine if a process is already listening on that port and kill the process, or you can enter
another port such as 8080 or 442.
8. Enter the web server name that you want to use to generate the SSL certificate and the number of
days that the certificate should be valid in the Days of validity field.
 9. Select Yes, trust certificate to install the self-signed Metasploit SSL certificate to your
operating system’s trusted certificate store. If you install the certificate, browsers that utilize the
operating system’s certificates, such as Internet Explorer, will not prompt you about an insecure
SSL certificate.

Please note that the installer creates a temporary certificate authority to generate the certificate and
immediately discards it in order to prevent phishing attacks and the potential resigning of the certificate.

10. The installer is ready to install Metasploit and all its bundled dependencies. Click Next to
continue.
11. When the installation completes, click the Finish button.
Task2: Configuring a Scan and report the result
Manually Adding a Host with an IPv6 Address

To manually add a host, select Analysis > Hosts. When the Hosts page appears, click the New
Host button.
When the Hosts page appears, enter the following information:

• Name - A name for the host.

• IP address - The IPv6 address for the host.

The other fields, such as Ethernet address and OS information, are optional.

Running a Discovery Scan

To run a discovery scan:

1. From within a project, click the Overview tab.

2. When the Overview page appears, click the Scan button.

You can also access the Scan button from the Analysis page.

3. When the New Discovery Scan page appears, enter the target addresses that you want to include
in the scan in the Target addresses field.
You can enter a single IP address, an address range, or a CIDR notation. If there are multiple addresses
or address ranges, use a newline to separate each entry. 4. At this point, you can launch the scan.
However, if you want to fine tune the scan, you can click the Show Advanced Options button to
display additional options that you can set for the discovery scan. For example, you can specify the IP
addresses that you want to explicitly include and exclude from the scan.

Viewing Scan Results

The best way to view the data collected by the Discovery Scan is from the Hosts page. To view the
Hosts page, select Hosts > Analysis. Each host will have one of the following statuses: scanned,
cracked, shelled, or looted. For recently scanned hosts, the easiest way to identify them to sort them by
date and their status.

Adding a Nexpose Console

Before you can run a Nexpose scan from Metasploit Pro, you must add a Nexpose Console. You'll need
to know the address and port Nexpose runs on, and you'll need the credentials for an account that can be
used to log into the Nexpose console.

To add a Nexpose Console:

1. Choose Administration > Global Settings from the main menu.

 2. Click the Nexpose Consoles tab.

3. Click the Configure Nexpose Console button.

4. When the Nexpose configuration page appears, enter the following information:

• Console Address - The IP or server address for the Nexpose instance.

• Console Port - The port that runs the Nexpose service. The default port is 3780.
• Console Username - The username that will be used to log in to the console.
• Console Password - The password that will be used to authenticate the account.

5. Select the Enabled option to initialize and activate the Nexpose Console.
6. Save the configuration.

The Nexpose Consoles table is updated with the console. If Metasploit Pro is able to successfully
connect and authenticate to the Nexpose console, the status is 'Available (Enabled)', as shown below:
Otherwise, an 'Error' status displays if there is an issue with the console's configuration. The following
errors may appear:

• 'Error: Nexpose host is unreachable' indicates that Metasploit Pro cannot access the console. You
will need to verify that you have entered the correct address and port.
• 'Error: Authentication required for API access' indicates that the credentials that you have
provided cannot be used to authenticate to the Nexpose server. You will need to verify that you
have entered the correct credentials.
Running a Nexpose Scan

To be able to prioritize security risks, you must know what devices are running in an environment and
understand how they are vulnerable to attacks. You can run a Nexpose scan to discover the services and
applications that are running on a host and identify potential vulnerabilities that may exist based on the
collected data..

All scan data collected from Nexpose is stored in a Metasploit project and can be viewed from the
Analysis area. The information gathered from each host includes the IP address, host name, operating
system, running services, and possible vulnerabilities. Metasploit Pro maps each vulnerability to a
related module, if one exists in the module database for it. These modules are viewable from
the Modules tab on the single host view.

To run a Nexpose scan:

1. From within a project, click the Overview or Analysis tab.

2. Click the Import button located in the Quick Tasks bar.
3. When the Import page appears, click the Choose a Nexpose console dropdown and select the
console you want to use to run the scan. The list shows Nexpose consoles that you have added to
Metasploit Pro.
4. Enter the addresses you want to scan in the Scan targets field.

5. Click the Scan template dropdown and select a template.

6. If you do not want the scan to overwrite the data for existing hosts in the project, select the Don't
change existing hosts option.
7. Click the Import data button to start the scan.

After the scan completes, select Analysis > Hosts to view the scan results.
After you run a Nexpose scan from Metasploit Pro, a temporary site is created on the Nexpose console.
The naming syntax for a temporary site is Metasploit-<project name>-<ID>. In Nexpose, select Assets >
Sites to view a list of sites and search for the site by project name.

Tracking Real-Time Statistics and Events

The Findings window displays the real-time statistics for the test and the task log. You can click on the
tabs at the top of the Findings window to switch between the real-time statistics and the task log. You
can also automatically push validated vulnerabilities and access the Vulnerabilities Exceptions
configuration page.

Accessing the Findings Window

The Findings window automatically appears when you start the Vulnerability Validation Wizard. If you
navigate away from the Findings window, you can go to the Tasks page to access it again.

To access the Findings Window:

1. From within a project, select Tasks > Show Tasks from the Project Tab bar. The Tasks page
appears.
2. Find the Vulnerability Validation task.

3. Click the Vulnerability Validation task name. The Findings window appears.
The Statistics Tab
The Statistics tab shows a high-level, count of hosts, vulnerabilities, and exploits. Each value is
displayed in a stat bubble with an orange progress bar. The progress bar wraps around the stat bubble
and only displays when there is activity occurring for a particular finding.

From the Statistics tab, you can track the following data:

• The total number of hosts that have been scanned or imported.

• The total number of unique vulnerabilities that have been identified.
• The total number of exploit modules that match Nexpose vulnerabilities.
• The total number of vulnerabilities that Metasploit Pro was able to exploit.
• The total number of vulnerabilities that Metasploit Pro was unable to exploit.
Viewing a List of Imported Hosts from the Findings Window

1. Open the Findings Window.

2. Click on the Hosts Imported tab. The Hosts list appears and displays the IP addresses for each
host that has been imported from a Nexpose site.
 3. Use the navigational page buttons to view more hosts or click the Show Entries dropdown to
expand the number of hosts displayed.

Viewing a List of Imported Vulnerabilities from the Findings Window

1. Open the Findings Window.

2. Click the Vulns Found tab. A list of imported vulnerabilities appears.
 3. Use the navigational page buttons to view more hosts or click the Show Entries dropdown to
expand the number of vulnerabilities displayed.

Viewing a List of Exploit Matches from the Findings Window

1. Open the Findings Window.

2. Click the Exploit Matches tab. A list of imported vulnerabilities appears.
 3. Use the navigational page buttons to view more hosts or click the Show Entries dropdown to
expand the number of exploit modules displayed.
Viewing a List of Validated Vulnerabilities from the Findings Window

1. Open the Findings Window.

2. Click the Vulns validations tab. A list of imported vulnerabilities appears.

You can view the vulnerability name, the exploit module that was run against the vulnerability, and the
result of the exploit. For vulnerability validations, the state will be exploited. 3. Use the navigational
page buttons to view more hosts or click the Show Entries dropdown to expand the number of
validations displayed.

Viewing a List of Vulnerability Exceptions from the Findings Window

1. Open the Findings Window.

2. Click the Vulns exceptions tab. A list of vulnerability exceptions appears.
You can view the vulnerability name, the exploit module that was run against the vulnerability, and the
result of the exploit. For vulnerability exceptions, the state will be failed. 3. Use the navigational page
buttons to view more hosts or click the Show Entries dropdown to expand the number of exceptions
displayed.

The Tasks Log Tab

The Tasks Log tab shows a detailed activity log for the Vulnerability Validation Wizard. Each task that
Metasploit Pro performs is documented in the Tasks Log. For example, you can view the assets and
vulnerability definitions as they are being imported into a project or you can view the exploit modules as
they are being run. If you have chosen to perform a dry run of the auto-exploitation task, you can go to
the Tasks Log to view the proposed attack plan.

Additionally, the Tasks Log shows you the current state of the test, the start time of the test, and the
amount of time that the test has been running.
 Recommended Topics
Network Vulnerability Scan (Microsoft Defender for Endpoint)
External Scans (Rapidfire)
Database Scans (Imperva’s Scuba)