1 00:00:00,300 --> 00:00:06,420 All right, now, after gathering enough information about the target system, I think it's time, don't 2 00:00:06,420 --> 00:00:06,880 you think? 3 00:00:07,410 --> 00:00:12,630 I think it's time to check and detect if the target system is vulnerable. 4 00:00:14,050 --> 00:00:18,460 Now, finally, we get to the vulnerability scanning page. 5 00:00:19,680 --> 00:00:26,730 So in this section, we're going to discuss a number of vulnerability scanners and how they can integrate 6 00:00:26,850 --> 00:00:28,350 with metastable. 7 00:00:29,690 --> 00:00:37,340 Whether or not you use an automated scanner or do it manually scanning is one of the most important 8 00:00:37,340 --> 00:00:43,740 steps in a penetration test is if you do it properly, it's going to give you the best value. 9 00:00:44,090 --> 00:00:45,860 And what does that do? 10 00:00:46,040 --> 00:00:48,920 Gives the best value to your client? 11 00:00:50,130 --> 00:00:51,720 So what happens in this phase? 12 00:00:53,300 --> 00:01:01,310 Vulnerability scanning or analysis is the process of detection and the assessment of the vulnerabilities 13 00:01:01,310 --> 00:01:03,580 that exist within the target system. 14 00:01:05,180 --> 00:01:10,820 So at this point, let's just define what actually a vulnerability is. 15 00:01:11,920 --> 00:01:22,150 So vulnerability is weak, characteristic of an asset that allows an attacker or a pen tester to exploit 16 00:01:22,150 --> 00:01:25,210 and gain unauthorized access. 17 00:01:25,570 --> 00:01:25,960 All right. 18 00:01:27,520 --> 00:01:29,650 So then what is a vulnerability scanner? 19 00:01:30,650 --> 00:01:37,040 It's an automated program typically designed to look for weaknesses in networks and applications. 20 00:01:38,850 --> 00:01:45,630 They send some data over the network and analyze the responses by using their vulnerability database 21 00:01:45,630 --> 00:01:46,350 as a reference. 22 00:01:48,200 --> 00:01:55,460 Now, because different systems behave differently when a particular network probes are sent by vulnerability 23 00:01:55,460 --> 00:01:55,910 scanners. 24 00:01:57,050 --> 00:02:05,570 These unique responses serve as a fingerprint that determines the operating system version and even 25 00:02:05,570 --> 00:02:06,770 its patch level. 26 00:02:08,520 --> 00:02:16,950 A vulnerability scanner can also use a given set of user credentials to log into the remote system and 27 00:02:16,950 --> 00:02:19,110 enumerate the software and services. 28 00:02:20,740 --> 00:02:29,380 Now, with the results that it obtains, the scanner presents a comprehensive report and an outline 29 00:02:29,860 --> 00:02:33,160 of detected vulnerabilities on the system. 30 00:02:34,670 --> 00:02:42,020 Now, that report is what's useful for you to get a quick idea and understanding of what attacks might 31 00:02:42,020 --> 00:02:43,940 be worth while conducting. 32 00:02:45,280 --> 00:02:51,850 However, vulnerability scanning is well known for a high false positive as well as false negative rate. 33 00:02:53,030 --> 00:02:56,060 Just keep this in mind when you're working with a vulnerability scanner. 34 00:02:57,650 --> 00:03:06,590 And one more thing to keep in mind, these scanners create a lot of network traffic and this huge traffic 35 00:03:06,590 --> 00:03:09,830 uptick will expose you. 36 00:03:11,450 --> 00:03:14,120 So if you want to remain undetected. 37 00:03:15,560 --> 00:03:17,390 You might not want to use these. 38 00:03:19,000 --> 00:03:25,750 But if being stealthy is not important, like we were speaking earlier, if you're working with your 39 00:03:25,750 --> 00:03:26,200 client. 40 00:03:27,290 --> 00:03:30,770 Then you got to do your best with vulnerability scanner's. 41 00:03:32,090 --> 00:03:37,790 So I'll also highlight some auxiliary modules in the metabolite framework. 42 00:03:38,810 --> 00:03:42,200 That can locate specific vulnerabilities. 43 00:03:43,110 --> 00:03:49,110 So let's look through some of the vulnerability scanning capabilities at the Métis Boite framework can 44 00:03:49,110 --> 00:03:49,590 provide.