Technical Vulnerability Assessment Procedure [Insert Classification]
2.4.1.3
Email Addresses
A list of email addresses may be useful to an attacker in social engineering and in guessing the format of network user accounts. Use The Harvester tool in Kali Linux to search for email addresses related to [Organization Name]: theharvester –d[domain name] –l 10 –b google Where [domain name] is the [Organization Name] domain. This command will return the first 10 results and will search Google. Use the same command to also search Bing, Yahoo, LinkedIn and any other relevant sources that may return results. 2.4.1.4
DNS Information
Use the WhoIs tool to retrieve information about the DNS servers used by the target domain. This is available from within Kali Linux. Use nslookup (also from Kali) to attempt to obtain further information about the DNS records of the organization. 2.4.2
External Scanning
Scanning for vulnerabilities in the outward-facing perimeter of [Organization Name] network must be carried out from a computer connected directly to the Internet and not connected to the internal network. Using the information provided and that gathered as part of the reconnaissance stage, assess what can be determined about the network from outside. This can be done using the nmap tool in its command line form or one of the GUI front ends to nmap such as Zenmap. Make sure that only the IP addresses within scope are scanned. A picture should be built up of the visible hosts, their names, IP addresses, open ports and services. From this picture, use the Tenable Nessus Vulnerability Scanner to run a scan using an appropriate policy against the targets identified. Make sure you update the plugins before running the scans. Record the results of the scan, including warnings and vulnerabilities found. 2.4.3
Internal Scanning
In order to run an internal scan you will need to use a computer that is connected to the internal network and has access to the hosts and networks that need to be
Version 1
Page 11 of 13
[Insert date]