This project focuses on learning and applying vulnerability scanning techniques to identify, analyze, and report on security weaknesses in a controlled lab environment. Using VirtualBox, a Kali Linux attacker machine, and a Metasploitable 2 vulnerable target machine, I conducted vulnerability scans with Nmap and Nessus, then developed a professional-style results analysis and remediation report.
- Gain hands-on experience with industry-standard scanning tools.
- Understand the differences between credentialed and uncredentialed scans.
- Learn how to perform vulnerability assessments and translate findings into actionable remediation steps.
- Develop reporting skills by documenting vulnerabilities, CVEs, severity ratings, impacts, affected systems, and remediation timelines.
This project mirrors real-world tasks performed by SOC Analysts and Cybersecurity Analysts, such as:
- Conducting vulnerability scans on enterprise systems.
- Analyzing security findings and prioritizing remediation.
- Using tools like Nessus and Nmap to detect threats and validate vulnerabilities.
- Writing clear reports for both technical and non-technical stakeholders.
- Environment Setup
- Foundations of Network Scanning
- Nessus Scanning
- Results Analysis & Remediation Report
- Conclusion
- Installed VirtualBox.
- Created a Kali Linux VM
- Created a Metasploitable 2 VM (vulnerable target).
- Configured both VMs on a NAT network for isolated testing.
- Nmap scanning basics:
- Port scanning
- Service version detection
- Script scanning
- IDS/IPS evasion techniques
- Wireshark analysis:
- Captured and analyzed packet traffic generated by Nmap scans.
- Observed how scanning activity appears on the network level.
- Installed and configured Nessus Essentials.
- Designed a scan plan to simulate a professional assessment.
- Conducted both credentialed and uncredentialed scans.
- Generated automated vulnerability reports.
The final deliverable was a structured report including:
- Methodology β Scanning process and tools used.
- Limitations β Constraints in the lab environment.
- Vulnerability Analysis β
- CVEs
- Severity scoring (CVSS)
- Potential impact
- Affected systems
- Recommended remediations
- Patch Timelines β Prioritization of fixes by severity.
- Recommendations β Best practices for mitigation and hardening.
This project provided practical experience in vulnerability management, from initial discovery to remediation planning. By combining Nmap fundamentals with Nessus automated scanning, I learned how to identify security gaps, assess risk levels, and create actionable remediation plans. These skills are directly transferable to real-world SOC and Cybersecurity Analyst roles, where vulnerability assessments and reporting are critical for maintaining organizational security.