IP addresses to attack 10.6.1.50 on Kali OpenVas VM
10.6.1.100 on Metasploitable VM
Introduction
In this section, create an overview and discuss the scope of your network scan. Note the operating system of your attack machine and describe the tools that you will use (Zenmap, OpenVAS). Remember that this report will be reviewed by nontechnical people who may not know about Zenmap or OpenVAS.
Target
In this section, list the IP address and hostname of the target system as well as the IP address assigned to your attack machine. Focus on the open ports and describe the corresponding services associated with the open ports. Maintain the tone you set in the introduction, keeping in mind that the report will be reviewed by some who will not know about FTP or SSH or what functions those services provide on a network. Place the information about the ports and corresponding services into a table and label it appropriately. Zenmap Scan
In this section, use Zenmap to scan the victim machine as well as a screenshot of the connection to the victim system. Show a labeled screenshot of the Zenmap scan. Explain the results and how the vulnerabilities might impact the client. OpenVAS Scan
In this section, use OpenVAS to scan the victim machine as well as a screenshot of the connection to the victim system. Show a labeled screenshot of the OpenVAS scan. Explain the results and how the vulnerabilities might impact the client. Open Socket
Now that you have scanned the system with Zenmap and OpenVAS, go back to either of the reports and look for a port that provided little information about the banner or provided you with an unknown. By manually connecting to the IP and port (socket), you can sometimes discover a vulnerability not listed by the tool. This shows you the importance of not just relying on a tool. Show a labeled screenshot of a connection to a socket providing results using a browser or netcat, etc. If you find something concerning, explain that to the client. Recommendations
In this section, you will suggest that the client amend the contract to add a full penetration test. Explain that you are confident that you will be able to exploit the system and take proprietary data from the network. References
In this section, validate your recommendations using industry standard techniques by including at least two to three references in IEEE format.
Delete the instructional text from the template before you submit