Skip to content

aman8250/Vulnerability-Management-Lab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
images
images
 
 
README.md
README.md
 
 

Repository files navigation

🔐 Vulnerability Management & Exploit Testing Lab (DVWA + Nessus + Metasploit)

Author: Aman Sharma
Contact: aman825077@gmail.com

📌 Overview

This project demonstrates the end-to-end vulnerability management lifecycle on a controlled lab environment.
The target system was DVWA (Damn Vulnerable Web Application) hosted on a VM, with scanning and exploitation conducted from Kali Linux using Nmap, Nessus Essentials, and Metasploit.

A total of 117 vulnerabilities were discovered:

  • 🟥 Critical: 8
  • 🟧 High: 5
  • 🟨 Medium: 19
  • 🟦 Info: Remaining

🛠 Tools Used

  • Nmap – Host discovery & service enumeration
  • Nessus Essentials – Vulnerability scanning & CVSS scoring
  • Metasploit Framework – Exploitation testing & validation
  • DVWA (Damn Vulnerable Web App) – Target vulnerable web application
  • Kali Linux – Attacker environment

⚡ Methodology

  1. Environment Setup: DVWA deployed on vulnerable VM, Kali Linux attacker VM with Nessus & Metasploit.
  2. Discovery: Nmap scan to identify live hosts and open ports.
  3. Scanning: Nessus authenticated scans against DVWA VM.
  4. Analysis: Review severity ratings (CVSS, VPR) and validate results.
  5. Exploitation: Used Metasploit to test select vulnerabilities (Ghostcat RCE, VNC Weak Password).
  6. Remediation: Applied patches, disabled weak services (SSLv2, Telnet), enforced secure configs.

📊 Key Findings

Severity Vulnerability Description
🟥 Critical Apache Tomcat Ghostcat RCE (CVE-2020-1938) Remote code execution vulnerability
🟥 Critical VNC Weak Password Default credentials allowed access
🟥 Critical SSL v2/v3 Detected Outdated encryption protocols
🟧 High Samba Badlock Vulnerability Samba flaw enabling compromise
🟧 High NFS Shares World Readable Insecure file shares accessible
🟨 Medium Telnet Service Detected Insecure cleartext communication
🟨 Medium TLS 1.0 Supported Deprecated protocol still enabled

🛡 Remediation

  • Enforce strong authentication (remove default creds)
  • Disable SSL v2/v3 and TLS 1.0 → enforce TLS 1.2/1.3
  • Patch Apache Tomcat, Samba, and NFS services
  • Replace Telnet with SSH
  • Continuous vulnerability management with periodic rescans

📸 Screenshots (Evidence)

Network Discovery

  • Nmap Host Discovery → NmapScan

Vulnerability Assessment

  • Nessus Scan Configuration → Nessus Scans

  • Vulnerability Summary → Nessus Summary

  • Detailed Findings → Vulnerability Details

Critical Findings

  • VNC Weak Password (CVE) → VNC Vulnerability

Remediation

  • Recommended Actions → Remediation Steps

Web Application Testing

  • DVWA Setup → DVWA Interface

✅ Conclusion

This lab project showcases practical vulnerability management skills:

  • Discovery → Analysis → Exploitation → Remediation
  • Hands-on with Nmap, Nessus, DVWA, and Metasploit
  • Aligns with industry roles like SOC Analyst, Vulnerability Analyst, Security Engineer

📌 Author: Aman Sharma

About

"Hands-on Vulnerability Management project using DVWA, Nessus, Nmap, and Metasploit”

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors