Vulnerability Mapping

Sunny Jovita – 2301939046

Week 7

Disclaimer: This blog is for educational purposes only.

Vulnerability mapping is commonly used for identifying or detecting of possible security risks and map them to their target.

Types of vulnerabilities mapping

1. Design vulnerabilities = found in the software or protocol specification.
2. Implementation vulnerabilities = found in code (error handling, exception, etc).
3. Operational vulnerabilities = found due to the improper configuration and deployment in an environment.
4. Local vulnerabilities = the attacker needs a local access to trigger vulnerability in the target.
5. Remote vulnerabilites = different with the local one, the attacker doesn’t need local access to trigger or exploit the target’s vulnerabilities.

4 Vulnerability taxonomy

1. Gain access

• smart bruteforcing
• automated exploitation
• manual exploitation
• social engineering campaign
• web app scanning and exploitation

2. Take control

• command shell session
• meterpreter session
• manual authentication
• proxy and vpn pivoting

3. Collect evidence

• run evidence collection
• live reporting
• collect credentials

4. Discover devices

• scan
• import scan (nmap, nexpose, etc)
• inititate nexpose scan
• manually add device

Tools for vulnerability mapping

1. openVAS
2. w3af
3. sqlmap
4. metasploit
5. uniscan
6. nikto

I usually use nikto and uniscan while doing the vulnerability mapping because both of them give me detailed information as I expected. Recently, I have been trying to use openVAS, sqlmap, and w3af while performing penetration testing to fing the vulnerabilites.

OpenVAS = able to produce a powerful vulnerability platform.

These are the openVAS features:

1. scanner
2. manager
3. assistance
4. administrator

Sqlmap = detects and attemps to exploit sql injection issues in database server.

W3af = detects various vulnerabilties in web application.