# Vulnerability Analysis

## Introduction

A vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed.

Examples of threats that can be prevented by vulnerability assessment include:

1. SQL injection, XSS, and other code injection attacks.
2. Escalation of privileges due to faulty authentication mechanisms.
3. Insecure defaults: software that ships with insecure settings, such as a guessable admin password.

## List of Vulnerability Analysis and Assessment Tools

### OpenVAS

OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated and authenticated testing, various high-level and low-level internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test. The scanner obtains the tests for detecting vulnerabilities from a feed that has a long history and daily updates.

{% embed url="<https://www.openvas.org>" %}

### Nessus

Nessus is **a network security scanner**. It utilizes plug-ins, which are separate files, to handle the vulnerability checks. This makes it easy to install plug-ins and to see which plug-ins are installed to make sure that you are current. Nessus uses a server-client architecture.

{% embed url="<https://www.tenable.com/products/nessus>" %}

### GFI LanGuard

GFI LanGuard allows **you to scan, detect, assess and rectify security vulnerabilities in your network** and secure it with minimal administrative effort. It gives you a complete picture of your network setup, which helps you maintain a secure network faster and more effectively.

{% embed url="<https://www.gfi.com/products-and-solutions/network-security-solutions/gfi-languard>" %}

### Nikto

Nikto is an Open Source ([GPL](http://www.gnu.org/licenses/licenses.html#GPL)) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

{% embed url="<https://www.kali.org/tools/nikto>" %}

#### Example usage of Nikto

```
nikto -h www.google.com -Tuning x
nikto -h www.google.com -Cgidirs all
nikto -h www.google.com -o nikto_scan_results -F txt
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://book.thegurusec.com/certifications/certified-ethical-hacker-practical/vulnerability-analysis.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.