Vulnerability Analysis

Welcome to the Vulnerability Analysis module. This note will guide you thru all the methodologies that I used while preparing for the CEH (Practical) exam.


A vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed.

Examples of threats that can be prevented by vulnerability assessment include:

  1. SQL injection, XSS, and other code injection attacks.

  2. Escalation of privileges due to faulty authentication mechanisms.

  3. Insecure defaults: software that ships with insecure settings, such as a guessable admin password.

List of Vulnerability Analysis and Assessment Tools


OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated and authenticated testing, various high-level and low-level internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test. The scanner obtains the tests for detecting vulnerabilities from a feed that has a long history and daily updates.


Nessus is a network security scanner. It utilizes plug-ins, which are separate files, to handle the vulnerability checks. This makes it easy to install plug-ins and to see which plug-ins are installed to make sure that you are current. Nessus uses a server-client architecture.

GFI LanGuard

GFI LanGuard allows you to scan, detect, assess and rectify security vulnerabilities in your network and secure it with minimal administrative effort. It gives you a complete picture of your network setup, which helps you maintain a secure network faster and more effectively.


Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

Example usage of Nikto

nikto -h -Tuning x
nikto -h -Cgidirs all
nikto -h -o nikto_scan_results -F txt

Last updated