The goal of passive and active reconnaissance is to identify the exploitable target and vulnerability assessment is to find the security flaws that are most likely to support the tester's or attacker's objective (denial of service, theft, or modification of data). The vulnerability assessment during the exploit phase of the kill chain focuses on creating the access to achieve the objective—mapping of the vulnerabilities to line up the exploits and to maintain persistent access to the target.

Thousands of exploitable vulnerabilities have been identified, and most are associated with at least one proof-of-concept code file or technique to allow the system to be compromised. Nevertheless, the underlying principles that govern success are the same across networks, operating systems, and applications.

In this chapter, you will learn about the following:

• Using online and local vulnerability resources
• Vulnerability scanning with Nmap
• Lua scripting
• Writing your own Nmap script using Nmap Scripting Engine (NSE)
• Selecting and customizing multiple vulnerability scanners
• Installing Nexpose and Nessus
• Threat modeling in general