The discovery and analysis of security vulnerabilities play important roles during a penetration test. Before a penetration tester or an ethical hacker can successfully launch an exploit, they must be able to identify the security weaknesses on the attack surface. The attack surface is the area where an attacker can attempt to gain entry to or exfiltrate data from a system. A strategic approach to quickly identifying vulnerabilities and obtaining a severity rating is to use a known and reputable vulnerability scanner.

There are many popular and reputable vulnerability scanners, such as Acunetix, OpenVAS, Qualys, Nexpose, Nikto, Retina Network Security Scanner, and Nessus, to name a few in the industry. Having knowledge about all these tools is a good idea, but you won't want to run every tool as some of these are commercial and subscription-based services.

Choosing a vulnerability scanner as your preferred choice is quite important because there are many times a vendor of a product may not provide updates quickly enough to detect threats and weaknesses within a system, and this may be crucial to you as a penetration tester. Imagine running a scan to identify whether a system is susceptible to a particular exploit and the tool you're using doesn't contain the signature update to detect such a vulnerability; the results may not be fruitful.

During the course of this chapter, we will explore using Nessus as our preferred vulnerability scanner.

In this chapter, we will be exploring the following vulnerability assessment tools and topics:

• Nessus and its policies
• Scanning using Nessus
• Exporting Nessus results
• Analyzing Nessus results
• Using web application scanners