Skip to content

HexValkyrie/Vulnerability-Scan-Task

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 

Repository files navigation

Local Vulnerability Assessment – Kali Linux on Windows using Nessus Essentials

Objective

This project documents a vulnerability assessment performed on a Kali Linux system installed on a Windows machine using Tenable Nessus Essentials. The goal was to identify known vulnerabilities, outdated software, and misconfigurations, while gaining practical experience with vulnerability scanning and security analysis.

System & Tools

  • Host Machine: Windows
  • Assessment Target: Kali Linux (installed natively or via WSL2/VM)
  • Scan Tool: Tenable Nessus Essentials (Free Edition)
  • Scan Target: 127.0.0.1 (localhost)

Vulnerability Summary

Severity Count
Critical 1
High 4
Medium 2
Low 0
Info 72
Total 79

Notable Vulnerabilities

Critical

  • Node.js Multiple Vulnerabilities (Feb 2024 Releases)
    • Affects Node.js <18.19.1, <20.11.1, <21.6.2
    • Impact: Remote Code Execution, Denial of Service
    • Fix: Upgrade Node.js to the latest secure version
    • Plugin ID: 190856

High

  • Node.js April 2024 Security Advisories

    • Versions affected: <18.20.1, <20.12.1, <21.7.2
    • Fix: Update Node.js
    • Plugin ID: 192945

  • Node.js July 2024 Vulnerabilities

    • Affects <18.20.4, <20.15.1, <22.4.1
    • Fix: Upgrade to a secure release
    • Plugin ID: 201969

  • Node.js January 2025 Advisories

    • Affects <18.20.6, <20.18.2, <22.13.1, <23.6.1
    • Plugin ID: 214404

  • Python Tornado Library DoS

    • Tornado 6.5.0 is vulnerable to denial-of-service attacks
    • Fix: Update the Tornado package
    • Plugin ID: 237199

Medium

  • SSL Certificate Cannot Be Trusted

    • Cause: self-signed or misconfigured certificate
    • Plugin ID: 51192

  • Node.js May 2025 Vulnerabilities

    • Affects <20.19.2, <22.15.1, <23.11.1, <24.0.2
    • Fix: Upgrade Node.js
    • Plugin ID: 236766

Informational Insights

The scan revealed various installed components and configurations, including:

  • Installed services: Apache, Log4j, Docker, PostgreSQL, OpenSSL, PHP, Python, etc.
  • Network interfaces and MAC addresses
  • TLS versions (1.2 and 1.3) and SSL certificate info
  • Full package and service enumeration over SSH

These help build an understanding of system exposure and inventory.

Repository Contents

File Description
scan-report.pdf https://drive.google.com/drive/folders/1jmAb3vQglZ7HrZxTGj4TCXLAAbyxNhhy?usp=sharing Exported Nessus scan report
README.md This documentation file
/screenshots/ (Optional) Nessus dashboard screenshots

Outcome

This task helped me:

  • Perform a structured vulnerability scan using Nessus
  • Understand CVSS-based risk scoring and plugin documentation
  • Identify and analyze real-world vulnerabilities on a Kali Linux system
  • Develop foundational skills in vulnerability management and reporting

This experience mirrors real practices in SOC operations and system hardening.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors