This project demonstrates a hands-on Vulnerability Assessment and Network Penetration Testing process performed on a live IP address. The goal is to identify potential security flaws, assess the risk exposure, and simulate real-world cyber attacks in a controlled environment. It showcases how ethical hacking can be used to strengthen network defenses and ensure cybersecurity best practices.
- Batch number : G10
- Course Name :Cyber Security
- Kali Linux β Primary OS for penetration testing tools
- Nmap β Network scanning, host discovery, and service enumeration
- Nessus β Vulnerability scanning and analysis
- Metasploit Framework β Exploitation of discovered vulnerabilities
- Wireshark β Network packet analysis and sniffing
- Python β Script automation and custom tools
- Reporting Tools β Markdown/Word for vulnerability reporting
- Identify open ports, services, and potential vulnerabilities
- Perform Operating System and Service fingerprinting
- Simulate exploitation scenarios using known vulnerabilities
- Capture and analyze network packets to monitor traffic patterns
- Provide recommendations to mitigate identified risks
| Feature | Description |
|---|---|
| π Port & Service Scanning | Used Nmap to identify open ports, running services, and versions |
| π‘οΈ Vulnerability Detection | Scanned the target IP using Nessus and verified findings manually |
| π£ Exploitation Testing | Demonstrated exploit feasibility using Metasploit (ethically and legally) |
| π‘ Traffic Monitoring | Captured and analyzed live packet data using Wireshark |
| π Report Generation | Created a structured vulnerability report with severity levels and fixes |
-
Reconnaissance
β IP discovery, OS detection, port scanning via Nmap -
Scanning & Enumeration
β Nessus used for vulnerability analysis and plugin-based scanning -
Exploitation (Simulated)
β Exploits launched through Metasploit for proof-of-concept -
Post Exploitation (Optional)
β Checked for privilege escalation and data access possibilities -
Reporting
β Documented all vulnerabilities with CVSS scores, impact analysis, and remediation steps
A detailed PDF/Markdown report is included in the report/ directory:
- Executive Summary
- Vulnerability Findings
- Risk Levels (Low/Medium/High/Critical)
- Exploitation Proofs (screenshots and commands)
- Recommendations for mitigation
This project is intended strictly for educational and ethical hacking purposes. All tests were conducted in a controlled, authorized environment. Unauthorized penetration testing is illegal and unethical. Always seek permission before scanning or testing any network.