https://github.com/r4vj1/vulnerability-management-lab

This walkthrough details the process I followed to set up a virtual machine environment using VMware with Windows 10. I undertook this project to gain hands-on experience with Nessus Essentials, focusing on scanning for vulnerabilities and implementing remediation measures.
https://github.com/r4vj1/vulnerability-management-lab

nessus vmware-workstation vulnerability-management windows10

Last synced: about 1 year ago
JSON representation

This walkthrough details the process I followed to set up a virtual machine environment using VMware with Windows 10. I undertook this project to gain hands-on experience with Nessus Essentials, focusing on scanning for vulnerabilities and implementing remediation measures.

• Host: GitHub
• URL: https://github.com/r4vj1/vulnerability-management-lab
• Owner: R4VJ1
• Created: 2024-08-31T05:38:35.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2024-08-31T07:11:04.000Z (almost 2 years ago)
• Last Synced: 2025-02-12T13:56:31.840Z (over 1 year ago)
• Topics: nessus, vmware-workstation, vulnerability-management, windows10
• Homepage: https://youtu.be/ZRXw_ZauqcA?si=chQ-r-sC35p_d5Q-
• Size: 3.99 MB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Vulnerability Management Lab using Nessus Essentials

## [YouTube Demonstration](https://youtu.be/ZRXw_ZauqcA)




## Index 

[Project Plan](https://github.com/mitesh72925/Vulnerability-Management-Lab?tab=readme-ov-file#project-plan)

[Learning outcomes of this project](https://github.com/mitesh72925/Vulnerability-Management-Lab?tab=readme-ov-file#learning-outcomes-of-this-project)

[Resources](https://github.com/mitesh72925/Vulnerability-Management-Lab?tab=readme-ov-file#resources)

[Installing Windows on VMware](https://github.com/mitesh72925/Vulnerability-Management-Lab?tab=readme-ov-file#installing-windows-on-vmware) 

[Downloading and Installing Nessus Essential](https://github.com/mitesh72925/Vulnerability-Management-Lab?tab=readme-ov-file#downloading-and-installing-nessus-essential) 

[Running Vulnerability Scan](https://github.com/mitesh72925/Vulnerability-Management-Lab?tab=readme-ov-file#running-vulnerability-scan) 

[First Scan](https://github.com/mitesh72925/Vulnerability-Management-Lab?tab=readme-ov-file#first-scan) 

[Setup up VM for Credentialed Vulnerability Scan](https://github.com/mitesh72925/Vulnerability-Management-Lab?tab=readme-ov-file#setup-up-vm-for-credentialed-vulnerability-scan) 

[Second Scan](https://github.com/mitesh72925/Vulnerability-Management-Lab?tab=readme-ov-file#second-scan) 

[Installing old and vulnerable Firefox on VM](https://github.com/mitesh72925/Vulnerability-Management-Lab?tab=readme-ov-file#installing-old-and-vulnerable-firefox-on-vm) 

[Third Scan](https://github.com/mitesh72925/Vulnerability-Management-Lab?tab=readme-ov-file#third-scan) 

[Remediation by updating System and Software](https://github.com/mitesh72925/Vulnerability-Management-Lab?tab=readme-ov-file#remediation-by-updating-systems-and-software) 

[Fourth Scan](https://github.com/mitesh72925/Vulnerability-Management-Lab?tab=readme-ov-file#fourth-scan) 

[Conclusion](https://github.com/mitesh72925/Vulnerability-Management-Lab?tab=readme-ov-file#conclusion)

[Reference and Appreciation](https://github.com/mitesh72925/Vulnerability-Management-Lab?tab=readme-ov-file#reference-and-appreciation)




## Project Plan 

  1) Environment Setup: First, we will setup environment for our project using tools like VMware Workstation, Nessus Essentials and Windows 10 

  2) Old and Vulnerable Software Install: Then after initial scan we will install vulnerable and old Firefox to later compare the vulnerabilities 

  3) Vulnerability Scanning: We will do total four vulnerability scan to find different scan result and then compare all of them to give us better understanding 

  4) Risk Identification: We will review the results from scan to see what we can do to remediate it later 

  5) Remediating the Risk: We remediate most of the software related vulnerabilities just by updating them to latest versions




## Learning outcomes of this project 

This project will enhance your skills in setting up a cybersecurity testing environment, identifying and analyzing software vulnerabilities through multiple scans, and applying remediation strategies to mitigate risks. You'll gain hands-on experience with tools like VMware Workstation and Nessus Essentials, understand the impact of outdated software on security, and learn effective remediation techniques. Additionally, you'll improve your critical thinking, problem-solving, and documentation abilities, enabling you to assess risks, implement security measures, and create comprehensive reports for future reference.




## Resources 

[VMware Workstation Download Guide](https://blogs.vmware.com/workstation/2024/05/vmware-workstation-pro-now-available-free-for-personal-use.html)

[Download Windows 10 ISO](https://www.microsoft.com/en-us/software-download/windows10)

[Download Nessus Essentials](https://www.tenable.com/products/nessus/nessus-essentials)

[Install Deprecated firefox on VM](https://ftp.mozilla.org/pub/firefox/releases/3.6.12/win32/en-US/)




## Installing Windows on VMware 

• First Download the ISO file using the link provided above 

• Open VMware and select “New Virtual Machine” 

• Select Typical for configuration and click next 



• Then select Installer disc image file option for easy installation and then browse the Windows.iso file and click next 



• Name your machine whatever you want and select the location of installation and then click next



• Allow 50 GB to 60 GB storage and select “split virtual disk into multiple files” and click next 



• Click on “Customize Hardware” and provide the resources to your VM according to your computer specification 

Note: You can select the “Bridged” in Network Adapter and after you finish installing your windows and find that you are not able to connect to internet then you can follow the steps provided in the video and you will get connected to internet. [Click here](https://www.youtube.com/watch?v=VVa1Q1wYgEY)



• Then click finish to start installing the Windows 

• Just follow the simple process to install the Windows and when its installed you need to disable the firewall to let Nessus talk to our VM 



• To do that you need to search “wf.msc” in search bar and then click 	“Windows Defender Firewall Properties”. Then on “Domain Profile”, 	“Private Profile”, and “Public Profile” you need to Turn Off the “Firewall state” 



• Now you should be able to ping your VM from your own computer using terminal 






## Downloading and Installing Nessus Essential 

Note: You need to download Nessus Essential in your own computer Not on your VM. So, please follow these steps on your own computer 

• Go to the link provided to download the Nessus Essential. You need to fill out the form on the page in order to receive the activation code. 



• Then you will be guided to download page, just click download twice 



 

• Now install the .msi file that you just downloaded. Installing Nessus is same as installing any software 


• Now Nessus will open in browser. Click Connect via SSL and then click on Advanced to allow connecting to Nessus. Click “Proceed to localhost” 



• Click continue, then select “Register for Nessus Essentials” and continue 



• In next step just click “Skip” and then it will ask you to provide Activation code that they sent you in email 

• Now let Nessus install plugins. You will get notification in your browser saying “Plugins are done compiling” when Nessus is ready to use 






## Running Vulnerability Scan 

• Click on “Create a new Scan” in Nessus, then select “Basic Network Scan” 

 


• Since we are just running our first scan as basic, we are going to only provide the IP address to check how many vulnerabilities we will find by just network scanning 



• Now save the information and go back to “My Scan” page to start the first scan 




## First Scan 

• As you can see that in our first scan, we only found 1 Medium, 1 Low vulnerabilities 



• Now we will setup our VM for Credentialed Vulnerability scan 




### Setup up VM for Credentialed Vulnerability Scan 

To do this we need to make some changes 

  #### 1) We need to open “Services” app and then Enable “Remote Registry” by right clicking it and go to properties. In startup type select “Automatic”, then “apply”, then “start” and click “ok” 



  #### 2) Now search and open “User Account control setting” and set it to “Never Notify” then click “ok” 



  #### 3) Then search and open “Advanced Sharing settings” and confirm that “File and Printer sharing” is On 



  #### 4) Now search and open “Registry Editor” as Administrator 

  • Go to “Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System” this path 

  • Now right click on empty space and select “NEW”, then “DWORD (32-bit) Value” to create new value 

 


  • Now, name it “LocalAccountTokenFilterPolicy” and then right click it to modify it and change its value to “1” 

 


• Now you need to go back to Nessus and then check box our VM and then click on “more” option on right, then click “configure”. Then select “Credentials” option and then “Windows” to fill-up the VM login info 

 








 

### Second Scan 

• Now start the second scan and wait for the result 



• Now you will see more Vulnerabilities than our first scan, the reason is that now Ness have deep access to the system to run deep scan for vulnerabilities 


 

### Installing old and vulnerable Firefox on VM 

• Go to the link provided and download deprecated version of Firefox and install it. [Click here](https://ftp.mozilla.org/pub/firefox/releases/3.6.12/win32/en-US/) 






### Third Scan 

• This time you will see more vulnerabilities than first and second time because of installing vulnerable Firefox, which has so many different CVE linked to it. 






### Remediation by updating System and Software 

• To remediate, we need to update some apps. After updating apps, we will be able to remediate most of the vulnerabilities. 



• Things to update for this computer: 

  1) Firefox 

  2) Microsoft Edge 

  3) Apps update from Microsoft Store 

  4) Update Windows system as well.  




### Fourth Scan 

• In our Fourth scan you will find out that most of our vulnerabilities has been removed by updating all software and system 



• After this remediation if you want to go little further then you can look for their solutions for remaining vulnerabilities. You can follow steps they mention or you can google the solutions for that those vulnerabilities using the CVE number. 




## Conclusion 

This project on vulnerability management involved setting up a Windows 10 virtual machine with outdated software, followed by a detailed vulnerability assessment using VMware Workstation Player. Vulnerability scans identified security weaknesses, which were then remediated to reduce risks. A credentialed scan provided a more accurate assessment, showing that remediation efforts effectively decreased vulnerabilities. The project emphasized the importance of proactive vulnerability management, regular assessments, and timely remediation in enhancing the security of systems and networks. 




## Reference and Appreciation 

Special thanks to [Josh Madakor](https://www.youtube.com/@JoshMadakor), for providing ideas for this project.