Ensuring a system is free and protected from vulnerabilities is a pivotal duty of an ethical hacker. That said, there are multiple tools for analyzing and exploiting vulnerabilities that will allow ethical hackers to be efficient with their responsibility. 


Vulnerability Analysis & Exploitation Demo

Congratulations! We've completed a short vulnerability analysis and exploitation demo.

We've successfully:
- identified a running service, 
- found a vulnerability in the service, 
- leveraged existing exploited code to exploit that vulnerability.


Conclusion

> We have been asked to perform a basic penetration test against an internal server. The server's IP is `10.0.0.219`. 

The goal of this penetration test is to determine if there are any potential paths an attacker could take to compromise the system.

> **Note:** Some of these services are not running on this box so we have faked some terminal interactions in this specific exercise. This is so you can experience how these commands would work in the real world. 

Performing Vulnerability Analysis & Exploitation with Nmap

As an ethical hacker, we are defining, classifying, identifying, and mitigating vulnerabilities within a system or organization. These responsibilities are often identified as performing vulnerability analysis and exploitation. 

**Vulnerability analysis** defines and classifies security threats. 

**Vulnerability exploitation** identifies weaknesses and mitigates them within a system or organization. 

If done manually, vulnerability analysis and exploitation are long and tedious. Thankfully, due to the advancement of technology, ethical hackers are given tools to perform these tasks efficiently and quickly.

Some of the tools to list are:
- **Armitage**: A graphical user interface (GUI) tool for the Metasploit project that illustrates targets and offers exploits suggestions.
- **Nmap**: An open-source tool for network discovery and security auditing. 
- **Nikto2**: An open-source command-line vulnerability scanner for web servers.  
- **W3AF**: An open-source web application scanner. 

Now, let's practice some vulnerability analysis and exploitation!
 