A hands-on cybersecurity home lab using OpenVAS (Greenbone) to scan and assess vulnerabilities on an intentionally vulnerable target. This project demonstrates practical skills in vulnerability management, risk analysis, and security reporting.
| Domain | Skills |
|---|---|
| Vulnerability Management | Vulnerability scanning, CVSS-based prioritization, risk assessment, remediation planning |
| Network Security | NAT networking, port analysis, attack surface mapping |
| Security Tools | OpenVAS / Greenbone, VMware Workstation Pro, Metasploitable |
| Reporting & Analysis | Scan report interpretation, CIA triad impact mapping, written analysis |
| Relevant Frameworks | CompTIA Security+ Domain 4 — Security Operations |
┌─────────────────────────────────────────────────────┐
│ VMware Workstation Pro │
│ (NAT Network) │
│ │
│ ┌───────────────────┐ ┌──────────────────────┐ │
│ │ OpenVAS Scanner │ │ Metasploitable VM │ │
│ │ (Greenbone Trial) │───>│ (Scan Target) │ │
│ │ │ │ 192.168.71.130 │ │
│ └───────────────────┘ └──────────────────────┘ │
│ Scans & Reports Intentionally │
│ Vulnerable Host │
└─────────────────────────────────────────────────────┘
- Imported Metasploitable OVA as the scan target — a purpose-built vulnerable Linux VM.
- Imported Greenbone Enterprise Trial OVA as the OpenVAS scanner.
- Configured both VMs on a NAT network for isolated communication.
- Ran a Full and Fast scan (~25 minutes) against the target.
The scan detected 156 vulnerabilities across the Metasploitable VM:
| Vulnerability | CVSS | Component | Impact |
|---|---|---|---|
| Ghostcat (CVE-2020-1938) | 9.8 | Apache Tomcat (port 8009) | Remote code execution, full system compromise |
| VSFTPD Backdoor | 9.8 | VSFTPD (port 6200) | Full system access via backdoor |
| DistCC RCE (CVE-2004-2687) | 9.8 | DistCC (port 3632) | Remote code execution during compilation |
| Java RMI RCE | 9.8 | Java RMI (port 1099) | Remote code execution via insecure config |
| FTP Brute Force Login | 9.8 | FTP (port 21) | Unauthorized file access |
| TWiki XSS (CVE-2005-2877) | 6.1 | TWiki web app | Script injection, session theft |
| SSL/TLS Weak Ciphers | 5.9 | SSL/TLS (multiple ports) | Data interception via weak ciphers |
| Cleartext Transmission | 5.3 | Multiple services | Credential capture in plain text |
Common themes across the 156 findings:
- Open Ports & Services — SSH, FTP, RMI, and DistCC expand the attack surface unnecessarily.
- Weak Encryption — Outdated ciphers (DES, RC4) enable man-in-the-middle attacks.
- Backdoors & Default Credentials — Poor configuration invites trivial exploitation.
Impact mapped to the CIA Triad:
| Principle | Risk |
|---|---|
| Confidentiality | Cleartext protocols expose credentials and data |
| Integrity | XSS and RCE allow unauthorized data manipulation |
| Availability | DDoS-prone protocols could crash services |
Full written analysis:
scan-analysis/scan-analysis.mdFull scan report:
scan-report/scan-report.pdf
- Patch critical vulnerabilities first — Update Apache Tomcat (Ghostcat), remove VSFTPD backdoor.
- Reduce attack surface — Close unused ports with firewall rules, disable unnecessary services.
- Enforce strong encryption — Require TLS 1.2+ across all services, eliminate weak cipher suites.
- Harden credentials — Enforce strong passwords, disable default accounts.
- Implement monitoring — Deploy intrusion detection (e.g., Snort) and schedule regular scans.
| Tool | Purpose |
|---|---|
| OpenVAS / Greenbone | Vulnerability scanning and reporting |
| VMware Workstation Pro | Virtual machine management and networking |
| Metasploitable | Intentionally vulnerable target for testing |
- LinkedIn: Youssef Elmanawy
- Email: yhmanawy@gmail.com