Skip to content

Welcome to the Vulnerability Scanning Guide

Vulnerability Scanning Guide

Comprehensive OSCP-focused guide to vulnerability scanning using Nmap and Nessus

By Mohamed Trigui | Master's in Cybersecurity @ Illinois Tech

About This Guide

This documentation provides an in-depth exploration of vulnerability scanning techniques essential for penetration testing and the OSCP certification. Content is derived from OffSec PEN-200 courseware, rephrased and organized for practical application.

What You'll Learn

**Vulnerability Scanning Theory** - How vulnerability scanners work - CVE and CVSS scoring systems - False positives vs. false negatives - Manual vs. automated scanning strategies - Scan types and considerations [Get Started with Theory →](vulnerability-scanning-theory.md){ .md-button .md-button--primary }
**Nmap NSE Vulnerability Scanning** - Nmap Scripting Engine (NSE) fundamentals - Using the vuln category scripts - Custom NSE script installation - Practical scanning techniques - Service-specific vulnerability detection [Explore Nmap NSE →](nmap-vulnerability-scanning.md){ .md-button .md-button--primary }
**Nessus Professional Scanning** - Installing and configuring Nessus - Performing authenticated and unauthenticated scans - Analyzing vulnerability reports - Working with Nessus plugins - Best practices for enterprise scanning [Learn Nessus →](nessus-vulnerability-scanning.md){ .md-button .md-button--primary }
**OpenVAS Open-Source Scanning** - Installing and configuring OpenVAS/GVM - Comprehensive vulnerability assessment - Feed management and updates - Report generation and analysis - Free alternative to commercial scanners [Explore OpenVAS →](openvas-vulnerability-scanning.md){ .md-button .md-button--primary }

Who This Guide Is For

  • OSCP Candidates: Preparing for the OSCP certification exam
  • Penetration Testers: Building practical vulnerability assessment skills
  • Security Professionals: Enhancing network security knowledge
  • Students: Learning cybersecurity fundamentals

Quick Start

Prerequisites

Before diving in, ensure you have:

  • Kali Linux or similar penetration testing distribution
  • Basic understanding of networking concepts
  • Familiarity with command-line interfaces
  • (Optional) Access to vulnerable lab environments (HTB, TryHackMe)
  1. Start with Theory - Understand core vulnerability scanning concepts
  2. Practice with Nmap - Master lightweight scanning with NSE scripts
  3. Advance to Nessus - Learn comprehensive vulnerability assessment
  4. Apply Knowledge - Practice on HTB boxes or lab environments

Key Features

Feature Description
OSCP-Focused Content aligned with OSCP exam objectives
Comprehensive Theory, practical examples, and best practices
Hands-On Real commands and configurations
Verified Techniques tested in lab environments
Updated Based on current OffSec PEN-200 materials

Tools Covered

Nmap

The industry-standard port scanner with powerful NSE scripting capabilities for lightweight vulnerability detection.

# Example: Quick vulnerability scan
sudo nmap -sV -p 80,443 --script "vuln" <target>

Nessus

Professional vulnerability scanner with extensive plugin library covering 67,000+ CVEs.

# Nessus runs via web interface at:
https://localhost:8834

OpenVAS

Open-source vulnerability assessment framework with 50,000+ Network Vulnerability Tests (NVTs).

# Update feeds and start OpenVAS
sudo gvm-feed-update
sudo gvm-start
# Access at: https://127.0.0.1:9392

Additional Resources

About the Author

Mohamed Trigui is a cybersecurity enthusiast completing a Master's in Cybersecurity at Illinois Tech. Currently preparing for OSCP certification through hands-on practice on Hack The Box and developing custom security tools.

Current Projects: - Replicating vulnerabilities on Linux and writing Lua patches - Developing Nmap NSE scripts for zero-day reconnaissance - Writing HTB machine walkthroughs and exploit documentation

Connect with me:

GitHub LinkedIn YouTube

Disclaimer

Educational Purpose

This guide is for educational purposes only. Always obtain proper authorization before scanning any systems. Unauthorized vulnerability scanning is illegal and unethical.

Content Attribution

Content is derived from OffSec PEN-200 (OSCP) training materials, rephrased and adapted for educational purposes. All credit for the original methodology and techniques goes to Offensive Security.

License & Usage

This documentation is provided as-is for educational purposes. When using these techniques:

  • DO: Practice in authorized lab environments
  • DO: Obtain written permission for assessments
  • DO: Follow responsible disclosure practices
  • DON'T: Scan systems without authorization
  • DON'T: Use for malicious purposes

Ready to Begin?

Start your journey into vulnerability scanning

Get Started →