Final Project - Network Visualization and Vulnerabilities 1
Final Project - Network Visualization and Vulnerabilities 1
Final Project - Network Visualization and Vulnerabilities 1
Emmylou Bice
Table of Contents
1 Trade Studies...........................................................................................................................4
2.1 Kali..................................................................................................................................8
2.2 Metasploitable..................................................................................................................8
2.3 CentOS.............................................................................................................................9
2.4 Ubuntu.............................................................................................................................9
1 Trade Studies
In this course I’ve conducted a couple of trade studies to find the best tools for specific
The purpose of this network visualization trade study was to identify an open-source
network visualization tool fit for an at home lab network. The best tool to install was assessed
against the criteria identified in Table 1. The ideal tool had to be open source, provide an easy-to-
use GUI, is maintainable via updates, and offers a good report generation feature. These criteria
are given a rating on the scale of one to five, five being the optimal fit.
Maltego came with Kali but froze a bit which affected its scoring in that category. Grafana
ran on its own VM with no other tools which made the experience smoother, but was difficult to
setup and configure and did not have an easy-to-use GUI. Based on the criteria identified, Zabbix
was chosen to be the better network security visualization tool. In this trade study, I only
installed the Zabbix agent on the Kali box. With Zabbix, admins can view the target’s (Kali)
system information such as CPU usage or Memory Utilization for a defined timeframe.
The purpose of this trade study is to identify an open-source vulnerability scanning tool for
an at home lab environment. The best tool to install was assessed against the criteria identified in
Table 1. The tool had to be open source, provide an easy-to-use GUI, have an easy installation, is
maintainable via updates, and has a good report generation feature to name a few of the criteria.
These criteria are given a rating on the scale of one to five, five being the optimal fit.
a COTS tool
Report Generation 5 – multiple templates to 5 – multiple templates to view
choose from providing the data
different ways to view the
data
Ease of Install 4 – Install is relatively 4 – Used to be pre-installed on
straightforward previous versions of Kali, but
can be installed easy via a few
commands
CVE Compatibility 5 – Vulnerabilities have a 5 - Vulnerabilities are based on
Nessus plugin ID, but also the CVE databases. Over
map to the CVE database. 26,000 CVEs
over 47,000 CVEs
Documentation Available 4 – Lots of documentation 5 – Lots of documentation can
can be found online. be found online. The online
However, specific issues community posts multiple
would require a service threads of issues and solutions.
agreement Additionally, Greenbone
provides lots of detailed
documentation and video
tutorials.
Totals 42 47
Table 2: Trade Study Criteria – Vulnerability Scanner
Nessus is a COTS product that is fairly expensive to buy making it non-ideal for a budget
friendly home lab environment. Nessus is much more suitable for enterprise organizations that
can afford the price and take advantage of all the features. OpenVAS, however, is open source
and provides similar results without the price tag. This tool is great for a home lab environment
that is budget restricted and needs quick results to assess the systems on the network. Therefore,
In this trade study exercise only the Metasploitable node was turned on. The OpenVAS
scanner could not get detailed results of any of the systems on the network because they are not
credentialed scans, meaning the scanner did not login to the system to get accurate information.
to ensure that the scanner has the ability to log into the target system to generate accurate
vulnerability results. Otherwise, the most the individual will see is information that can only be
FINAL PROJECT – NETWORK VISUALIZATION AND VULNERABILITIES 7
found from viewing outside like an operating system guess based on open ports. One good thing
about a uncredentialed scan is that it helps the individual find all the systems on the network
The final lab configuration included a kali machine, metasploitable box, CentOS VM, and an
Ubuntu system.
Internet
DHCP Server
2.1 Kali
The Kali Linux VM is a system with many offensive security related tools. In the lab, my
kali system has an IP address of 192.168.56.101, which was assigned through the DHCP server.
This system is connected to the host-only, NAT, and wireless network interfaces to ensure that it
can access the systems within the lab network and download updates and software online. I used
this system to run Nmap, Wireshark, kismet, and OpenVAS in the lab environment to learn about
each tool and to analyze the cyber security posture of the network.
2.2 Metasploitable
192.168.56.102, which was assigned through the DHCP server. This system is connected to the
host-only network and not the internet to ensure that Kali can access it without exposing the
network to additional potential vulnerabilities to attack. I used this VM to test some of the
2.3 CentOS
The CentOS VM has the vulnerable Webgoat Application. This machine has an IP address
of 192.168.56.103. This system is connected to the host-only network and not the internet since
it was running a vulnerable application. I did not want the network exposed to potential external
attackers. I used this VM as a system to practice installing into the lab environment and scanned
2.4 Ubuntu
The Ubuntu VM has the Zabbix network visualization tool installed. This machine has an IP
address of 192.168.56.104. This system is connected to the host-only network and the internet
FINAL PROJECT – NETWORK VISUALIZATION AND VULNERABILITIES 9
because I needed to install package dependencies on it for the Zabbix installation. I used this
machine with the Zabbix tool to visualize and map out the lab network.
Throughout the course, I learned new tools for network visualization and finding
vulnerabilities. The Table below provides a summary of all the tools used.
Tool Description
NMAP NMAP is a network mapper tool used to discover systems, ports, and services
on a network. This tool was used to identify open ports, protocols, and
services of the different systems in the lab network that I could probe and
potentially exploit.
Wireshark Wireshark is a network protocol analyzer. This tool was used to analyze the
network traffic of the lab systems in real time. It allows me to troubleshoot
network issues like dropped packets, latency issues, or identify malicious
activities.
OpenVAS OpenVAS is a network vulnerability scanner. This tool was used to scan
systems in the lab network for potential known vulnerabilities.
Zabbix Zabbix is a network monitoring tool. This tool was used to help visualize the
lab network and find all the systems on the network through the use of Zabbix
agents installed on the endpoint nodes. It provides metrics such as network
utilization, CPU load, and disk space consumption.
Medusa Medusa is a brute force attack tool. This tool was used to brute force the SSH
service of the metasploitable VM to identify a weak username and password
using a set list of words from a text file.
Kismet Kismet is a wireless network analyzer tool. Much like Wireshark, kismet
monitors the network, detects systems, can sniff packets, and malicious
traffic. This tool is installed on Kali and was used to analyzer the wireless
network at home. I was able to see multiple devices on the network, which
channels were occupied, and which systems had no encryption.
Metasploit Metasploit is a penetration testing tool. This tool encompasses known exploits
for systems that can be used to easily hack into systems. This tool is installed
on Kali and was used to exploit some of the vulnerabilities on the
Metasploitable VM.
Table 3: Lab Network Tools
To determine the operating systems installed on the hosts in the lab network, I used Nmap which
has a -O option for operating system detection. The full command is “nmap -O <Target IP
Address>”. I ran this command against the three systems in the lab, not including the Kali
FINAL PROJECT – NETWORK VISUALIZATION AND VULNERABILITIES 10
192.168.56.104. Two of the three IPs resulted in Linux OS guesses, while the other could not
detect that the machine was on. NMAP guessed that 192.168.56.102 was running Linux 2.6.x.,
192.168.56.103 was not on, and 192.168.56.104 was running Linux 4.x|5.x. The figures below
To perform a dictionary attack against a host’s SSH service, I used the medusa tool within
the Kali suite. Medusa is a brute force attacking tool which can brute force the username and
password of multiple protocols using a set wordlist. Kali comes with a “rockyou.txt” which
identifies many weak, common passwords as a default list. For this exercise, I created a new
wordlist with the known username and password of the metasploitable box. The command to
launch an SSH attack on the Metasploitable VM via Medusa is the following “medusa -h
following screenshot shows the results which successfully guesses the username and password of
the box.
The Metasploitable VM has multiple vulnerable web services. For this exercise, I chose to
exploit the Tomcat web service running on port 8180. To attack this service, the first portion
includes Brute forcing the username and password. For this, I used Metasploit’s auxiliary
the scanner where it found the username and password to be tomcat | tomcat.
Once the password was found, I used the http/tomcat_mgr_login exploit and put in the
found username and password. I set the payload to be the java/meterpreter/reverse_tcp and
launched the exploit. I obtained a meterpreter shell or access to the Metasploitable operating
To identify ports listening on a host, I used the NMAP tool. The -sV option probes open
ports and provides the service/version information of the top 1000 ports. I ran this command on
below, I captured the eth0 interface which is the host-only interface of the lab. I was able to
capture the interactions between the kali box (192.168.56.101) and the Metasploitable VM
(192.168.56.102).
FINAL PROJECT – NETWORK VISUALIZATION AND VULNERABILITIES 16
To find the SSID of a wireless network, I used the Kismet tool which is a wireless network
sniffer. This tool requires a wireless network adapter, which in Kali became the network interface
wlan0mon. To run Kismet and begin scanning the network, I ran the command “kismet -c
wlan0mon”. The output of this command identifies a few SSIDs such as “Aristondo”,
This course taught me a lot about various tools used to both visualize and analyze networks
for systems and any vulnerabilities. These tools are used for both network engineers, security
engineers, and hackers. Some of the tools I used before include Metasploit and OpenVAS during
my work. Tools that were new to me include Wireshark, Zabbix, and Kismet. Each of the tools
had some trouble with either installation or execution where the online instructions did not match
up one for one or the network configurations weren’t working. For example, I learned quite a lot
using Kismet. Kali did not initially want to recognize the new USB network sniffing device
which required me to troubleshoot a bit. Also, because I have not really used a wireless sniffing
tool, I learned quite a bit about my local wireless network around me. It was interesting to see all
the devices pinging out to the wireless network and identify systems that were using unencrypted
channels.