Security Assessment Method

Verify the suspected vulnerabilities

Find the exploit source at

At the website, you can search for some of the text returned on the nessus vulnerability report and try to find the plugin logic. Read through thie source code of the plugin which found the suspected vulnerability. It may have enough information for you to be able to try a manual exploit.

For instance, if nessus has determinged that you can telnet to a port without a password, you should do so and see what kind of access you get as a result.

Try metasploit

You can try using metasploit to test more complex vulnerabilities. I can't explain how to do that here.

Try nikto

If you have found open http ports, nikto would be a good tool to run.

Prev: <-nessus