Easy January 28, 2026

TryHackMe – Vulnerability Scanner Overview

Learn about vulnerability scanners and how they work in a practical scenario.

#cyber-security-101 #tryhackme #walkthrough

Answers

What is the process of fixing the vulnerabilities called?

Patching

Which type of vulnerability scans require the credentials of the target host?

Authenticated

Which type of vulnerability scan focuses on identifying the vulnerabilities that can be exploited from outside the network?

External

Is Nessus currently an open-source vulnerability scanner? (Yea/Nay)

Nay

Which company developed the Nexpose vulnerability scanner?

Rapid7

What is the name of the open-source vulnerability scanner developed by Greenbone Security?

OpenVAS

CVE stands for?

Common Vulnerabilities and Exposures

Which organization developed CVE?

MITRE Corporation

What would be the severity level of the vulnerability with a score of 5.3?

Medium

What is the IP address of the machine scanned in this task?

10.10.154.44

How many vulnerabilities were discovered on this host?

13

What is the score of the single high-severity vulnerability found in the scan?

10

What is the solution suggested by OpenVAS for this vulnerability?

Change the password of the mentioned account(s).

Things You Should Know

Vulnerability scanning is the inspection of digital systems to find weaknesses.

Authenticated Scans:

  • The credentials of the subject host (ex: Username & Password) Must be input in the vulnerability scanner.
  • Identifies vulnerabilities that can be exploited by the attackers having access to the host.
  • It provides a deeper visibility into the target system by scanning its configuration and installed applications
  • Example: Scanning an internal database by providing its credentials to the vulnerability scanner.

Unauthenticated Scans:

  • The vulnerability scanner doesnt need the hosts credentials, just the IP address.
  • Identifies the vulnerabilities that can be exploited by an external hacker that has no access to the subject host.
  • It’s less resource-intensive and straightforward to set up.
  • Example: Scanning a public-facing website for vulnerabilities that any user can exploit

Internal Scans

  • Conducted from inside the network
  • It focuses on the vulnerabilities that can be exploited inside the network
  • identifies vulnerabilities that would be exposed to the attackers once theyre inside the network

External Scans

  • Conducted from outside the network
  • It focuses on the vulnerabilities that can be exploited from outside the network
  • Indetifies the vulnerabilities exposed to the attacker outside the network

Vulnerability Scanning Tools

Nessus Extensive vulnerability scanning options available in free and paid versions. The free version offers a limited number of scan features while the paid version offers advanced scanning features, unlimited scans, and professional support.

Qualys A subscription based vulnerability management solution that provides continuous vulnerability scanning, compliance checks, and asset management. It automatically alerts on vulnerabilities found during continuous monitoring. Its a cloud based platform which means theres no extra cost to keep it running or manage physical hardware.

Nexpose A subscription based vulnerability management solution that continuously discovers new assets in the network and preforms vulnerability scans on them. It gives vulnerability risk scores depending on the asset value and the vulnerabilities impact. It also provides compliance checks against various standards.

OpenVAS An open-source vulnerability assessment solution that offers basic features with known vulnerabilities scanned through its database. Its less extensive than commercial tools, however, it gives you a complete vulnerability scanner.

CVE

CVE stands for Common Vulnerabilities and Exposures

CVE is a unique number for each problem and vulnerability developed by the MITRE Corporation. There are CVE databases where you can find the details of previously discovered vulnerabilities so you can apply protective measures to fix them.

Example: CVE-2024-9374

  • CVE prefix: Every CVE number starts with “CVE”
  • Year: The second part of the CVE number is the year it was discovered (E.g., 2024)
  • Arbitrary Digits: The last part of the CVE number contains 4 or more arbitrary digitis

CVSS

CVSS stands for Common Vulnerability Scoring System

This is basically assigning a severity level to different vulnerabilities. The score is calculated by considering multiple factors such as impact, ease of exploitability, etc. On the table below there are the CVSS score ranges and what severity levels they correlate to.

CVSS Score RangeSeverity Levels
0.0-3.9Low
4.0-6.9Medium
7.0-8.9High
9.0-10Critical

OpenVAS

In this TryHackMe Room, it goes in depth about how to use OpenVAS through the Greenbone Security Assitant online. to install OpenVAS on terminal, you use this code.

sudo apt install docker.io

This installs a docker that will assist in the set up and installation of OpenVAS. The next code is to actually install OpenVAS using the docker image provided by Immauss

sudo docker run -d -p 443:443 —name openvas immauss/openvas