 Hello everyone, I am Ramesh Gaikwad and I am demonstrating a NASAS. NASAS is a vulnerability scanning tool and which is most popular among the various vulnerability scanning tool because it has one of the largest knowledge base and it gets that knowledge base from various vendors of security vulnerabilities like Microsoft, then Amazon and other things. So, I am getting started with the NASAS. So, in NASAS, NASAS has a DEMON, NASAS DEMON which acts as a server on our machine and it has a client which is a web client. So, to start scanning with NASAS we need to start NASAS DEMON first. So, I am starting NASAS DEMON over here. So, I am typing command unit to be pseudo, etc init.d where the NASAS DEMON is seated, then I will say start. So, if it is already started then it will show that NASAS service is already running and give the process idea of that. So, you are ready to go to start the NASAS client. So, I will open a web browser and start the NASAS client. So, it need to be secure connection on local host and the NASAS uses 8034 as its port. So, it will open the NASAS page. So, on my machine I have already logged on to NASAS by typing username and password. So, now it will not ask me for username and password. If you are running NASAS on your machine for the first time then it will prompt for username and password. So, we can go forward with the overview of NASAS, what are the tabs init and all the things. So, here these are my scans done through my NASAS. So, there are six scans right now and you can schedule your scans, it can be shown in the schedule tab. So, right now there is only one schedule and you can create your own policies in this policy tab. So, these are my policy created by me, I can use the bi-default policies which are there in NASAS or I can customize my policy and use that for scanning my hosts. So, now I want to create a new policies I will click on new policy button. So, it will open the policy wizard you can see over here and these are different predefined policies. Some of them are available in the cloud setup and some of them are available in the subscription based NASAS as we are using home home edition of the NASAS, then only some of them are available. You can see host discovery, basic neto scan, heartbeat injection detection, credential patch audit and also wave application testing and you can perform audit on PCI DSS things. So, now using NASAS we are going forward in the same scenario as like Nmap, we will first find out which hosts are live in my subnet or network and then choose one of the hosts and scan that host scan its all ports and find out the vulnerabilities which are present in that. So, I am going forward with host discovery. So, I will click on that host discovery policy wizard and it will open up the policy wizard in which I will fill in details like my host discovery and the visibility option over here is for sharing that this particular policy among different users. If there are other users on my NASAS client so that I can share the same policy between them. So, I keeping it as a share and you can give optional description and the last option allowing post scan report editing can allow the NASAS users to edit the results of scan after post. So, you can keep it on or keep that close. So, I am moving forward. Now, NASAS is asking me what type of discovery should I do? Should I only enumerate the host or do other thing? So, I am keeping that option. So, here you can see that my host discovery policy has been added. I have same other policy which is same as my host discovery called as host discovery. You can see over here and we can use any of the policy for scanning the host. So, I will go and here it is advanced mode. You can customize your policy by going to advanced mode. Right now I will not go into that. I will show that in later part of demo. I am just cancelling it and I am going back to create a new scan. So, for that I also need to go to click new scan button and it will open up a new scan wizard. Here I will fill in details give the suitable name and suitable description. Here in policies you can select the policies which you created already or among the drop down list. So, I am selecting host discovery or my host discovery and for giving the target you can use the IP address of particular machine or particular network. So, if you are giving the IP address of a particular machine then it will only go to that machine and give the result that it is up or not. And if you are giving the IP address of a whole network or subnet using net mask then it can scan all the it can go to all the host and show which host are alive or not. So, it will maximum scan 256 hosts and I will scan using that particular policy and I scanned host discovery 2 and host discovery 1 are my previous scans. So, I we can observe one of the results. So, this is the scan result of host discovery. Here you can see that host are enumerated and the one and on right side you can see a blue bar in which one is written. So, it is the name of a plug-in which I used for pinging that particular remote host. So, here you can see the number R sequence is increasing to 12, 16. So, in between hosts are not alive. You can also change this particular thing by going in by going into advance mode like scan host randomly. So, that it will scan any host randomly. So, when I click then you can see that the host details are also shown. The host name is shown and the IP address which I provided and also the plug-in name and plug-in family. So, in advance mode I will I will say more about what is plug-in and what is plug-in family. So, these were the scans. So, sometimes it may require that you need to schedule some scans. So, for that for start at the start of day you need to scan which hosts are up in your system. So, you can scan you can schedule that particular scan by using schedule option. So, I am going into schedules and I have already created a schedule called as daily scan. So, I will once more go through how to create a new schedule. It will open up schedule wizard then relevant name you can give I will give daily host discovery and I will select the relevant policy which I created earlier and give the target. It can be same as whatever things we have done in scan wizard and now you can schedule that particular scan as you can see that I already created daily scan and it has one on same things. So, if you want to change the schedule of that scan you can go to schedule setting and you can choose various launch options like I selected on demand there are various launch options like once daily weekly you can set that. So, if you change select daily then it will ask for start time and the repeat interval of that particular scan. So, right now I am keeping it as on demand and also there is a email setting. So, in in red words it is giving that warning that you are not set up your SMT server. So, you can set up your SMT server in the SS setting and add the target email IDs in the recipient box and get the particular email of that that scan has been started and the results of the scan. So, I am skipping this and in that schedule I already created you can see there are two buttons one is a small triangle which is for starting the scan as I said on demand and another is for deleting that particular schedule. So, I am starting the scan when I click on to that it will open pop up a message that schedule daily scan launch successfully by NASA. So, we can go back to scans here you can see the number of scans in 3 to 7 and the scan is running you can see that running over here and check the time that 6 p m and 1800 p m is there. So, I am just stopping it will consume my resources and I already use that schedule on demand previously. So, we can observe the results. So, the results are same as host discovery because it is being one and same thing. So, the hosts are enumerated and now the first thing in scenario is done like we you have found out which host are alive. Now you will see I will select one particular host and try to find out whatever the ports are open on that host and using my NASA's knowledge base I will find out what vulnerabilities are possible, possibly exploited using exploitation tools like Metasploit and core impact. So, I need to create a policy for that. So, that is basic network scan policy which I will show you. So, here you can see that basic network scan policy can be used to a fully scan a system, fully scan a host and it is all ports. So, in the policy wizard you can type in relevant details. So, I am using external basic network scan I will tell more about in next screen. So, you can set the visibility and give a relevant description scanning all ports of host and go on to the next option and here you can choose a scan type whether internal or external. So, internal scanning means it will only scan well known ports which are listed in your slash ETC slash services file. So, it will not put much much load onto your system and in external scan you will scan all the ports from 1 to 65535 and find out possible vulnerabilities on the open ports. So, I am selecting external scan over here and I will go next and here this is asking also asking for credentials you can it is optional part you can give the credentials of target system or not. The credentials are needed to detect some missing patches and some client side vulnerabilities, but you can skip this because providing username and password is not secure. So, I just created already external network scan policy. So, here you can see the details are over there already. So, BNS 1 and external network scan are the similar policies. So, I can use one of the policy to scan my host. So, here you can see the second last BNS Vibos OS this host is been scanned using that BNS 1 policy we can explore the results and also if you want to create new scan you can go and do the previous thing which we have done for the new scan wizard. So, you can put in relevant name and also the names of scans are not unique. So, only the time stamp will differ between the similar name scans. So, here I am choosing the policy as external network scan you can choose the policy you created and giving a target. So, as I said that BNS host BNS Vibos OS was the scan which I made on a host and we will go through the results of that scan. So, when I click on to that the results will open up and this horizontal histogram is showing different colored vulnerabilities from more severe like critically severe to informationally severe vulnerabilities. Here you can see 5, 1, 2, 20 and there are multiple tabs like host vulnerability and remediation. So, when I click on to particular vulnerability then I can see more details about that. So, if I click on. So, here you can see the vulnerabilities are listed and the plugin name which used for exploring that vulnerability and the plugin family it is at ordered according to severity and you can see the host details it is showing the OS printer print and the MAC address and IP address of that thing. So, if I click on to some vulnerability then it is giving the description of that vulnerability what does it mean and it is showing that Microsoft Windows XP unsupported installation detected because the support for that XP to XP 3 ended on April 8, 2014. So, it is showing that vulnerability and recommended solution like upgrade to newer version of Windows and also you can see more about this vulnerability by clicking this URL and it is showing that which host was that I will show you another vulnerability. So, this is MS 08067 this vulnerability for this vulnerability NASA has used the plugin from security bulletins of Microsoft MS 08067 is the security bulletin you can see over here. So, 080 is the year in which the vulnerability discovered and the 67 is a serial number of that vulnerability it is showing that the remote host is vulnerable to over flow and in the server service. So, that an attacker can craft an attack and executes its arbitrary code on the remote host using the system privileges. So, it is showing the possible attack possible where the attacker can attack your system also giving the recommended solution and in the right pan you can see the plugin details. So, it is showing the CP means common platform enumeration. So, what is the platform of this current system? So, it is exploit is available for exploiting this vulnerability or not and also it is showing how an attacker can exploit this vulnerability. So, here it can be exploited using Metasploit and the plugin used for Metasploit will be MS 080 and the attacker can do that and another tools are Kanoas and core impact also you can see the reference information CV is the repository for common vulnerability exposures and this is the number of that CV. So, you can click on that then MITRE group is working on that repository. So, you can see more details about that vulnerability over there. So, now we can go back and now we have exploited that how Nessus can scan ports and show what are the vulnerabilities present on that host. Now, we will go more deep into what is that in advanced mode. So, I will create a new policy and show what is there in advanced mode. I am going with basic network scan and giving relevant name. So, the policy name you can give I am giving it as modified as I will slightly modify it visibility and the description and we can go next and select the scan type either internal or external and you can skip the credential part. So, the new policy will be added in the policy section. So, I am clicking on that and I am clicking now on advanced mode and it has opened advanced setting. So, here in left span you can see there are many settings general setting credentials plugins and preferences we will go through it one by one and in general setting there is a pop up list. So, drop down list. So, in that you can choose what you need to set either basic or port scanning performance or advance. So, the basic was already opened in the pure form of policy uncustomized form. So, if you need to customize the port scanning you can specify the which ports you need to scan similar to Nmap and also it is using you can say what engine you can use to scan the ports of a host. So, here NASA has customized is SNMP scanner and it is using it by default and also it is pinging remote host and also it is it has created a wrapper or TCP CIN and it is using NASA's CIN scanner and in performance setting you can control how much load your NASA's should put on to your network. So, by changing the maximum checks for host maximum host per scan and timeout you can control the load and in advanced setting you can go deep into that your NASA's should do safe checks over check for silent dependencies or not. And here you can see this is a these are plug-in families and the plug-ins count of plug-ins shown over here. So, these are plug-in families and you can enable or disable by clicking this button and the count of that plug count of plug-ins inside that plug-in family shown here in the right side. So, it has already enabled 11 plug-ins. So, here in this filter plug-in you can type relevant keyboard and filter those plug-in families which has that particular key word and select that particular policy according to your customized policy. So, here you can click anything any plug-in family and the plug-ins will be shown in the right span. You can explore on your own and also actually policy is a set of plug-ins. So, you can add or remove the policy from the add or remove the plug-ins from that particular policy and create a customized policy. So, that this was the preference type. So, this is the active directory service interface and you can provide the domain controller and domain details. So, that it the NASA scans can the active directory it is optional I am skipping. Now, the last part of a demo I will show that NASA has scanned your particular host and if you want to export the results in PDF or other format then how can we do that. So, we can select the results of one particular scan and click on to that. So, these where are the vulnerabilities and you can export it using the export button over here and you can choose the format whatever you want. So, I am choosing PDF and it is opening the wizard and these are the drag and drop, drag and drop tiles and you can move what should be included in the report content and what should be listed. So, I am just listing vulnerabilities by host and exporting it. So, it will export and start downloading. I already downloaded that for you and it is showing the report. So, you can using that particular offline reporting you never need to start again the NASAS and also can share among your peers. So, what is the result of NASAS scan? So, here you can see that the vulnerabilities are listed by host and the plugin details will be shown. So, you can see that NASAS since scanner was used and what was the synopsis description whatever the things were there are listed one below another over here. So, this was about reporting. So, in this way you can explore more about NASAS and you can scan the your college systems and strive for the safe systems and also you can there are there is option for web app testing and that app should be installed on your network within your network and you can motivate your students to scan their web apps using NASAS and strive for safe apps. So, that they can they are not more vulnerable to any other attacker. So, this is about NASAS. Thank you.