The [vulnerabilities][https://www.avanturebytes.com/penetration-testing-services] scan allows identifying weaknesses in the evaluated system, based on the details obtained during the previous phases; the objective is to identify the most effective attack method and anticipate the type of information that will be obtained when the vulnerability found is exploited. You should take the same approach that a real attacker would take, viewing the organization as a potential adversary and trying to inflict as much damage as possible on it.
There are different methods to discover vulnerabilities, as well as there, are different automated tools that can help in this phase. Here are some techniques that can be used to discover vulnerabilities:

Check the software version: It is one of the most common techniques, identifies the version number, and compare it with the lists of free vulnerable versions for free in different security sites. At this point, you should also check for patches and upgrades applied that could eliminate the vulnerability. Here the free tools Nmap and a map could be used.

Check the communication protocol version: The software version probably does not contain vulnerabilities, but could use some network protocol with security problems.

Verify the configuration: It is necessary to analyze the different accesses that could be given, remote, local and with different types of privileges, it is not enough to analyze if there is a default configuration, it is necessary to check if the configurations applied by the administrator are enough to avoid security issues.

Exploit execution: Exploits can be executed without knowing the current vulnerabilities, based on the prestige of the exploit and the information obtained during the previous phases. This technique can be dangerous as it could cause system damage, including denial of service. However, it is possible to represent a technique very close to what would happen if they were subjected to real attacks.

On the other hand, there are automatic tools that allow the identification of vulnerabilities, among the most common are the following:

1. Nessus:
It is a tool with a commercial and free option, it has the advantages of creating different scan profiles depending on the type of evaluation required and the site from which the tests are run. Nessus generates reports categorizing the vulnerabilities found according to impact and associates an identifier for each one of them that facilitates the search for information related to the exploitation.

2. OpenVas:
It is another free software option that has flexibility in the application of different evaluation profiles, it is a client-server tool, despite not being as "friendly" as Nessus, it is an excellent option to verify the vulnerabilities found by other tools. It is the most exciting part of running penetration tests and the one that makes it different from a vulnerability scan, often incorrectly called "vulnerability analysis," where you only go to the previous stage, only the vulnerabilities are found without checking if they can be exploited. This stage will depend on the results obtained in the previous stages so that each test will be different according to the existing services and the current vulnerabilities. At this stage, different actions can be carried out as a result of exploitation, to mention a few:
Copy files to the target
Copy files from the target
View confidential traffic
Reconfigure the target
Install software
Take full control
Cause denial of service
Use one goal to reach another
Obtain passwords
There are a vast number of tools to exploit vulnerabilities; there are sites where independent exploits can be found, and there are complete attack frameworks, one of the most useful and essential is Metasploit, which contains hundreds of exploits applicable to different operating systems, to different services. And in different versions, it contains three types of interfaces that facilitate execution.

On the other side, on the target, you can see a fault in the system.
The example shown above is only a small part of what a pentester does when checking vulnerabilities, there are other tools for exploitation, some commercial and some free, it is necessary to make a combination of the different tools. On the other hand, in some cases, the exploit does not exist to check specific vulnerabilities, so it is necessary to generate it, for which there are also different tools and frameworks, including Metasploit again. The final and most crucial stage is the creation of the report of findings since it is in this phase where it is communicated what was done, how it was done and how the organization can eliminate the vulnerabilities detected during the analysis, so it is great importance to generate reports with the highest possible quality. The format of a report can be very variable, but here are some points that must be presented:
Table of Contents
Executive Summary
Methodology used
Findings ordered according to impact
Detailed evidence including screenshots of the find
It is recommended to present the evidence hierarchically, since taking as the fact that all vulnerabilities must be eliminated, some may represent a more significant impact on the organization, so an immediate solution is a priority. It is possible to believe that the report is not important when an internal pentest is carried out, but it is necessary to have a log that stores the history of the security problems that have been encountered, this could help to solve problems in the future. To conclude, it is necessary to say that the task of a pentester is not easy, but it is decisive for a good security strategy, so it is advisable to carry out internal evaluations and periodically request professional services.

1. You went and copied a computer stuff

2. You pasted it in the wrong section.

3. You can still make copied stuffs appealing to be read.

If we ask you how to install Nessus...u dnt know... Nessus is A-okay but Nmap is your friend...... Mr copy and paste!!!!