This repository contains a complete Vulnerability Assessment and Penetration Testing (VAPT) project performed on a Metasploitable2 virtual machine in a controlled lab environment.
The objective of this project was to identify, analyze, and exploit vulnerabilities using industry-standard tools and methodologies.
This task was completed as a part of my Vulnerability Assessment and Penetration Testing (VAPT) Internship at Cyart Technologies in March 2026.
- Identify open ports and running services
- Detect vulnerabilities in the target system
- Perform exploitation to validate findings
- Analyze risk using CVSS scoring
- Document findings with remediation steps
- Nmap (Network Scanning)
- Nikto (Web Vulnerability Scanning)
- Metasploit (Exploitation Framework)
- Netcat (Manual Exploitation)
The assessment follows the PTES (Penetration Testing Execution Standard):
- Reconnaissance
- Scanning
- Exploitation
- Post-Exploitation
- Reporting
- Multiple open ports increasing attack surface
- Outdated and vulnerable services detected
- Insecure protocols like FTP and Telnet enabled
- Successful root access via bind shell (Port 1524)
- Nmap scan results
- Nikto scan results
- Exploitation proof (root access)
- Sensitive file access (/etc/passwd)
This project was conducted in a controlled lab environment for educational purposes only. No real systems were targeted.
Aditya Mehta
VAPT Intern