Vulnerability Assessment Guide

Identify and prioritize security vulnerabilities with Pentora.

Enable Vulnerability Checks

pentora scan --targets 192.168.1.100 --vuln

Vulnerability Detection

Pentora identifies vulnerabilities via:

CVE Matching: Service versions against CVE database
Misconfiguration Checks: Default credentials, weak ciphers
Heuristics: Outdated software, EOL products

Severity Levels

Critical: Remote code execution, auth bypass (CVSS 9.0-10.0)
High: Privilege escalation, DoS (CVSS 7.0-8.9)
Medium: Information disclosure (CVSS 4.0-6.9)
Low: Minor issues (CVSS 0.1-3.9)

Filtering Results

# Critical vulnerabilities only
pentora workspace show scan-id --filter severity=critical

# Specific CVE
pentora workspace show scan-id --filter cve=CVE-2021-44228

Remediation

Prioritize by severity and exploitability
Patch critical vulnerabilities first
Implement compensating controls
Re-scan to verify remediation

# Before patch
pentora scan --targets web-server.txt --vuln -o before.json

# After patch
pentora scan --targets web-server.txt --vuln -o after.json

# Compare
diff before.json after.json

False Positive Management

Mark false positives:

# Export for review
pentora workspace export scan-id -o findings.csv

# Add exceptions (Enterprise)
pentora exceptions add CVE-2021-1234 --reason "WAF protected"

Compliance Mapping (Enterprise)

Map vulnerabilities to frameworks:

pentora scan --targets dmz.txt --vuln --compliance pci-dss

See Compliance Checks for regulatory scanning.

Enable Vulnerability Checks​

Vulnerability Detection​

Severity Levels​

Filtering Results​

Remediation​

False Positive Management​

Compliance Mapping (Enterprise)​