From a94a8e4b55a73099fd1f4a375d73131eb7f453c7 Mon Sep 17 00:00:00 2001
From: "Z. Cliffe Schreuders" <code.cliffe@schreuders.org>
Date: Wed, 19 Nov 2025 18:24:26 +0000
Subject: [PATCH] feat: Add GBL vulnerability assessment lab sheet

---
 .../ink/lab_sheets/vulnerability_analysis.ink | 562 ++++++++++++++++++
 1 file changed, 562 insertions(+)
 create mode 100644 story_design/ink/lab_sheets/vulnerability_analysis.ink

diff --git a/story_design/ink/lab_sheets/vulnerability_analysis.ink b/story_design/ink/lab_sheets/vulnerability_analysis.ink
new file mode 100644
index 0000000..0826e37
--- /dev/null
+++ b/story_design/ink/lab_sheets/vulnerability_analysis.ink
@@ -0,0 +1,562 @@
+// Vulnerability Analysis Lab Sheet
+// Based on HacktivityLabSheets: introducing_attacks/8_vulnerability_analysis.md
+// Author: Z. Cliffe Schreuders, Anatoliy Gorbenko, Tom Shaw
+// License: CC BY-SA 4.0
+
+// Global persistent state
+VAR instructor_rapport = 0
+VAR vuln_scanning_mastery = 0
+
+// External variables
+EXTERNAL player_name
+
+=== start ===
+Vulnerability Assessment Specialist: Welcome, Agent {player_name}. I'm your instructor for Vulnerability Analysis and Assessment.
+
+~ instructor_rapport = 0
+~ vuln_scanning_mastery = 0
+
+Vulnerability Assessment Specialist: Vulnerability assessment is critical for efficiently identifying security weaknesses in systems before attackers find them.
+
+Vulnerability Assessment Specialist: While penetration testing involves manually researching and exploiting vulnerabilities, vulnerability scanning is an automated approach that quickly surveys systems for known security issues.
+
+Vulnerability Assessment Specialist: You'll learn to use industry-standard tools like Nmap NSE, Nessus, and Nikto - understanding their strengths, limitations, and when to use each.
+
+Vulnerability Assessment Specialist: Remember: these are powerful reconnaissance tools. Use them only on systems you're authorized to assess.
+
+~ vuln_scanning_mastery += 10
+
+-> vuln_scan_hub
+
+=== vuln_scan_hub ===
+Vulnerability Assessment Specialist: What aspect of vulnerability assessment would you like to explore?
+
++ [What is vulnerability scanning?]
+    -> vuln_scanning_intro
++ [Vulnerability scanning vs penetration testing]
+    -> scanning_vs_pentesting
++ [Nmap Scripting Engine (NSE)]
+    -> nmap_nse
++ [Using Nessus vulnerability scanner]
+    -> nessus_scanner
++ [Web vulnerability scanning with Nikto]
+    -> nikto_scanner
++ [Limitations of automated tools]
+    -> tool_limitations
++ [Show me the commands reference]
+    -> commands_reference
++ [Practical challenge tips]
+    -> challenge_tips
++ [I'm ready for the lab exercises]
+    -> ready_for_practice
++ [That's all for now]
+    #exit_conversation
+    -> END
+
+=== vuln_scanning_intro ===
+Vulnerability Assessment Specialist: Vulnerability scanning is an automated approach to identifying security weaknesses in systems.
+
+~ instructor_rapport += 5
+
+Vulnerability Assessment Specialist: Scanners typically perform or import network scans like port scans and service identification, then automatically check whether detected services contain known vulnerabilities.
+
+Vulnerability Assessment Specialist: They compare detected service versions against databases of known vulnerabilities - similar to what you did manually using CVE databases.
+
++ [How do vulnerability scanners work?]
+    Vulnerability Assessment Specialist: Most vulnerability scanners follow a standard process:
+
+    Vulnerability Assessment Specialist: First, they conduct or import a port scan to identify running services and their versions.
+
+    Vulnerability Assessment Specialist: Then they compare this information against databases of known vulnerabilities for those specific versions.
+
+    Vulnerability Assessment Specialist: Many also send probes to confirm vulnerabilities actually exist, not just assume based on version numbers.
+
+    Vulnerability Assessment Specialist: Some tests are potentially dangerous and might crash services, so most scanners offer a "safe mode" to avoid risky checks.
+
+    ~ instructor_rapport += 5
+
++ [Why use automated scanning?]
+    Vulnerability Assessment Specialist: Automated scanning has several advantages:
+
+    Vulnerability Assessment Specialist: It's fast - scanning hundreds of systems in the time it would take to manually test one.
+
+    Vulnerability Assessment Specialist: It's comprehensive - checking for thousands of known vulnerabilities systematically.
+
+    Vulnerability Assessment Specialist: It's repeatable - you can regularly rescan to catch newly introduced vulnerabilities.
+
+    Vulnerability Assessment Specialist: It reduces the risk of human error or overlooking obvious issues.
+
+    Vulnerability Assessment Specialist: However, it also has significant limitations we'll discuss.
+
+    ~ instructor_rapport += 5
+
+- -> vuln_scan_hub
+
+=== scanning_vs_pentesting ===
+Vulnerability Assessment Specialist: Penetration testing and vulnerability scanning are complementary but distinct approaches.
+
+~ instructor_rapport += 5
+
+Vulnerability Assessment Specialist: Penetration testing involves manual research, planning, and actual exploitation of vulnerabilities. It's deeper but slower.
+
+Vulnerability Assessment Specialist: Vulnerability scanning is automated, faster, and broader but shallower.
+
++ [What are the advantages of penetration testing?]
+    Vulnerability Assessment Specialist: Penetration testing has several key advantages:
+
+    Vulnerability Assessment Specialist: Very few false positives - if a tester successfully exploits a vulnerability, it's definitely real.
+
+    Vulnerability Assessment Specialist: Testers can chain vulnerabilities together in creative ways automated tools can't imagine.
+
+    Vulnerability Assessment Specialist: Human intuition can spot logical flaws and business logic vulnerabilities that scanners miss.
+
+    Vulnerability Assessment Specialist: However, there's always risk that an exploit may cause unintentional damage.
+
+    Vulnerability Assessment Specialist: And even skilled testers might miss something obvious if they're checking things manually.
+
+    ~ instructor_rapport += 5
+
++ [What are the advantages of vulnerability scanning?]
+    Vulnerability Assessment Specialist: Vulnerability scanning excels at:
+
+    Vulnerability Assessment Specialist: Speed - scanning entire networks in hours instead of days or weeks.
+
+    Vulnerability Assessment Specialist: Coverage - systematically checking for thousands of known vulnerabilities.
+
+    Vulnerability Assessment Specialist: Safety - tests can be configured to avoid dangerous probes that might crash services.
+
+    Vulnerability Assessment Specialist: Consistency - same tests run the same way every time.
+
+    Vulnerability Assessment Specialist: Cost-effectiveness - after initial setup, scanning is cheap to repeat regularly.
+
+    ~ instructor_rapport += 5
+
++ [Which approach is better?]
+    Vulnerability Assessment Specialist: The best security assessments use both!
+
+    Vulnerability Assessment Specialist: Start with vulnerability scanning to quickly identify low-hanging fruit and obvious issues.
+
+    Vulnerability Assessment Specialist: Then use penetration testing to go deeper, verify critical findings, and test how vulnerabilities can be chained together.
+
+    Vulnerability Assessment Specialist: Many organizations do frequent vulnerability scans with periodic penetration tests.
+
+    Vulnerability Assessment Specialist: Think of scanning as your smoke detector, and penetration testing as your fire drill.
+
+    ~ instructor_rapport += 5
+
+- -> vuln_scan_hub
+
+=== nmap_nse ===
+Vulnerability Assessment Specialist: The Nmap Scripting Engine (NSE) extends Nmap's capabilities beyond simple port scanning.
+
+~ instructor_rapport += 5
+
+Vulnerability Assessment Specialist: NSE allows Nmap to be extended with scripts that add service detection, vulnerability checking, and even exploitation capabilities.
+
+Vulnerability Assessment Specialist: Nmap is distributed with hundreds of scripts written in the Lua programming language.
+
++ [How do I use Nmap scripts?]
+    Vulnerability Assessment Specialist: The simplest way is to use the default script set:
+
+    Vulnerability Assessment Specialist: nmap -sC TARGET
+
+    Vulnerability Assessment Specialist: This runs all scripts categorized as "default" - safe, useful, and not overly intrusive.
+
+    Vulnerability Assessment Specialist: For vulnerability scanning specifically: nmap --script vuln -sV TARGET
+
+    Vulnerability Assessment Specialist: The vuln category includes scripts that check for known vulnerabilities.
+
+    Vulnerability Assessment Specialist: You can also run specific scripts: nmap --script distcc-cve2004-2687 TARGET
+
+    ~ instructor_rapport += 5
+
++ [Where are NSE scripts located?]
+    Vulnerability Assessment Specialist: All NSE scripts are stored in /usr/share/nmap/scripts/
+
+    Vulnerability Assessment Specialist: You can list them with: ls /usr/share/nmap/scripts/
+
+    Vulnerability Assessment Specialist: Each script is a .nse file. Looking at their code shows what they check for.
+
+    Vulnerability Assessment Specialist: For example, distcc-cve2004-2687.nse checks for the specific Distcc vulnerability.
+
+    Vulnerability Assessment Specialist: The scripts are organized by category: auth, broadcast, default, discovery, dos, exploit, fuzzer, intrusive, malware, safe, version, and vuln.
+
+    ~ instructor_rapport += 5
+
++ [How effective is NSE for vulnerability detection?]
+    Vulnerability Assessment Specialist: NSE vulnerability detection is useful but limited.
+
+    Vulnerability Assessment Specialist: The vuln scripts check for specific, well-known vulnerabilities - they're not comprehensive like dedicated vulnerability scanners.
+
+    Vulnerability Assessment Specialist: However, they're very useful for quick checks and are actively maintained by the Nmap community.
+
+    Vulnerability Assessment Specialist: Think of NSE as a lightweight vulnerability scanner - good for initial assessment but not a replacement for tools like Nessus.
+
+    ~ instructor_rapport += 5
+
+- -> vuln_scan_hub
+
+=== nessus_scanner ===
+Vulnerability Assessment Specialist: Nessus by Tenable is one of the most popular commercial vulnerability scanners in the industry.
+
+~ instructor_rapport += 5
+
+Vulnerability Assessment Specialist: It uses a client-server architecture with a web interface, and can scan for tens of thousands of vulnerabilities.
+
+Vulnerability Assessment Specialist: Vulnerability tests are written in NASL (Nessus Attack Scripting Language), and subscribers receive regular updates to vulnerability signatures.
+
++ [How do I use Nessus?]
+    Vulnerability Assessment Specialist: Access Nessus through its web interface at https://localhost:8834
+
+    Vulnerability Assessment Specialist: Login with the credentials provided (typically nessusadmin)
+
+    Vulnerability Assessment Specialist: Click "New Scan" and choose a scan template - Basic Network Scan is a good starting point.
+
+    Vulnerability Assessment Specialist: Enter your target IP addresses and click "Launch"
+
+    Vulnerability Assessment Specialist: Nessus will systematically test the targets and present results categorized by severity: Critical, High, Medium, Low, Info.
+
+    ~ instructor_rapport += 5
+
++ [What scan templates does Nessus offer?]
+    Vulnerability Assessment Specialist: Nessus offers various scan profiles for different purposes:
+
+    Vulnerability Assessment Specialist: Basic Network Scan - Good general-purpose scan for network services
+
+    Vulnerability Assessment Specialist: Advanced Scan - Allows detailed customization of what to check
+
+    Vulnerability Assessment Specialist: Web Application Tests - Focused on web vulnerabilities
+
+    Vulnerability Assessment Specialist: Compliance scans - Check systems against security policy standards
+
+    Vulnerability Assessment Specialist: Each template determines which vulnerability checks run and how aggressive the scanning is.
+
+    ~ instructor_rapport += 5
+
++ [How do I interpret Nessus results?]
+    Vulnerability Assessment Specialist: Nessus presents results with detailed information for each finding:
+
+    Vulnerability Assessment Specialist: Severity rating (Critical to Info) helps prioritize remediation
+
+    Vulnerability Assessment Specialist: CVE identifiers link to official vulnerability databases
+
+    Vulnerability Assessment Specialist: Plugin descriptions explain what was found and why it's a problem
+
+    Vulnerability Assessment Specialist: Solution sections provide remediation guidance
+
+    Vulnerability Assessment Specialist: References link to additional information and exploit code
+
+    Vulnerability Assessment Specialist: You can export results as HTML, PDF, or XML for reports or import into Metasploit.
+
+    ~ instructor_rapport += 5
+
++ [What's the difference between Basic and Advanced scans?]
+    Vulnerability Assessment Specialist: Basic scans use default settings optimized for speed and safety.
+
+    Vulnerability Assessment Specialist: Advanced scans let you customize:
+
+    Vulnerability Assessment Specialist: Which vulnerability checks to run
+
+    Vulnerability Assessment Specialist: Whether to perform "thorough tests" (slower but more comprehensive)
+
+    Vulnerability Assessment Specialist: Whether to show potential false alarms
+
+    Vulnerability Assessment Specialist: Advanced scans typically find more vulnerabilities but take longer and carry slightly higher risk of disruption.
+
+    ~ instructor_rapport += 5
+
+- -> vuln_scan_hub
+
+=== nikto_scanner ===
+Vulnerability Assessment Specialist: Nikto is a command-line web vulnerability scanner focused exclusively on web servers and applications.
+
+~ instructor_rapport += 5
+
+Vulnerability Assessment Specialist: While general scanners like Nmap and Nessus check web servers, Nikto specializes in web-specific vulnerabilities.
+
+Vulnerability Assessment Specialist: It scans for over 6,000 web security issues including dangerous CGI scripts, misconfigurations, and known vulnerable software.
+
++ [How do I use Nikto?]
+    Vulnerability Assessment Specialist: Nikto is straightforward to use:
+
+    Vulnerability Assessment Specialist: nikto -host TARGET_IP
+
+    Vulnerability Assessment Specialist: Nikto will automatically detect web servers on common ports and scan them.
+
+    Vulnerability Assessment Specialist: You can also specify a port: nikto -host TARGET_IP -port 8080
+
+    Vulnerability Assessment Specialist: Or scan SSL/TLS sites: nikto -host TARGET_IP -ssl
+
+    Vulnerability Assessment Specialist: The output shows each issue found with references to more information.
+
+    ~ instructor_rapport += 5
+
++ [What kinds of issues does Nikto detect?]
+    Vulnerability Assessment Specialist: Nikto looks for web-specific vulnerabilities:
+
+    Vulnerability Assessment Specialist: Outdated server software with known exploits
+
+    Vulnerability Assessment Specialist: Dangerous default files and directories (admin panels, config files)
+
+    Vulnerability Assessment Specialist: Server misconfigurations (directory listings, verbose errors)
+
+    Vulnerability Assessment Specialist: Known vulnerable web applications and frameworks
+
+    Vulnerability Assessment Specialist: Interesting HTTP headers that might reveal information
+
+    ~ instructor_rapport += 5
+
++ [How does Nikto compare to Nessus for web scanning?]
+    Vulnerability Assessment Specialist: Nikto and Nessus overlap but have different strengths:
+
+    Vulnerability Assessment Specialist: Nikto is specialized - it goes deeper on web-specific issues.
+
+    Vulnerability Assessment Specialist: Nessus is broader - it checks web servers along with everything else.
+
+    Vulnerability Assessment Specialist: Nikto is free and open source; Nessus commercial versions are quite expensive.
+
+    Vulnerability Assessment Specialist: For comprehensive web testing, use both! They often find different issues.
+
+    ~ instructor_rapport += 5
+
+- -> vuln_scan_hub
+
+=== tool_limitations ===
+Vulnerability Assessment Specialist: Understanding the limitations of automated tools is crucial for effective security assessment.
+
+~ instructor_rapport += 5
+
+Vulnerability Assessment Specialist: No single tool finds everything. Different tools detect different vulnerabilities based on their databases and testing methods.
+
+Vulnerability Assessment Specialist: All automated tools produce false positives and false negatives.
+
++ [What are false positives and false negatives?]
+    Vulnerability Assessment Specialist: False positives are vulnerabilities reported that don't actually exist.
+
+    Vulnerability Assessment Specialist: For example, a scanner might think software is vulnerable based on version number, but a patch was backported.
+
+    Vulnerability Assessment Specialist: False negatives are real vulnerabilities that scanners miss completely.
+
+    Vulnerability Assessment Specialist: This happens when vulnerabilities aren't in the scanner's database, or tests aren't configured to detect them.
+
+    Vulnerability Assessment Specialist: Penetration testing helps confirm scanner findings and find what was missed.
+
+    ~ instructor_rapport += 5
+
++ [Why don't scanners detect all vulnerabilities?]
+    Vulnerability Assessment Specialist: Several factors limit scanner effectiveness:
+
+    Vulnerability Assessment Specialist: Signature-based detection only finds KNOWN vulnerabilities in their databases.
+
+    Vulnerability Assessment Specialist: Zero-day vulnerabilities (unknown to vendors) won't be detected.
+
+    Vulnerability Assessment Specialist: Configuration issues and logical flaws often can't be detected automatically.
+
+    Vulnerability Assessment Specialist: Scanners might not test certain services if they're on non-standard ports.
+
+    Vulnerability Assessment Specialist: Safe mode settings might skip tests that could confirm vulnerabilities.
+
+    ~ instructor_rapport += 5
+
++ [How can different scanners miss different things?]
+    Vulnerability Assessment Specialist: Each scanner has different vulnerability databases and detection methods:
+
+    Vulnerability Assessment Specialist: Nmap NSE has a limited set of vulnerability scripts focused on network services.
+
+    Vulnerability Assessment Specialist: Nessus has an extensive database of checks but might not detect web-specific issues.
+
+    Vulnerability Assessment Specialist: Nikto specializes in web vulnerabilities but doesn't check other services.
+
+    Vulnerability Assessment Specialist: This is why security professionals run multiple scanners - each catches things others miss.
+
+    Vulnerability Assessment Specialist: Even then, manual testing is essential to find what all the scanners missed!
+
+    ~ instructor_rapport += 5
+
+- -> vuln_scan_hub
+
+=== commands_reference ===
+Vulnerability Assessment Specialist: Let me provide a comprehensive vulnerability scanning commands reference.
+
+~ instructor_rapport += 5
+
+Vulnerability Assessment Specialist: **Nmap NSE Scanning:**
+
+Vulnerability Assessment Specialist: Default script scan: nmap -sC TARGET
+
+Vulnerability Assessment Specialist: Vulnerability scripts: nmap --script vuln -sV TARGET
+
+Vulnerability Assessment Specialist: Specific ports: nmap --script vuln -sV -p 1-5000 TARGET
+
+Vulnerability Assessment Specialist: Specific script: nmap --script distcc-cve2004-2687 TARGET
+
+Vulnerability Assessment Specialist: List available scripts: ls /usr/share/nmap/scripts/
+
+Vulnerability Assessment Specialist: View script code: cat /usr/share/nmap/scripts/SCRIPT_NAME.nse
+
++ [Show me Nessus workflow]
+    Vulnerability Assessment Specialist: **Nessus Scanning:**
+
+    Vulnerability Assessment Specialist: Access web interface: https://localhost:8834
+
+    Vulnerability Assessment Specialist: Login: nessusadmin / nessusadmin01
+
+    Vulnerability Assessment Specialist: **Workflow:**
+
+    Vulnerability Assessment Specialist: 1. Click "New Scan"
+
+    Vulnerability Assessment Specialist: 2. Select scan template (Basic Network Scan or Advanced Scan)
+
+    Vulnerability Assessment Specialist: 3. Enter scan name and target IP addresses
+
+    Vulnerability Assessment Specialist: 4. For Advanced scans, configure: Thorough tests, Show potential false alarms
+
+    Vulnerability Assessment Specialist: 5. Click "Save" then "Launch"
+
+    Vulnerability Assessment Specialist: 6. View results: Click scan name → "Vulnerabilities" tab
+
+    Vulnerability Assessment Specialist: 7. Export results: "Export" → choose format (HTML, PDF, CSV, XML)
+
+    ~ instructor_rapport += 3
+
++ [Show me Nikto commands]
+    Vulnerability Assessment Specialist: **Nikto Web Scanning:**
+
+    Vulnerability Assessment Specialist: Basic scan: nikto -host TARGET_IP
+
+    Vulnerability Assessment Specialist: Specific port: nikto -host TARGET_IP -port 8080
+
+    Vulnerability Assessment Specialist: SSL/HTTPS: nikto -host TARGET_IP -ssl
+
+    Vulnerability Assessment Specialist: Multiple ports: nikto -host TARGET_IP -port 80,443,8080
+
+    Vulnerability Assessment Specialist: **Tips:**
+
+    Vulnerability Assessment Specialist: Output can be verbose - redirect to file: nikto -host TARGET > nikto_results.txt
+
+    Vulnerability Assessment Specialist: Check specific paths: nikto -host TARGET -root /admin/
+
+    ~ instructor_rapport += 3
+
++ [Show me comparison workflow]
+    Vulnerability Assessment Specialist: **Comprehensive Assessment Workflow:**
+
+    Vulnerability Assessment Specialist: 1. Start with Nmap service detection: nmap -sV -p- TARGET
+
+    Vulnerability Assessment Specialist: 2. Run Nmap vuln scripts: nmap --script vuln -sV TARGET
+
+    Vulnerability Assessment Specialist: 3. Launch Nessus Basic scan for broad coverage
+
+    Vulnerability Assessment Specialist: 4. Launch Nessus Advanced scan with thorough tests
+
+    Vulnerability Assessment Specialist: 5. For web servers, run Nikto: nikto -host TARGET
+
+    Vulnerability Assessment Specialist: 6. Compare results - note what each tool found uniquely
+
+    Vulnerability Assessment Specialist: 7. Verify critical findings with manual testing or exploitation
+
+    ~ instructor_rapport += 3
+
+- -> vuln_scan_hub
+
+=== challenge_tips ===
+Vulnerability Assessment Specialist: Let me give you practical tips for the vulnerability assessment challenges.
+
+~ instructor_rapport += 5
+
+Vulnerability Assessment Specialist: **Running Scans:**
+
+Vulnerability Assessment Specialist: Start Nmap vuln scans early - they take time to complete.
+
+Vulnerability Assessment Specialist: While Nmap runs, start your Nessus scans in parallel.
+
+Vulnerability Assessment Specialist: If Nessus is still initializing plugins, skip ahead to Nikto and come back.
+
++ [Tips for comparing results?]
+    Vulnerability Assessment Specialist: Document what each tool finds:
+
+    Vulnerability Assessment Specialist: Note which vulnerabilities Nmap NSE detects
+
+    Vulnerability Assessment Specialist: Count vulnerabilities by severity in Nessus (Critical, High, Medium, Low)
+
+    Vulnerability Assessment Specialist: Compare Basic vs Advanced Nessus scans - how many more does Advanced find?
+
+    Vulnerability Assessment Specialist: Check what Nikto finds that the others missed
+
+    Vulnerability Assessment Specialist: The lab has MULTIPLE exploitable vulnerabilities - see how many each tool detects.
+
+    ~ instructor_rapport += 5
+
++ [Tips for exploiting found vulnerabilities?]
+    Vulnerability Assessment Specialist: The lab includes vulnerabilities you've seen before (like Distcc) and new ones.
+
+    Vulnerability Assessment Specialist: Try exploiting vulnerabilities detected by the scanners to confirm they're real.
+
+    Vulnerability Assessment Specialist: There's a NEW privilege escalation vulnerability this week - a different sudo vulnerability.
+
+    Vulnerability Assessment Specialist: This time you don't know the user's password, so the previous sudo exploit won't work!
+
+    Vulnerability Assessment Specialist: Look for CVE-2021-3156 (Baron Samedit) - affects sudo versions 1.8.2-1.8.31p2 and 1.9.0-1.9.5p1
+
+    ~ instructor_rapport += 5
+
++ [Tips for privilege escalation?]
+    Vulnerability Assessment Specialist: After exploiting a service, check the sudo version: sudo --version
+
+    Vulnerability Assessment Specialist: The Baron Samedit vulnerability (CVE-2021-3156) might be present.
+
+    Vulnerability Assessment Specialist: This exploit works differently - it doesn't require knowing a password!
+
+    Vulnerability Assessment Specialist: You may need to upgrade your shell to Meterpreter first to use the Metasploit exploit.
+
+    Vulnerability Assessment Specialist: Search Metasploit: search baron_samedit or search CVE-2021-3156
+
+    Vulnerability Assessment Specialist: Use: exploit/linux/local/sudo_baron_samedit
+
+    ~ instructor_rapport += 5
+
++ [Troubleshooting tips?]
+    Vulnerability Assessment Specialist: If Nessus gives API access errors, clear your browser cache (Ctrl+Shift+Delete)
+
+    Vulnerability Assessment Specialist: If you can't access a web server, check Firefox proxy settings - disable the proxy or add exclusion for 10.*.*.*
+
+    Vulnerability Assessment Specialist: Some vulnerable services might be patched - try attacking all available services.
+
+    Vulnerability Assessment Specialist: Nessus scans can take 15-30 minutes - be patient!
+
+    Vulnerability Assessment Specialist: Compare results across all tools to see their different strengths and blind spots.
+
+    ~ instructor_rapport += 5
+
+- -> vuln_scan_hub
+
+=== ready_for_practice ===
+Vulnerability Assessment Specialist: Excellent! You're ready for comprehensive vulnerability assessment.
+
+~ instructor_rapport += 10
+~ vuln_scanning_mastery += 10
+
+Vulnerability Assessment Specialist: You'll use multiple industry-standard tools to assess the same target and compare their effectiveness.
+
+Vulnerability Assessment Specialist: This lab demonstrates an important lesson: no single tool catches everything. Layer your defenses and your assessments!
+
+Vulnerability Assessment Specialist: Remember: vulnerability scanners are reconnaissance tools. Use them only on authorized targets.
+
++ [Any final advice?]
+    Vulnerability Assessment Specialist: Be systematic. Run all the tools, document findings, and compare results.
+
+    Vulnerability Assessment Specialist: Pay attention to what each tool finds that others miss - this teaches you their strengths and weaknesses.
+
+    Vulnerability Assessment Specialist: Don't just collect scan results - verify critical findings by actually exploiting them.
+
+    Vulnerability Assessment Specialist: The limitations of these tools are as important as their capabilities. Real attackers won't stop at what scanners find.
+
+    Vulnerability Assessment Specialist: Take notes on severity ratings, CVE numbers, and remediation advice - these make great report content.
+
+    Vulnerability Assessment Specialist: Good luck, Agent {player_name}. Time to see what automated tools can and can't detect!
+
+    ~ instructor_rapport += 10
+
+- -> vuln_scan_hub
+
+-> END