Nessus

Introduction

  • Nessus is a vulnerability scanning tool that's provided by tenable.

  • There are both free and paid versions with some limitations posed on the free version (For example, we can only scan 16 different IP addresses, and some templates and functions are not available.).

  • The minimum hardware requirements Tenable recommends are 4 CPU cores and 8GB of RAM.

  • Nessus is not available in the Kali repositories and needs to be installed manually.

How to Install

  • Go to the download page and choose the suitable platform (For Kali, Linux - Debian - amd64)

  • sudo apt install ./<File Name>.deb

How to Start Nessus

  • Before running Nessus on Kali, we have to start its service using this command systemctl start nessusd

  • By default nessus will run on port 8834, so we can access nessus using our browser by typing https://localhost:8834

Nessus Walkthrough

  • There are 2 tabs in the dashboard, Scans and Settings:

    • Scans: Where we can see all of our scans, scans templates, plugins, and policies.

    • Settings: Allows us to configure the application. For example, we can enter information for a SMTP server to get scan results via email. The advanced menu allows us to configure global settings ranging from user interface, scan and log behavior, to security and performance related options.

  • When creating a new scan, we can choose any scan from the many templates available

  • Nessus provides 3 general vulnerability scanning types:

    • Basic Network Scan: Performs a full scan with the majority of settings predefined.

    • Advanced Scan: A template without any predefined settings. We can use this when we want to fully customize our vulnerability scan or if we have specific needs.

    • Advanced Dynamic Scan: Similar to Advanced Scan. However, we don't need to select plugins manually. The template allows us to configure a dynamic plugin filter instead.

  • Nessus Plugins are programs written in the Nessus Attack Scripting Language (NASL) that contain the information and the algorithm to detect vulnerabilities. Each plugin is assigned to a plugin family, which covers different use cases.

  • After choosing a template, there are 5 settings categories:

    • Basic: Basic settings including the name, targets, folder, etc..

    • Discovery: Contains the scan type where we can assign the scanning method, ports to scan, etc..

    • Report: Settings with regard to the reporting (output of the scan)

    • Advanced: Advanced settings like what to exclude, timeout limit, number of sessions, etc..

  • When the settings for the scan are all set, we can start the scan by pressing the lunch button.

Analyzing the result of the scan.

  • We check our scan status by going to My Scans.

  • Once the scan is finished the status will change to Completed.

  • There are a few tabs in the results:

    • Hosts: Lists all scanned hosts and provides a visual representation of the vulnerability data.

    • Vulnerabilities: Lists all the found vulnerabilities alongside their severity, CVSS, family, and count.

    • History: Shows the history of the scan itself, when it started, if it was paused, if it was reran again, etc..

  • The results of a scan can be exported into different formats and different report templates.

PreviousNmapNextMetasploit

Last updated