Nessus

Introduction

  • Nessus is a vulnerability scanning tool provided by Tenable. There are both free and paid versions; however, the free version has some limitations (for example, you can only scan 16 different IP addresses, and some templates and functions are not available).

  • Nessus is not available in the Kali repositories and needs to be installed manually.

How to Install

  • Go to the download page and choose the suitable platform (For Kali, Linux - Debian - amd64)

  • Install the package using the following command: sudo apt install ./<File Name>.deb

How to Start Nessus

  • Before running Nessus on Kali, start its service with this command: systemctl start nessusd

  • By default, Nessus runs on port 8834, so you can access it in your browser by navigating to: https://localhost:8834

Nessus Walkthrough

  • When you log in, you will see two tabs in the dashboard: Scans and Settings.

    • Scans: This tab shows all of your scans, scan templates, plugins, and policies.

    • Settings: This tab allows you to configure the application. For example, you can enter information for an SMTP server to receive scan results via email. The Advanced menu allows you to configure global settings related to the user interface, scan and log behavior, security, and performance.

  • When creating a new scan, you can choose from many available templates.

Vulnerability Scanning Types

  • Nessus provides three general types of vulnerability scans:

    • Basic Network Scan: Performs a full scan with most settings predefined.

    • Advanced Scan: A template without any predefined settings, allowing you to fully customize your scan or meet specific needs.

    • Advanced Dynamic Scan: Similar to Advanced Scan, but you do not need to select plugins manually. Instead, you can configure a dynamic plugin filter.

  • Nessus plugins are programs written in the Nessus Attack Scripting Language (NASL). They contain the information and algorithms needed to detect vulnerabilities. Each plugin is assigned to a plugin family, which covers different use cases.

  • After choosing a template, you will see five settings categories:

    1. Basic: Basic settings such as the scan name, targets, folder, etc.

    2. Discovery: Contains the scan type, where you can assign the scanning method, ports to scan, and more.

    3. Report: Settings regarding the output or report of the scan.

    4. Advanced: Advanced settings like exclusions, timeout limits, and the number of sessions.

    5. (Optional) There may be additional settings based on the selected template.

  • Once all the settings for the scan are configured, you can start the scan by pressing the launch button.

Analyzing the result of the scan.

  • Check your scan status by going to My Scans.

  • Once the scan is finished, its status will change to Completed.

  • The results view includes several tabs:

    • Hosts: Lists all scanned hosts and provides a visual representation of the vulnerability data.

    • Vulnerabilities: Lists all found vulnerabilities along with their severity, CVSS score, family, and count.

    • History: Shows the history of the scan, including when it started, if it was paused, reran, etc.

  • You can export the results of a scan into different formats and report templates.

PreviousNmapNextFfuf

Last updated