Tenable Network Security Nessus is one of the most comprehensive and widely deployed vulnerability assessment tools. Recently went closed source, but is still essentially free. Works with a client-server frame-work. Nessus Remote Security Scanner is the most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the worlds largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.
It is available as a software package for consumer versions of Microsoft Windows, Windows Server and Linux. It is also available as a preconfigured VM, an Amazon EC2 appliance, a preconfigured hardware appliance or a cloud service. Tenable has a wide variety of plugins which gives Nessus the ability to interface with basically any networked device. In addition, Nessus can be easily integrated with most major patch management systems, which gives administrators the ability to verify that updates are installing as they should be. Nessus can also be deployed with endpoint agents, which allow vulnerability scanning to occur offline and scan results can be collected after. This is valuable for mobile workforces where assets may not always be connected to the corporate network. The endpoint agents also allow Nessus to perform malware scanning. If a zero-day has been identified within the organization, Nessus can be used to quickly check for other machines that have been infected organization-wide.
What is Nessus?
If you are looking for a vulnerability scanner, you might have come across several expensive commercial products and tools with a wide range of features and benefits.
If a free, full-featured vulnerability scanner is on your mind, then it’s time you know about Nessus. This article covers installation, configuring, selecting policies, starting a scan, and analyzing the reports using NESSUS Vulnerability Scanner.
Nessus was founded by Renuad Deraison in 1998 to provide the Internet community with a free remote security scanner. It is one of the full-fledged vulnerability scanners that allow you to detect potential vulnerabilities in systems. Nessus is the world’s most popular vulnerability scanning tool and is supported by most research teams around the world.
The tool is free of cost for personal use in a non-enterprise environment. Nessus uses a web interface to set up, scan, and view reports. It has one of the largest vulnerability knowledge bases available; because of this KB, the tool is very popular.
- Identifies vulnerabilities that allow a remote attacker to access sensitive information from the system
- Checks whether the systems in the network have the latest software patches
- Tries with default passwords, common passwords, on systems account
- Configuration audits
- Vulnerability analysis
- Mobile device audits
- Customized reporting
Nessus also has many other features to support penetration testing activities that you may not be aware of. These include:
- Correlating a vulnerability with an exploit (including cross referencing Metasploit, Core IMPACT, Immunity CANVAS, D2 exploitation packs, ExploitDB, vulnerabilities that do not require an exploit, and more)
- Filtering vulnerability results by exploit availability and/or exploitability ease
- Performing web application scanning and recon including site spidering, detecting common web application vulnerabilities specific to your applications, and fuzzing CGI parameters
- Using credentials harvested from other phases of testing to performcredentialed patch audits, local (client-side) application vulnerability scanning, and discovery of interesting configurations on targets
- Re-casting risk, identify low-severity vulnerabilities and allow an admin-level user to re-cast them as critical vulnerabilities. Re-casting risk empowers testers to review lower severity findings that often lead to serious exposures.
- Microsoft Windows
- Mac OS X (10.5 and higher)
- Free BSD
- Sun Solaris and many more
Step 1: Download Nessus and access activation
Tenable provides Nessus on a wide variety of platforms to choose from. One of those choices is a Linux distribution designed for penetration testers called Kali Linux. Kali Linux, formerly known as “Backtrack”, is a Debian-based Linux distribution containing hundreds of tools to perform penetration tests.
Recommended tutorial for newbies: An Introduction To Hacker’s OS: Kali Linux Setup Tutorial
Now as you know Nessus is pwerfull vulnerability scanner tool, And we are using kali linux for penetration testing. If you think, Is it not installed Kali Linux? Yes, Nessus is not inbuilt in Kali Linux so if you want to take test of Nessus just go on this link:
And Fill the form and register yourself for activation.
When you finished you will be redirect on Nessus downloading page. Click download button you will be there for downloading, just Click on Linux Menu will be open click on Debian option for Kali Linux. Agreement window will be appear, read terms and condition carefully and accept and save file
Step 2: Install Nessus on Kali Linux
By default Nessus file is downloaded in the Download directory so first go inside the Downloads directory and note the name of downloaded file.
After that type the following code (Replace the Nessus_pkg.deb with your saved file name in Downloads folder in my case it is Nessus-6.5.4-debian6_i386.deb)
#dpkg -i Nessus_pkg.deb
Now installation is completed (Note the highlighted url in below image, you will need it next step)
And after complete installation run another command to start service.
Step 3: Accessing Nessus Web Interface
Nessus provide web interface for work, it can be accessed with Iceweasel browser by making https connection.
Now you have to create a username and password, then click continue.
Now Nessus will ask your activation code, check your email for activation code (the email you registered to doenload nessus in step 1) then click continue.
Now Nessus will be downloading its plugins, just wait few time.
When complete you are prompted for the username and password you entered earlier. now type the credential and login.
Before you log in I would recommend bookmarking this page for easy access later.
Step 4: How to use Nessus?
If you haven’t already, launch the Nessus web server from our newly created Start Nessus Server launcher and load the web interface from its corresponding launcher. If your launchers both worked correctly you will be presented with the Nessus login screen, enter the credentials you created earlier to continue.
By default after you log in your are taken directly to the Scane Queue. Nessus is an extremely straight forward and easy to use vulnerability scanner right out of the box, almost everything you need can be found in the top menu.
On the Scan Queue page select New Scan from the sub-menu on the right side of the page. This takes you to the New Scan Template page where you can setup your scan target(s). Name the scan whatever you want, the type should be set to Run Now and select Internal Network Scan for Policy.
Once you start the scan you will be taken back to the Scan Queue page where you can watch the progress of the scan against your poor defenseless target. If you wish you can click on the scan to take you to the Hosts Summary page, or simply wait until it is complete.
Once the scan is complete click on the scan in question to take you to the Hosts Summary page. I have seen in the past where Scan Queue page will not automatically refresh, so feel free to refresh the page as you see fit. Additionally any previous scan can be reviewed later by clicking on the Results tab at the top.
The Hosts Summary page will list all of the hosts you included in the Scan Target field individually. In this example I only used one target, the local host, so only one summary shows up. This host summary also includes a count of all the vulnerabilities for for that individual target as well as in information it has gathered.
If you click on the host you are presented with a more specific listing of all the potential vulnerabilities it has found along with brief description of any information gathered.
Clicking on a vulnerability or information item will take you to the specific page describing the vulnerability in greater detail.
I hope you find this tutorial useful, Thank you.