How to Use Nessus To Scan a Network for Vulnerabilities Part 1 | Lucideus

What is Nessus?
Nessus is one of the most popular vulnerability scanners. It was initially free and open source, but they closed the source code in 2005 and removed the free "Registered Feed" version in 2008. It now costs $2,190 per year, which still beats many of its competitors. A free “Nessus Home” version is also available, though it is limited and only licensed for home network use.

Nessus is constantly updated, with more than 70,000 plugins. Key features include remote and local (authenticated) security checks, a client/server architecture with a web-based interface, and an embedded scripting language for writing your own plugins or understanding the existing ones.
For downloads and more information, visit the Nessus homepage.

Key Features

  • Identifies vulnerabilities that allow a remote attacker to access sensitive information
  • Checks whether the systems in the network have the latest software patches
  • Tries with default passwords, common passwords, on systems account
  • Configuration audits
  • Vulnerability analysis
  • Customized reporting

Installation and Configuration

How To Install Tenable Nessus into Kali?

Prior to downloading Nessus, ensure that your Kali Linux installation is up to date.
$ apt update && apt upgrade

Get a License Key
The first step is license key. To use Nessus we can download a trial of 7 days or buy. You have to complete this step from this web page.

Download Nessus Package
Navigate to the Tenable Nessus downloads page and select the appropriate version for your installation of Kali Linux, either the 32-bit or 64-bit Debian package:
Link -

Here I selected “Nessus-7.1.0-debian6_amd64.deb”

Once package download is completed. We will install the Nessus with dpkg tool. Our packages full name is Nessus-7.1.0-debian6_amd64.deb. Installation can take some time. Actually installing Nessus is fast but the configuration of the plugins take some time.

Using the command line, install the Nessus package:
$ dpkg -i Nessus-7.1.0-debian6_amd64.deb

After installing Nessus we should do some configuration. Nessus is not started by default. So we should start Nessus with the following command:
$ /etc/init.d/nessusd start

After the Nessus service starts, using a web browser to navigate to the Nessus Web Interface at:
https://localhost:8834/ Configure and use Nessus You may see a warning about the SSL certificate not being configured appropriately. You can continue past this warning to properly set this up.

Click on an Advanced tab to add an exception.

To configure Nessus, follow the installation wizard. Create an administrator user account, activate with your activation code and let Nessus fetch and process the plugins.

Nessus gives you lots of choices when it comes to running the actual vulnerability scan. You’ll be able to scan individual computers, ranges of IP addresses, or complete subnets. There are over 107130 vulnerability plug-ins with Nessus, which allow you to specify an individual vulnerability or a set of vulnerabilities to test for. In contrast to other tools, Nessus won’t assume that explicit services run on common ports; instead, it will try to exploit the vulnerabilities. Among the foundations for discovering the vulnerabilities in the network are:
  • Determining which operating system is running in the remote machine
  • Knowing which systems exist
  • Knowing which ports are open and which listening services are available on those ports
The basic workflow of Nessus tool is to Login, Create or Configure the Policy, Run the Scan, and Analyze the Results. Configuring the Policy Policies are the vulnerability tests that you can perform on the target machine. Click on the Policies tab on the left of the screen under Resources Click on the New Policy button to create a new policy Under the Scanner tab select the Policy Template based on the scan requirement, such as Basic Scan, Host Discovery, Web Application Tests etc. Based on this type, Nessus prompts you for different options to be selected. For example, Advanced Scan has the following options:

Enter the policy name and description on basis of scan requirement. 

Turn off Remote Host Ping

Enter the port scan range. By default, Nessus scans all the TCP ports in the /etc/services file. You can limit the ports by specifying them manually (for example, 20-30). Here we set 1-65535

Enter the credentials for the scan to use. You can use a single set of credentials or a multiple sets of credentials if you have to. You can also work it out without entering the credentials.

The plug-in tab lists a number of plug-ins. By default, Nessus will have all the plug-ins enabled. You can enable or disable all the plug-ins at a time or enable few from the plug-in family as per the scan you’d like to perform. You can also disable some unwanted plug-ins from the plug-in family by clicking on that particular plug-in. Here we disabled two plug-ins Default Unix Accounts and Denial of Service

Once you are done configuring the policies as per your scan requirement, you need to configure the scan details properly. You can do it under the My Scan tab. You can create a new scan by clicking “New Scan” on the top right. 
Select User Defined tab for using pre-saved policy for a scan. Enter the scan name and description

Enter the target machine that you are planning to test. Depending upon the targets, Nessus takes time to scan the targets.

You have options to run the scan immediately by selecting “Launch”. Or you can make a template which you can schedule later when you want to run the scan.

I have configured the scan to run instantly with the policy that I have created earlier.

Once all the details have been entered, click on Launch (Play Button), which shows that the Scan is running as shown in figure above

Above figure shows target details that you have scanned during the test. Clicking on the host address displays the vulnerabilities Nessus has identified during the test.

Above figure shows the vulnerabilities that Nessus found during a  scan. Nessus marks the risk as critical, high, medium, etc. Clicking on a particular vulnerability gives you a brief description of it. 

In the same manner, you can analyze complete details by clicking on the vulnerabilities. Nessus also suggests solutions or remedies for the vulnerabilities with reference links.

Post a Comment