Day 077 #FromZeroToHacker – Nessus for beginners

Nessus vulnerability scanner is what it does say on the tin: A vulnerability scanner. Using techniques similar to Nmap, but presenting the information in a beautiful GUI.

Let’s learn more about this tool in our daily #FromZeroToHacker challenge.

Table of contents
Introduction
What have I learnt today?
Stats
Resources

Introduction to Nessus

Nessus vulnerability scanner is what it does say on the tin: A vulnerability scanner. Using techniques similar to Nmap, but presenting the information in a beautiful GUI.

Providing a fast, user-friendly way to find, categorise, and fix vulnerabilities, including cloud-based and virtualized resources. Nessus also has more than 450 pre-configured templates for commonly used vulnerability scans and configuration audits to simplify the use of the platform.

What have I learnt today?

Installing Nessus

Let’s install Nessus, something that it is a bit harder than just apt-get install Nessus.

  1. Go to the Downloads section of their website and choose a download. Generally, your browser will pick the correct option, but you should double-check it.
Downloading Nessus
  1. Go to the Downloads folder and install it with sudo dpkg -i <THE_DOWNLOADED_FILE>.
Installing Nessus
  1. After the installation is done, we get a prompt that tells us that we need to type /bin/systemctl start nessusd.service and then visit https://kali:8834/ to configure your scanner. Do so.
Running Nessus service
  1. (bis) Your browser will pop an alert message. Don’t worry and click on Accept the risk and continue.
Browser's warning
  1. Click continue here. Don’t tick the Register offline box.

![[day_077_configuration_start.png]]

Nessus configuration start
  1. Select Register for Nessus Essentials. This is the free version. Unless you want to pay for if, of course. Click on Continue. To register to get an activation code, you have to enter your first and last name and an Email. Even if it only lasts 10 minutes. (10-minute mail is a service that provides an anonymous, free, 10-minute mail ideal to register for services you want to try).
  2. Create a user account. And remember: Use a strong password. You know what happens if you don’t.
  3. Your favourite part. Wait. Grab a cup of your favourite beverage while you wait.
Downloading Nessus plugins
  1. Wait a bit, log in and you’ll get the presentation view of Nessus with all your scans (currently, empty).
Nessus Main screen

Phew! Finally!

P.S.: If the New Scan on the top-right of your screen is greyed out, it is because Nessus is still downloading/installing plugins. Keep waiting. I told you you had to wait!

P.S. 2: I had to wait 30 bloody minutes. You have been warned.

P.S. 3: I noticed that you have a moving icon of two arrows spinning on the top-right side of the screen. If you hover your mouse cursor over it, you can see in which step you are. You can keep an eye in your progress, so you don’t go insane.

Progress bar

Navigations and scans

Once Nessus has installed everything, we can click the New scan button, which will display us a selection of navigation and scan types:

Navigation and Scan types

Read the title and subtitle of each option to understand what it can do.

Example: Basic network scan

Let’s try a basic network scan, a scan that is suitable for any host in a general sense.

Click on Basic Network Scan, the first under the Vulnerabilities section, and enter information in all input fields:

Nessus Basic Network Scan

Save, and run the scan. After a while, you’ll have your report ready.

Nessus Report

Now, you can click on each vulnerability to see more information about that vulnerability and even how to solve it.

Summary

Today we checked:

  • How to install Nessus and how long it takes.
  • How Nessus works.
  • How to perform a basic scan.

Stats

From 54.835th to 53.647th.

Here is also the Skill Matrix:

Skills Matrix

Resources

Series: Pentesting tools

TryHackMe: Nessus

Other resources

Download Nessus
10 minute mail
John the Ripper