Nessus vulnerability scanner is what it does say on the tin: A vulnerability scanner. Using techniques similar to Nmap, but presenting the information in a beautiful GUI.
Let’s learn more about this tool in our daily #FromZeroToHacker challenge.
| Table of contents |
| Introduction |
| What have I learnt today? |
| Stats |
| Resources |
Introduction to Nessus
Nessus vulnerability scanner is what it does say on the tin: A vulnerability scanner. Using techniques similar to Nmap, but presenting the information in a beautiful GUI.
Providing a fast, user-friendly way to find, categorise, and fix vulnerabilities, including cloud-based and virtualized resources. Nessus also has more than 450 pre-configured templates for commonly used vulnerability scans and configuration audits to simplify the use of the platform.
What have I learnt today?
Installing Nessus
Let’s install Nessus, something that it is a bit harder than just apt-get install Nessus.
- Go to the Downloads section of their website and choose a download. Generally, your browser will pick the correct option, but you should double-check it.
- Go to the Downloads folder and install it with
sudo dpkg -i <THE_DOWNLOADED_FILE>.
- After the installation is done, we get a prompt that tells us that we need to type
/bin/systemctl start nessusd.serviceand then visit https://kali:8834/ to configure your scanner. Do so.
- (bis) Your browser will pop an alert message. Don’t worry and click on Accept the risk and continue.
- Click continue here. Don’t tick the Register offline box.
![[day_077_configuration_start.png]]
- Select Register for Nessus Essentials. This is the free version. Unless you want to pay for if, of course. Click on Continue. To register to get an activation code, you have to enter your first and last name and an Email. Even if it only lasts 10 minutes. (10-minute mail is a service that provides an anonymous, free, 10-minute mail ideal to register for services you want to try).
- Create a user account. And remember: Use a strong password. You know what happens if you don’t.
- Your favourite part. Wait. Grab a cup of your favourite beverage while you wait.
- Wait a bit, log in and you’ll get the presentation view of Nessus with all your scans (currently, empty).
Phew! Finally!
P.S.: If the New Scan on the top-right of your screen is greyed out, it is because Nessus is still downloading/installing plugins. Keep waiting. I told you you had to wait!
P.S. 2: I had to wait 30 bloody minutes. You have been warned.
P.S. 3: I noticed that you have a moving icon of two arrows spinning on the top-right side of the screen. If you hover your mouse cursor over it, you can see in which step you are. You can keep an eye in your progress, so you don’t go insane.
Navigations and scans
Once Nessus has installed everything, we can click the New scan button, which will display us a selection of navigation and scan types:
Read the title and subtitle of each option to understand what it can do.
Example: Basic network scan
Let’s try a basic network scan, a scan that is suitable for any host in a general sense.
Click on Basic Network Scan, the first under the Vulnerabilities section, and enter information in all input fields:
Save, and run the scan. After a while, you’ll have your report ready.
Now, you can click on each vulnerability to see more information about that vulnerability and even how to solve it.
Summary
Today we checked:
- How to install Nessus and how long it takes.
- How Nessus works.
- How to perform a basic scan.
Stats
From 54.835th to 53.647th.
Here is also the Skill Matrix:
