Installation and Use of Nessus in Vulnerability Scanning

It’s been said a million times before: security scanning tools are a necessity for pen-testing, information gathering, and sometimes general computer use. When fulfilled, a security scanner can give you a head start on upgrading your security applications.

For pen-testers, a security scanner can be the making or breaking of an important job. Due to the endless potential, a variety of different tools exist for this purpose. One of the more popular options is a remote security scanning tool called Nessus.

CMU’s website describes the tool,

“[Nessus] is a remote security scanning tool, which scans a computer and raises an alert if it discovers any vulnerabilities that malicious hackers could use to gain access to any computer you have connected to a network.  It does this by running over 1200 checks on a given computer, testing to see if any of these attacks could be used to break into the computer or otherwise harm it.”

For Linux based users, the installation is simple:
  1. (sudo) dpkg –install Nessus-4.4.1-debian5_i386.deb (example version – check for most recent)
  2. /opt/nessus/sbin/nessus-adduser (enter password if you’re not already root)
  3. Register your product & copy activation code when email is received
  4. /opt/nessus/bin/nessus-fetch –register CODEHERE
  5. /etc/init.d/nessusd start
  6. Type in your browser: https://127.0.0.1:8834/
  7. Login and follow installation prompts

Learning the interface of Nessus is simple enough. It can also be used for a variety of different things. Like any tool, research is your friend and practice makes perfect.

Key features of Nessus (courtesy of Infosec Institute) include:
  • Identifies vulnerabilities that allow a remote attacker to access sensitive information from the system
  • Checks whether the systems in the network have the latest software patches
  • Tries with default passwords, common passwords, on systems account
  • Configuration audits
  • Vulnerability analysis
  • Mobile device audits
  • Customized reporting

In conclusion, it’s not a bad idea to get friendly with Nessus. A computer is your digital playground, after all.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Microsoft Fixed 100+ Vulnerabilities With October Patch Tuesday