Kali Tool Series - Nessus

Nessus is an open source vulnerability scanner, which scans a network for potential security risks and provide detailed reports.
Few facts about Nessus:

• founded by Renuad Deraison in 1998
• supports multiple systems: Windows, Linux, Mac OS X, Sun, Solaris, etc

Feature

• host/port discovery
• identifies vulnerabilities
• checks whether the systems have the latest software patches
• tries with default passwords, common passwords on system accounts
• malware/botnet detection

(from reference 1 and reference 2)

Install and Setup

Download Nessus at its official site (registration is required, Home version is for free)
After installation, open https://localhost:8834/ on your machine to start Nessus.

Component

• Reports: reports from all the past scans of a target or a set of targets
• Scans: configure or run a new scan
• Policies: configure the things you would like to run for the scans
• Users: different users may have different permission to apply different policies

(Reference)

Policy

Open https://localhost:8834/, and click on “+New Policy” button in the Policy tab.
The information of scanner templates provided by the policy wizard can be found here.

Settings

• Basics
  • general: name / description
  • permission: private / share
• Discovery: host disvocery / port scanning / service discovery
• Assessment: for “web application” only
• Report: configure the scan reports
• Advanced: performance settings, additional checks, and logging features

Scan

Click on “+New Scan” button, then pick scanner template, or user created policy.

General

• name
• description
• folder
• scanner
• targets: IP or domain name (ex. 192.168.1.0/24, 192.168.2.1, example.com)
• upload targets: a file that contains target list

Schedule

Default is disabled.

• launch: pick its frequency - once, daily, weekly, monthly, or yearly
• starts on: start time
• time zone
• summary

Email Notification

Setting up SMTP is required.

Launch

Click on the play icon or the “launch” button, the scan will start directly.

View Results

The result page

• Configure: directs back to the scan settings
• Audit Trail: pulls up the audit trail dialogue
• Launch
• Export: allows you to save the scan result in Nessus (.nessus), PDF, HTML, CSV, or Nessus DB.

Turn On/Off Nessus

Nessus runs as service in background as default.
To turn on:

sudo launchctl load -w /Library/LaunchDaemons/com.tenablesecurity.nessusd.plist

To turn off:

sudo launchctl unload -w /Library/LaunchDaemons/com.tenablesecurity.nessusd.plist