Monday, March 14, 2016

Kali Tool Series - Nessus

Nessus is an open source vulnerability scanner, which scans a network for potential security risks and provide detailed reports.
Few facts about Nessus:
  • founded by Renuad Deraison in 1998
  • supports multiple systems: Windows, Linux, Mac OS X, Sun, Solaris, etc

Feature

  • host/port discovery
  • identifies vulnerabilities
  • checks whether the systems have the latest software patches
  • tries with default passwords, common passwords on system accounts
  • malware/botnet detection
(from reference 1 and reference 2)

Install and Setup

Download Nessus at its official site (registration is required, Home version is for free)
After installation, open https://localhost:8834/ on your machine to start Nessus.

Component

  • Reports: reports from all the past scans of a target or a set of targets
  • Scans: configure or run a new scan
  • Policies: configure the things you would like to run for the scans
  • Users: different users may have different permission to apply different policies
(Reference)

Policy

Open https://localhost:8834/, and click on “+New Policy” button in the Policy tab.
The information of scanner templates provided by the policy wizard can be found here.

Settings

  • Basics
    • general: name / description
    • permission: private / share
  • Discovery: host disvocery / port scanning / service discovery
  • Assessment: for “web application” only
  • Report: configure the scan reports
  • Advanced: performance settings, additional checks, and logging features

Scan

Click on “+New Scan” button, then pick scanner template, or user created policy.

General

  • name
  • description
  • folder
  • scanner
  • targets: IP or domain name (ex. 192.168.1.0/24, 192.168.2.1, example.com)
  • upload targets: a file that contains target list

Schedule

Default is disabled.
  • launch: pick its frequency - once, daily, weekly, monthly, or yearly
  • starts on: start time
  • time zone
  • summary

Email Notification

Setting up SMTP is required.

Launch

Click on the play icon or the “launch” button, the scan will start directly.

View Results

The result page

  • Configure: directs back to the scan settings
  • Audit Trail: pulls up the audit trail dialogue
  • Launch
  • Export: allows you to save the scan result in Nessus (.nessus), PDF, HTML, CSV, or Nessus DB.

Turn On/Off Nessus

Nessus runs as service in background as default.
To turn on:
sudo launchctl load -w /Library/LaunchDaemons/com.tenablesecurity.nessusd.plist
To turn off:
sudo launchctl unload -w /Library/LaunchDaemons/com.tenablesecurity.nessusd.plist