Post

Vulnerability-Scanning-with-Nessus

Posted
By Dharmateja Kollipara
3 min read
Vulnerability-Scanning-with-Nessus

In the last write-up, we set up a home lab for ethical hacking by creating a NAT network in VirtualBox.
In this write-up, we use the Nessus vulnerability scanner to scan a target machine and generate a report for actionable vulnerability management.

Nessus Installation in Kali Linux

1. Download Nessus

Start Kali Linux and download the Nessus package for Linux.
Download Link

2. Install Nessus

Open a terminal and navigate to the Downloads folder:

cd Downloads/ ls

Verify that the Nessus installation file is present. Then, run the following command to install Nessus:

dpkg -i Nessus-10.7.0-debian10_amd64.deb

3. Start the Nessus Service

Run the following command to start the Nessus service:

service nessusd start

4. Access Nessus

Open a web browser and navigate to: https://localhost:8834

Click Advanced, then Accept the Risk and Continue.

5. Activate Nessus

  • On the activation page, choose Register for Nessus Essentials.
  • Check your email for the Tenable Nessus Essentials Activation Code.
  • Paste the activation code and click Continue.

6. Complete Intialization

Wait for the initialization and plugin download process to complete.

7. Set Up Nessus Account

Create a username and password for your Nessus account, then log in.

Configuring a Scan Policy

We use testlab.example.com as the target machine and Kali Linux as the analyst machine. Before scanning, ensure the target is reachable by pinging its IP address: ping 10.10.10.15

Open Nessus and configure a new policy for a weekly scan of assets.

Policy Configuration Details:

  • Policy Template Name: Policy_EH_C1_SN1
  • Scan Name: Nessus Essentials Weekly Scan

    Configuration Setup:

  • Target: 10.10.10.15
  • Schedule: Every Sunday at 12:00 AM
  • Settings:
  • Do not ping the host(s)
  • Scanning fragile devices is not allowed
  • Only scan ports: 80, 443, 139
  • Do not use Local Enumerators
  • Scan over TCP

    Scans to Be Done:

  • Scan for CentOS-specific issues
  • Scan for RedHat-specific issues
  • Scan for denial-of-service vulnerabilities
  • Scan for remote shell access vulnerabilities
  • Scan for RPC
  • Scan for web servers
  • Scan for general, miscellaneous, service, and settings vulnerabilities

    Steps to Configure the Policy

    1. Create a New Policy Click Create New Policy and select Advanced Scan.

  1. Configure the Policy Based on the Template Discovery Tab:

Disable Ping the remote host. Disable all options under Fragile Devices. Port Scanning Tab: Change the default settings to scan only ports: 80, 443, 139. Local Enumerators: Uncheck all options. Scan Method: Enable TCP Scan and disable SYN Scan.

  1. Save the Policy Save the custom policy with the configured settings.

Configuring a Scan

  1. Create a New Scan Go to the My Scans tab. Click New Scan and select the user-defined policy Policy_EH_C1_SN1.

  2. Enter Target Details In the Basic General Settings, enter the IP address: 10.10.10.15 (The target is the TestLab VM with IP address 10.10.10.15.)

  3. Configure the Schedule Enable the schedule. Set the frequency to weekly on Sundays at 12:00 AM. Configure the appropriate timezone.
  4. Save the Scan Click on the Save button.

Running and Exporting the Scan Results

  1. Run the Scan Manually Initiate the scan manually from the My Scans tab.

  2. Export the Results Once the scan is complete, export the results as a .nessus file. Save the report on the analyst machine for further analysis.

Next Steps In this write-up, we successfully:

  • Created a custom scan policy (Policy_EH_C1_SN1).
  • Scheduled and executed a vulnerability scan.
  • Exported the results in a .nessus file.

In the next write-up, we will focus on prioritizing vulnerabilities and creating a response plan based on the generated report.

Vulnerability Scanning
Nessus Vulnerability Management Ethical Hacking Cybersecurity
This post is licensed under CC BY 4.0 by the author.