How to Perform Vulnerability Assessment with Nessus
Post Credit: Glen D. Singh
Nessus is one of the most popular vulnerability scanners and is widely used by network and cybersecurity professionals. Nessus can help you not only identify security vulnerabilities but also provide solutions to help remediate and mitigate cyber-attacks. It also provides a vulnerability score for each security weakness which is used to help prioritize your workflow. Because new vulnerabilities are being discovered every day, using a tool like Nessus is worth having in your arsenal as it can identify over 47,000 known vulnerabilities on systems.
Getting Started
Install and initialize Nessus by using the following instructions:
1- Get an official copy of Kali Linux from https://www.kali.org/get-kali/
2- While Nessus is a commercial product, there is a free version known as Nessus Essential which allows scanning of up to 16 addresses. Go to https://www.tenable.com/products/nessus/nessus-essentials and register for an activation code.
3- Next, head over to https://www.tenable.com/downloads/nessus where you can download the version for Kali Linux as shown below:
4- Open the Terminal and use the following commands to change your working directory to the Downloads folder:kali@kali:~$ cd Downloadskali@kali:~/Downloads$ ls
5- Use the dpkg tool to install Nessus on Kali Linux as shown below:kali@kali:~/Downloads$ sudo dpkg -i Nessus-8.15.0-debian6_amd64.deb
6- Use the following commands to enable the Nessus service on Kali Linux:kali@kali:~/Downloads$ sudo /bin/systemctl start nessusd.service
7- Open the web browser within Kali Linux and go to https://kali:8834/ to begin the setup process for Nessus. Ensure you accept the security warning displayed on the browser.
8- On the Nessus welcome page, select Nessus Essentials and click Continue.
9- On the activation window, click on Skip as you already requested an activate key in step 2.
10- Next, you will need to enter the activation code which can be found in your email inbox:
11- You will be prompted to create a user account to access Nessus. Nessus will download additional updates and plugins which may take some time. Once the installation is complete, log in to Nessus via https://kali:8834/ with your user account. On the top-right corner, click on the New Scan button as shown below:
12- The next screen will present a variety of templates to perform different types of scans. For the sake of this exercise, simply click on Advanced Scan.
13- The New Scan window will appear. Set a name, description, and a target as shown below:
14- Next, click the drop-down arrow on the Save button, then click on Launch to begin the scan. When the scan is completed, click on the scan to open the vulnerability assessment details.
15- To see a list of all the security vulnerabilities found on your target, click on the Vulnerabilities tab.
16- Click on a vulnerability to see the details and its recommended solution.
17- To generate a vulnerability report, click on Report -> PDF.
18- You can also generate an Executive Report which will provide a high-level overview of all the security vulnerabilities found during the scan. This report is good for persons who are not too interested in the technical details but want to get a piece of the overall information.
19- You can also generate a Custom Report which provides all the technical details of each security vulnerability, its description, solution and vulnerability scoring.
Important Note: Ensure you only scan systems that you own or have legal permission to do so.