Auditing and creating vulnerability analysis report with Nessus

 

Nessus is one of the best tools to do vulnerability assessment, due to present an interactive interface and be able to generate and robust reporting. We will bring here how to install it, and how to make a vulnerability assessment (scanning) on ​​the target, showing some of its features such as report generation.

Entering a little in his history, it was a Nessus open source software to version 3.0 after it began to be closed with the idea of ​​being marketed. It has a free version, but because the idea of ​​privatization, created a totally free fork, called OpenVas which is a great free version of scanner. As stated Nessus can be obtained by both the free version and the paid, the difference comes down on the number of hosts that can be scanned simultaneously (to free up to 16 simultaneous hosts) and the limitation is not having a process that automates scan some types of scans to audit as mobile, cloud, among other types. But you can do the same type scan the same way, just to know what plugins are needed and to set the scan manually, which the paid version gives you for granted.

Nessus is an advantage in case you know the NASL scripting language, you can create your own plugin and add to it to make your scan. These are the plugins that complement the Nessus function of seeking vulnerabilities, configurations of the breach, the degree of risk (impact level).

Installation

We will make the installation from Linux, due to the greater difficulty of users to do it there. Tenable enter the site and download the tool. To be redirected to the website, follow the link here. And click the Download button on the Nessus version Home (free).

Of 06.11.2015 23:52:31 screenshot

And select the architecture and click on it to start the download.

Of 06.11.2015 20:01:08 screenshot

Now we register an account it is necessary for the activation key (even if free).

Of 06.11.2015 20:33:47 screenshot

Open the email and save the key to activate later.

Now the downloaded Nessus, open the terminal and give the following command:

#dpkg -i Nessus-6.5.2-debian6_amd64.deb

Of 06.11.2015 20:23:04 screenshot

Once installed, you will start his service with the command:

# service nessusd start

Of 06.11.2015 20:23:07 screenshot

Now open your browser and enter your IP (can be localhost) with port 8834, do not forget to assign as HTTPS otherwise may generate error in the time to come.

Of 06.11.2015 20:24:33 screenshot

See that will come across the initial screen of Nessus, click CONTINUE to start the installation process. Now create a local account setting any username and password (remember donates to log data later).

Of 06.11.2015 20:35:12 screenshot

After that, take the key sent to your e-mail to which the message will look like this.

Of 06.11.2015 22:37:33 screenshot

Copy and paste the key in the field request and CONTINUE with the installation.

Of 06.11.2015 22:38:09 screenshot

Now comes the last step of the installation process, which will automatically download the packages and plugins required by the tool. Taking on average about 30 minutes.

Of 06.11.2015 22:38:32 screenshot

After patiently waiting for the finishing process, login with your username and password.

7/11/2015 0:26:36 of screen capture

Note that will be directed to a page where it shows different types of scans. As stated, the difference in pay for the free version is that the pay you have all these kinds of automated scanning and free you would have to go into the settings and set the plugin to be used. Since we do a vulnerability analysis facing web application, go to the Web Application Tests option.

7/11/2015 0:26:57 of screen capture

Now enter the information to start scanning, remember that the only relevant field is the Target which is the IP or DNS of our target, which you can enter up to 16 targets. Finish by clicking the SAVE button.

7/11/2015 0:31:45 of screen capture

Then just give LAUNCH (the “play” button) to begin the process of scanning which can take several hours.

7/11/2015 0:31:55 of screen capture

Click on the NAME of your test and check the results, note that it will show the critical levels of vulnerability. To analyze all the details just click on the indicated color.

Of 08.11.2015 19:15:45 screenshot

Note that it will show the critical level of vulnerability, just click on her name and see a preview explanation of it, how to exploit it, links to consult about the failure, exploits, and other information.

Of 08.11.2015 19:16:00 screenshot

Of 08.11.2015 19:16:09 screenshot

If you want to generate the report as vulnerability analysis document, which is used a lot in Pentest click the “Expose t” and choose the type of report to be generated and click Download.

Of 08.11.2015 19:18:54 screenshot

Open the file you will notice a brief, and all the necessary information to generate a Pentest report. Note the images below.

Of 08.11.2015 19:19:33 screenshot

Of 08.11.2015 19:19:37 screenshot

Conclusion

The most time-consuming for Nessus tool that is the installation compared to other scanners, it has much advantage in its efficiency, and ease of automation in your scanner and report generation of vulnerabilities found. Remembering that every scanner cause noise in the target can easily alarmed some firewall or IDS target, so it is always recommended using proxy to avoid bloque to your real IP.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s