Nessus is one of the best tools to do vulnerability assessment, due to present an interactive interface and be able to generate and robust reporting. We will bring here how to install it, and how to make a vulnerability assessment (scanning) on the target, showing some of its features such as report generation.
Entering a little in his history, it was a Nessus open source software to version 3.0 after it began to be closed with the idea of being marketed. It has a free version, but because the idea of privatization, created a totally free fork, called OpenVas which is a great free version of scanner. As stated Nessus can be obtained by both the free version and the paid, the difference comes down on the number of hosts that can be scanned simultaneously (to free up to 16 simultaneous hosts) and the limitation is not having a process that automates scan some types of scans to audit as mobile, cloud, among other types. But you can do the same type scan the same way, just to know what plugins are needed and to set the scan manually, which the paid version gives you for granted.
Nessus is an advantage in case you know the NASL scripting language, you can create your own plugin and add to it to make your scan. These are the plugins that complement the Nessus function of seeking vulnerabilities, configurations of the breach, the degree of risk (impact level).
We will make the installation from Linux, due to the greater difficulty of users to do it there. Tenable enter the site and download the tool. To be redirected to the website, follow the link here. And click the Download button on the Nessus version Home (free).
And select the architecture and click on it to start the download.
Now we register an account it is necessary for the activation key (even if free).
Open the email and save the key to activate later.
Now the downloaded Nessus, open the terminal and give the following command:
#dpkg -i Nessus-6.5.2-debian6_amd64.deb
Once installed, you will start his service with the command:
# service nessusd start
Now open your browser and enter your IP (can be localhost) with port 8834, do not forget to assign as HTTPS otherwise may generate error in the time to come.
See that will come across the initial screen of Nessus, click CONTINUE to start the installation process. Now create a local account setting any username and password (remember donates to log data later).
After that, take the key sent to your e-mail to which the message will look like this.
Copy and paste the key in the field request and CONTINUE with the installation.
Now comes the last step of the installation process, which will automatically download the packages and plugins required by the tool. Taking on average about 30 minutes.
After patiently waiting for the finishing process, login with your username and password.
Note that will be directed to a page where it shows different types of scans. As stated, the difference in pay for the free version is that the pay you have all these kinds of automated scanning and free you would have to go into the settings and set the plugin to be used. Since we do a vulnerability analysis facing web application, go to the Web Application Tests option.
Now enter the information to start scanning, remember that the only relevant field is the Target which is the IP or DNS of our target, which you can enter up to 16 targets. Finish by clicking the SAVE button.
Then just give LAUNCH (the “play” button) to begin the process of scanning which can take several hours.
Click on the NAME of your test and check the results, note that it will show the critical levels of vulnerability. To analyze all the details just click on the indicated color.
Note that it will show the critical level of vulnerability, just click on her name and see a preview explanation of it, how to exploit it, links to consult about the failure, exploits, and other information.
If you want to generate the report as vulnerability analysis document, which is used a lot in Pentest click the “Expose t” and choose the type of report to be generated and click Download.
Open the file you will notice a brief, and all the necessary information to generate a Pentest report. Note the images below.
The most time-consuming for Nessus tool that is the installation compared to other scanners, it has much advantage in its efficiency, and ease of automation in your scanner and report generation of vulnerabilities found. Remembering that every scanner cause noise in the target can easily alarmed some firewall or IDS target, so it is always recommended using proxy to avoid bloque to your real IP.