Categories
Security

Vulnerability Scanning with Nessus

Tenable Nessus is an industry standard vulnerability scanner that can be installed for free for basic network scanning. I’ve also had the opportunity to deploy Nessus agents across a fleet of hundreds of Linux servers and run extensive scans from Tenable cloud.

In this article I’ll describe setting up Nessus in Linux to scan remote hosts. Having knowledge of the vulnerabilities present in your environment is critical in defending against Cyber attack. Using Nessus you can scan hosts across your network and generate reports on the vulnerabilities discovered so that they can be remediated before an incident occurs.

First thing’s first, head over to the Nessus downloads page and download the package appropriate for the machine you’ll be using. As I’m using Kali Linux, I’ll download the latest Debian amd64 version.

Next open a terminal window and install the package.

Note: There are a number of ways to install a package in Linux. In this example I used apt from the terminal, you can also use dpkg or by opening a file explorer and clicking on the package to open the GUI software manager.

Once the package has installed, you can start the Nessus service by typing sudo systemctl start nessusd.service and then navigating to https://127.0.0.1:8834.

If you see a security warning it’s ok to click ‘Accept’ and continue.

I’ll select Nessus Essentials as it’s the free version, and click continue.

Next you’ll be asked to register for an activation key. You can either do this by filling in the form presented on the next screen which will send a verification email to your email address, or you can register for a key on the Tenable website. I just filled in the form and pasted the key into the next page.

Once you’ve activated Nessus you’ll have to wait for a few minutes for setup to complete. Nessus needs to download and install plugins and initialise the installation before it can be used, this can take a while depending on the resources available on your machine.

Once setup has completed you’ll be presented with the dashboard and a prompt to create your first scan.

For the purposes of this demo, I’ve got another virtual machine running CentOS Linux that I’ll scan. Type the IP address of the potentially vulnerable host you wish to scan and click ‘Submit’ followed by ‘Run Scan’.

Nessus will then kickstart a basic network scan to identify vulnerabilities on the host. Please note though that this basic scan is not going to be a thorough list of all vulnerabilities on the host. The basic network scan will only scan the host from the outside and can’t determine an extensive amount of details. For that, you’ll need to configure Nessus further, possibly even installing agents on the host that can probe deeper into the system. For now though, this is good enough.

Once the scan completes you can review the results.

As you can see, Nessus identified 14 potential vulnerabilities that can be investigated further. For this scan there’s nothing incredibly interesting as the machine I scanned is a basic CentOS install with no open services, so I didn’t expect to find anything.