Don’t worry, this is not going to be another security-only blog but as I mentioned Nessus before I thought about doing a quick tutorial on this vulnerability tool too.
Compared to Nexpose, the tool I described earlier, Nessus seems to be rather light-weight (both system requirements and handling).
You can get Nessus from “Tenable Network Security” – Website (including other applications based on Nessus, Trainings, and so on) as Windows executable, binaries for Mac OSX and packages for many different flavors of *nix systems.
After downloading the appropriate file for you system (article based on a Debian Linux) install it with
dpkg -i Nessus-4.4.1-debian6_amd64.deb
After successful setup, Nessus prints the following output on the screen:
nessusd (Nessus) 4.4.1 [build M15078] for Linux (C) 1998 - 2011 Tenable Network Security, Inc. Processing the Nessus plugins... [##################################################] All plugins loaded - Please run /opt/nessus//sbin/nessus-adduser to add a user - Register your Nessus scanner at http://www.nessus.org/register/ to obtain all the newest plugins - You can start nessusd by typing /sbin/service nessusd start
So first step is to create a Nessus user. Change to /opt/nessus/sbin/ and execute nessus-adduser command and fill in a username, password and define/assign a ruleset (if you want to).
After that head over to http://www.nessus.org/register/ and register your scan engine.
If you are a professional user (please see Nessus/Tenable explanation) select the ProfessionalFeed – if you are using Nessus at home (without commercial background) select the free HomeFeed.
After accepting the license agreement fill in your name and email address. After a few minutes you receive an email with detailed explanation on how to activate and download the most recent plug-ins.
As we are using Linux we execute the follwing command:
[root@host ~]# /opt/nessus/bin/nessus-fetch --register 1234-1234-1234-1234-1234 Your activation code has been registered properly - thank you. Now fetching the newest plugin set from plugins.nessus.org... Your Nessus installation is now up-to-date. If auto_update is set to 'yes' in nessusd.conf, Nessus will update the plugins by itself.
If your computer/server is not directly connected to the Internet you can perform an offline activation (just scroll down your mail until you reach the “If you are offline” section).
After that step your Nessus engine is ready for action. If the process nessusd is not running (check with your favorite command) start it with
Depending on your system the first startup might take a significant amount of time (coffee break) to complete.
You can watch the initialization at the web front end (https://yourip:8834/ by default). The listening port can be change in the Nessus configuration file (located at /opt/nessus/etc/nessus)
Upon completion of the initialization login with the credentials you specified earlier.
Compared to Nexpose you are presented with a rather clear and “light” interface.
First thing is to specify a new and custom policy for your scan. Just click on “Policies” and then “Add” (but you can also alter the default policies).
Now fill in a name and configure the settings as you wish. On the tab “Credentials” you can add a username and password to log into the system (you are about to scan) to perform additional in-depth scans (like missing OS patches).
At the “Plugins” section you can select/remove plug-ins for your scan. So if you don’t scan a Windows server you don’t need Windows plugins.
The last tab is the “Preferences” tab where you can add username/password for some plug-ins you selected at the previous step.
As soon as you are ready hit “Submit” to save your new policy.
Now you are ready to perform your first scan with Nessus.
Click on the “Scans” tab and then on “Add”.
Give your scan a name and then select when you want to run your scan (now, schedule, template). At the next drop down field labeled “Policy” select your policy and then fill in the IP addresses of your scan targets.
Hit “Launch Scan” and off you go.
On the “Reports” tab you can watch your scan to complete and look at the outcome of the scan. As you would expect the reports are very detailed and clear.
Every vulnerability found is displayed next to a detailed explanation of the problem and a solution for it. It also provides links to external resources like DSA and KB articles.
If you don’t like to use the GUI on the website feel free to have a look on the cli tools Nessus has to offer.
Go to /opt/nessus/bin and execute the “nessus” binary in this directory. There are a lot of parameters and options you can set. If you have a look on the netstat output you will see that there is another listening port associated with nessus.
This is some sort of API you can use to interact with Nessus but this will be a topic in another blog post.
Quick and easy to setup and get started
Custom templates with detail port and vulnerability definition
I don’t like