Difference between revisions of "Nessus"

From Notes_Wiki
(Created page with "=Nessus= Nessus is very good and feature rich vulnerability scanner developed by Tenable security team. It allows one to scan number of hosts for vulnerablities and also give...")
 
m
Line 1: Line 1:
<yambe:breadcrumb self="Nessuss">Penetration testing tools|Penetration testing tools</yambe:breadcrumb>
=Nessus=
=Nessus=


Line 21: Line 22:
#Go to Scan tab and schedule scan for test vm based on created policy.
#Go to Scan tab and schedule scan for test vm based on created policy.
#Go to Reports section and see scan report.
#Go to Reports section and see scan report.
<yambe:breadcrumb self="Nessuss">Penetration testing tools|Penetration testing tools</yambe:breadcrumb>

Revision as of 10:49, 9 September 2018

<yambe:breadcrumb self="Nessuss">Penetration testing tools|Penetration testing tools</yambe:breadcrumb>

Nessus

Nessus is very good and feature rich vulnerability scanner developed by Tenable security team. It allows one to scan number of hosts for vulnerablities and also gives suggestions on how they can be fixed.


Installation

  1. Download nessus from http://www.tenable.com/products/nessus/select-your-operating-system
  2. You can download nessus manual from http://www.tenable.com/products/nessus/documentation
  3. Install nessus using 'rpm -ivh nessus*.rpm' command.
  4. Visit http://www.nessus.org/register/ to regsiter for activation code
  5. Use '/opt/nessus/bin/nessus-fetch --register <activation_key>' to register nessus
  6. Use '/opt/nessus//sbin/nessus-adduser' command and add a admin user with no rules.
  7. Use '/sbin/service nessusd start' to start nessusd service.
  8. Enable connection to port 8834 through firewall.


Basic usage

  1. Access nessus user interface using https://<IP>:8834/ Flash is required for nessus UI to work.
  2. Go to Policies tab and create a full scan policy with unsafe checks
  3. Go to Scan tab and schedule scan for test vm based on created policy.
  4. Go to Reports section and see scan report.


<yambe:breadcrumb self="Nessuss">Penetration testing tools|Penetration testing tools</yambe:breadcrumb>