Nessus

From Notes_Wiki
Revision as of 15:12, 24 August 2022 by Saurabh (talk | contribs) (Saurabh moved page Nessuss to Nessus: Corrected name)

<yambe:breadcrumb self="Nessuss">Penetration testing tools|Penetration testing tools</yambe:breadcrumb> Updated CentOS 7.x nessus page has latest notes on nessus

Nessus

Nessus is very good and feature rich vulnerability scanner developed by Tenable security team. It allows one to scan number of hosts for vulnerablities and also gives suggestions on how they can be fixed.


Installation

  1. Download nessus from http://www.tenable.com/products/nessus/select-your-operating-system
  2. You can download nessus manual from http://www.tenable.com/products/nessus/documentation
  3. Install nessus using 'rpm -ivh nessus*.rpm' command.
  4. Visit http://www.nessus.org/register/ to regsiter for activation code
  5. Use '/opt/nessus/bin/nessus-fetch --register <activation_key>' to register nessus
  6. Use '/opt/nessus//sbin/nessus-adduser' command and add a admin user with no rules.
  7. Use '/sbin/service nessusd start' to start nessusd service.
  8. Enable connection to port 8834 through firewall.


Basic usage

  1. Access nessus user interface using https://<IP>:8834/ Flash is required for nessus UI to work.
  2. Go to Policies tab and create a full scan policy with unsafe checks
  3. Go to Scan tab and schedule scan for test vm based on created policy.
  4. Go to Reports section and see scan report.


<yambe:breadcrumb self="Nessuss">Penetration testing tools|Penetration testing tools</yambe:breadcrumb>