Home > Nessus-Vulnerability-Scanner > How to Scan Websites Using Nessus

Website Vulnerability Scanning Using Nessus

Purpose

This article provides step-by-step instructions to perform authenticated and unauthenticated vulnerability scans on web applications using Nessus. It also covers enabling all required plugins and applying rate limits to avoid impacting production systems.

Prerequisites

• Nessus Essentials / Professional / Tenable.sc / Tenable.io
• Valid credentials for the target website (if authenticated scan is required)
• Target website URL or server IP
• Approved maintenance window (recommended)

Scope

This procedure scans only the approved website or web server. It must not be used to scan systems outside the authorized scope.

Steps

Create a New Scan

1. Log in to Nessus.
2. Click New Scan → select **Advanced Scan**.
3. Enter a suitable name and description.
4. Under the **Targets** field, enter:

  * Website FQDN (e.g., `https://portal.example.com`)
  * Server IP if required.

Enable All Relevant Plugins

1. Go to the Plugins tab.
2. Ensure **all plugins** are enabled.
3. Ensure the following plugin families remain enabled:

  * Web servers
  * Web application vulnerabilities
  * SSL/TLS configuration checks
  * CGI abuses
  * Authentication checks

Configure Authentication

Nessus provides multiple credential categories, as visible in the Credentials tab. To configure authentication for web applications, use one of the following categories:

• Cloud Services
• API Gateway
• Database
• Host
• Miscellaneous
• Plaintext Authentication

Steps to Add Web Authentication

1. Go to Credentials.
2. Select the appropriate method:

  * **Host → HTTP/HTTPS Credentials** for direct website login
  * **Miscellaneous → HTTP Headers** for session cookies or tokens

1. Enter the required fields:

  * Username
  * Password
  * Domain (if required)
  * Cookie or header name/value (for token-based or session-based login)

1. Save the configuration.

Notes

• Nessus does not support full form-based login automation like Burp Suite; instead, use session cookies or authenticated headers.
• For OAuth/Bearer token authentication, insert the token under **Miscellaneous → HTTP Headers**.
• If scanning APIs, use **API Gateway** credentials if applicable.

Apply Rate Throttling (To Prevent Overloading Servers)

Navigate to Settings → Advanced.

Recommended throttling:

• **Max concurrent checks per host:** 1
• **Max concurrent hosts:** 1
• **Network receive timeout:** 5 seconds
• **Max time per host:** 1 hour (adjust as needed)

These settings help reduce load on production websites.

Limit the Scan to the Website Only

To avoid scanning unwanted systems:

1. In Settings → Discovery → **Host Discovery**:

  * Disable ARP Ping, ICMP Ping, and reverse DNS lookups.

1. In Advanced:

  * Set **"Avoid scanning unreachable hosts"** to Yes.

1. Only use the FQDN/IP listed in the authorized scope.

Start the Scan

1. Review all configurations.
2. Click **Launch**.
3. Monitor progress in real-time.

Review Report

After the scan completes:

1. Open the scan report.
2. Filter vulnerabilities by:

  * Critical
  * High
  * Medium
  * Low

1. Export PDF/CSV if required.

Best Practices

• Always use an approved testing window for production systems.
• Prefer authenticated scans to detect deeper vulnerabilities.
• Ensure credentials or tokens are valid before starting a scan.
• Update Nessus plugins before every scan.

References

• Tenable Nessus Documentation: https://docs.tenable.com/nessus