Penetration Testing Nessus Vulnerability Scanner Tutorial – Part 1

Nessus Vulnerability Scanner Tutorial – Part 1

Nessus is used to uncover Vulnerabilities in Systems and weak points which needs attention. Nessus is one of the most widely used Vulnerability Scanner, today we learn how to Install Nessus and use to to find Vulnerabilities. We will be using Kali Linux as base OS where we install Nessus and our Virtual LABs.

Nessus is used very widely by VA/PT Engineers, and also used for periodic testing and assessment of Enterprise Infrastructure, a tool by Tanable

Download Nessus

Nessus Free Edition or say a Community Edition can be downloaded from the mentioned link here. – https://www.tenable.com/downloads/nessus

Installing Nessus on Linux

Now that we have grabbed a copy of Nessus from the Download Link, Lets install it.
the installation can be done by respective package managers on different Linux distro. On Kali Linux we can do it with dpkg or apt.
Both commands can be seen in the termial output below, you can use any of your choice.

[email protected]:~# cd Downloads
[email protected]:~/Downloads# ls
Nessus-8.9.0-debian6_amd64.deb
[email protected]:~/Downloads# # apt-get install ./Nessus-8.9.0-debian6_amd64.deb 
[email protected]:~/Downloads# dpkg -i Nessus-8.9.0-debian6_amd64.deb 
(Reading database ... 297135 files and directories currently installed.)
Preparing to unpack Nessus-8.9.0-debian6_amd64.deb ...
Shutting down Nessus : .
Unpacking nessus (8.9.0) over (8.9.0) ...
Setting up nessus (8.9.0) ...
Unpacking Nessus Scanner Core Components...

 - You can start Nessus Scanner by typing /etc/init.d/nessusd start
 - Then go to https://ETHICALHACKX:8834/ to configure your scanner

Processing triggers for systemd (244-3) ...
[email protected]:~/Downloads# 

Starting / Stop Nessus Services

Installation Complete, Let’s start Nessus. While installing Nessus in previous Step we can see in terminal how to start Nessus Services or stop restart and also check Status of Nessus Services.

[email protected]:~/Downloads# /etc/init.d/nessusd start
Starting Nessus : .
[email protected]:~/Downloads# /etc/init.d/nessusd stop
Shutting down Nessus : .
[email protected]:~/Downloads# /etc/init.d/nessusd restart
Shutting down Nessus : .
Starting Nessus : .
[email protected]:~/Downloads# /etc/init.d/nessusd status
Nessus is running

Nessus Web GUI Interface

Now the setup part is almost complete, Lets move to open Nessus Interface in Web browser, the default port for Nessus is 8834, so we can browse it by https://127.0.0.1:8834 or you can use your machine host-name in browser which is for me : https://ethicalhackx:8834
Ignore the error for insecure connection and move forward.

Nessus First Screen

Lets Register Nessus and start using it. Enter the Information and move forward, it will send the registration code on email.

I have hidden the registration code here, copy and enter it from your email which you received from Nessus.

Create a username password for Nessus. Enter the admin user details for nessus, more users can be configured later from admin login so that more users can access it.

Finish, Let Nessus download necessary plugins and Compile it. This step may take a while depending on System Speed and Internet Speed.

Nessus Welcome Screen after Completing Setup and Downloading Compling plugins.

Nessus Setup on Linux is complete

We can now begin scanning hosts or infrastructure, how to scan using Nessus to uncover vulnerabilities, we will see in the next post on Nessus.

Credit : Ethicalhackx

LEAVE A REPLY

Please enter your comment!
Please enter your name here