Installing and configuring Nessus

Nessus is a vulnerability scanning program in various operating systems. It consists of a demon or devil, nessusd, who performs the scan in the target system, and nessus, the client (based on console or graphic) that shows the progress and reports on the status of the scans. From nessus console can be programmed to do scheduled scans with cron.

Installing and configuring Nessus

Before downloading Nessus, make sure to check that your Ubuntu Linux installation is up to date:

$apt update && apt upgrade


Step 1: Download Nessus Home and obtain an Activation Code

One can download Nessus Home directly from Tenable.

An activation code to be sent your email address.

Step 2: Download Nessus

Make your way to the Tenable Nessus downloads page where you need to choose the appropriate version for your Ubuntu Linux installation; either the 32-bit or 64-bit package:

Nessus-7.0.3-ubuntu1110_amd64.deb Ubuntu 11.10, 12.04, 12.10, 13.04, 13.10, 14.04, 16.04 and 17.10 AMD64

Step 3: Install Nessus

Next, install the Nessus package using the command line:

dpkg -i Nessus-7.0.3-ubuntu1110_amd64.deb

Soon after the installation finalizes, start the Nessus service:

/etc/init.d/nessusd start

Once the Nessus service has started, navigate to the Nessus Web Interface using a web browser at: https://localhost:8834/.

Step 4: Configure and use Nessus

There’s a probability of you seeing a warning about the SSL certificate not being configured correctly. You may opt to continue past this warning or consult the Nessus User Guide for proper setup.

You will need to follow the installation wizard to configure Nessus. Next, Create an administrator user account and do activation with the activation code acquired from the Tenable Support Portal and let Nessus fetch and process the plugins.

In case of any more questions or problems with installing Nessus, refer to the official Nessus documentation.

Using Nessus in a penetration test

Nessus reports on host discovery, vulnerability detection, and exploitability. Below are several ways that one can use Nessus to support penetration testing:

Conclusion

Nessus is the world’s most used vulnerability assessment solution. It swiftly and precisely identifies vulnerabilities, configuration issues, and malware in physical, virtual and cloud environments helping you decide on what to fix first.

Try Certified Ethical Hacker for FREE!!!https://infosecaddicts.com/course/certified-ethical-hacker-v10/

Avatar

This post was written by Ruben Dario Caravajal Herrera