Nessus is used to uncover Vulnerabilities in Systems and weak points which needs attention. Nessus is one of the most widely used Vulnerability Scanner, today we learn how to Install Nessus and use to to find Vulnerabilities. We will be using Kali Linux as base OS where we install Nessus and our Virtual LABs.
Nessus is used very widely by VA/PT Engineers, and also used for periodic testing and assessment of Enterprise Infrastructure, a tool by Tanable
Installing Nessus on Linux
Now that we have grabbed a copy of Nessus from the Download Link, Lets install it.
the installation can be done by respective package managers on different Linux distro. On Kali Linux we can do it with
Both commands can be seen in the termial output below, you can use any of your choice.
oot@ETHICALHACKX:~# cd Downloads root@ETHICALHACKX:~/Downloads# ls Nessus-8.9.0-debian6_amd64.deb root@ETHICALHACKX:~/Downloads# # apt-get install ./Nessus-8.9.0-debian6_amd64.deb root@ETHICALHACKX:~/Downloads# dpkg -i Nessus-8.9.0-debian6_amd64.deb (Reading database ... 297135 files and directories currently installed.) Preparing to unpack Nessus-8.9.0-debian6_amd64.deb ... Shutting down Nessus : . Unpacking nessus (8.9.0) over (8.9.0) ... Setting up nessus (8.9.0) ... Unpacking Nessus Scanner Core Components... - You can start Nessus Scanner by typing /etc/init.d/nessusd start - Then go to https://ETHICALHACKX:8834/ to configure your scanner Processing triggers for systemd (244-3) ... root@ETHICALHACKX:~/Downloads#
Starting / Stop Nessus Services
Installation Complete, Let’s start Nessus. While installing Nessus in previous Step we can see in terminal how to start Nessus Services or stop restart and also check Status of Nessus Services.
root@ETHICALHACKX:~/Downloads# /etc/init.d/nessusd start Starting Nessus : .
root@ETHICALHACKX:~/Downloads# /etc/init.d/nessusd stop Shutting down Nessus : . root@ETHICALHACKX:~/Downloads# /etc/init.d/nessusd restart Shutting down Nessus : . Starting Nessus : .
root@ETHICALHACKX:~/Downloads# /etc/init.d/nessusd status Nessus is running
Nessus Web GUI Interface
Now the setup part is almost complete, Lets move to open Nessus Interface in Web browser, the default port for Nessus is 8834, so we can browse it by
https://127.0.0.1:8834 or you can use your machine host-name in browser which is for me :
Ignore the error for insecure connection and move forward.
Lets Register Nessus and start using it. Enter the Information and move forward, it will send the
registration code on email.
Create a username password for Nessus. Enter the admin user details for nessus, more users can be configured later from admin login so that more users can access it.
Finish, Let Nessus download necessary plugins and Compile it. This step may take a while depending on System Speed and Internet Speed.
Nessus Welcome Screen after Completing Setup and Downloading Compling plugins.
Nessus Setup on Linux is complete
We can now begin scanning hosts or infrastructure, how to scan using Nessus to uncover vulnerabilities, we will see in the next post on Nessus.