Nessus is a tool used by VA/PT Engineers to secure Enterprise environment, at the same time also used by hackers to find vulnerabilities and hack machines. In part one ( Beginners’s Guide ) we covered how to setup Nessus on Kali Linux. Now we learn how to scan machines.
Read Part 1 : Nessus Vulnerability Scanner : Beginner’s Guide
Nessus : Configure Scan
Lets Go to
My Scan and
Create a new scan.
Select Advance Scan
This will bring up many more options to configure which we will see one by one.
Name : Enter any scan name here.
Description : Enter any description keywords that wll help you remember the scan and purpose here.
Targets: Enter targets one in a line you you can also upload a file containing list of targets to scan.
Now we configure how scan makes progress.
Move to Discovery Tab to configure.
Host Discovery : We can configure what type of scan to use while checking if the host is alive or not, what ping methods to use like ARP, TCP UDP, ICMP. Weather you want to scan printers or Operational Technology devices can be configured here.
Port Scanning : a little configuration of enumerations, and port scanners methods, and how aggressive should the scanning be.
General : Check (tick) to perform through tests, if network disruption is not a concern ( we will be running in test lab environment)
Bruteforce : Here a username and password file can be specified to bruteforce logins. A couple of options like what happens when brute-force is successful, weather to use Windows local accounts or domain accounts or either,
Advanced : Configure options such as Network timeouts and how many parallel scans to run per host.
Move to Credentials Tab beside Settings tab.
We have a metasploitable_2 machine running and Windows XP
We will now scan systems so select hosts (default).
Click on SSH to add the SSH details.
Change authentication method to password or any of your choice. ( password for now )
Specify username password for better scanning outcome.
Configure other settings to elevate privilege
Click save to save the changes, and on credentials you can see now the set of user name password or credentials you have provided.
Finally hover over to Plugins Tab, to check unchecked any plugin that might or might not be required during the scan, for example you can disable any Windows related plugins if your target is linuc machine and vice-versa.
Save The scan Settings Template
Now when all the options are configured, click save to save the scan template, or click drop-down beside save to Launch the scan.
Launch : Run the Scan
After we have saved the scan, we can launch the scan to start scanning the hosts specified. Scanning can take up some time so we wait for the report, the scanning progress can be seen while the scan is running.
play icon near the right end of screen to launch the scan.
Now after clicking the launch, scan has started and we can track the progress.
When scan is complete we can see report similar to one as below.
Understanding the report
Hosts: See the number of vulnerabilities and their severity beside the hosts listed as colourful bar.
Vulnerabilities: We can see the vulnerabilities in this tab along with severity in color coding.
Remediation : This tab helps you or say guides you to mitigate the vulnerability and threats arising due to vulnerabilities.
Expand / click on any vulnerability in Vulnerability tab to read more on it.
We can see more details on a particular vulnerability like description and solution, associated CVS ids, ports, risk factor .
So this was basic about Nessus Scan, hope this was informative.