Nessus

Scan for vulnerabilities that exist in the network. Was open source originally in 2005 but is now proprietary. OpenVAS is a fork of Nessus.

Free version allows the scan of 16 IPs.

❗ NOT ALLOWED DURING THE OSCP EXAM

• Official Documentation (Tenable)
• Phases of a vulnerability scan (Tenable)
• Plugins Documentation (Tenable)

Installation

Download the free version of Nessus. Choose Nessus-x.x.x-debian6_amd64.deb.

Validate the checksum of the downloaded file

sha256sum Nessus-x.x.x-debian6_amd64.deb

Install the package

sudo apt install ./Nessus-x.x.x-debian6_amd64.deb

Start the nessusd service

sudo systemctl start nessusd

Open a web browser and go to https://localhost:8834. Accept the risk of self-signed certificate.

Setup

• Choose Nessus Essentials and click on Continue.
• Fill the form to receive the activation code by email. Use Webhook.site for a temporary email address.
• Enter the activation code and click Continue.

Basic Scan

💡 By default, the Basic Network Scan will only scan the common ports.

• Click on the New Scan button.
• Click on Basic Network Scan.
• Enter a scan name and enter the IPs to scan in the Targets section.
• To scan all ports, click on the Discovery tab on the left. Choose Custom as the Scan Type.
• Click on Port Scanning and enter 0-65535 in the Port scan range. This will NOT scan UDP ports.
• Click on Save.
• Click on Launch.

Scan Results

• Click on the IP to see vulnerabilities for that host.
• Click on the Settings icon in the title bar and select Disable Groups and see all vulnerabilities.