Using the Nessus Vulnerability Scanner in Kali
Nessus is one of the most comprehensive network security vulnerability scanner by Tenable Network Security. It is one of the most popular client-server framework tools used by hackers and widely deployed by information and computer security experts.
This tool is available as a software package that you can install on your computer or as a pre-configured VM. The wide variety of plugins that Tenable has is that makes Nessus such a great tool that can interface with almost any networked device. This hour, we will figure out how to install and set up Nessus and how you can use it to scan for vulnerabilities in a target host.
8.1 Features of Nessus
Nessus has many tools that support penetration testing activities that you will need, especially if you pursue hacking beyond the basics. They include:
It scans for and identifies vulnerabilities that allow you to access a computer system’s information.
It checks the system for any known but unpatched vulnerabilities in computer software.
It tries logging into hosts, services, and accounts using common and defaults passwords.
Carries out configuration audits, vulnerability analyses, and mobile device audits, and reports them in customized formats.
8.2 Downloading and Setting Up Nessus on Kali Linux
On your Kali Linux browser, go to http://www.tenable.com/products/nessus/select-your-operating-system to download Nessus. Select the right operating system (Debian 6, 7, 8 / Kali Linux 1 AMD64) then agree to the terms of service for the download to begin. The file is about 36 megabytes.
When the download is complete, the next step is to install it from the shell. Initialize the terminal then change the working directory to the location of the downloaded .deb package.
Use the following command to install the package:
dpkg -i Nessus-6.9.3-debian6_amd64.deb
If the file you downloaded has a different name or version, be sure to rectify it on the command line. The installation process should begin.
Once the installation is complete, you should see a message that all plugins have been loaded and tips on how to start Nexus as well as where to configure your scanner. Note these two details because they are important.
8.3 Initializing Nessus
The first thing we will do is get a Nessus license, an activation code that we will use down the line. On your browser, go to
https://www.tenable.com/products/nessus/nessus-plugins/obtain-an-activationcode and register for a free Nessus Home activation code.
Enter the following command on your Kali shell to start the back-end Nessus server:
# /etc/init.d/nessusd start
You will need to use this command every time you start Nessus on Kali Linux.
You should see a message:
“Starting Nessus:”
The nest step is to set up Nessus. On your browser, go to:
https://127.0.0.1:8834
You should get a message that the connection is not safe or the certificate invalid. Just accept the self-signed cert and proceed to the Nessus page where you will see a welcome message. Click continue to create a login ID to use the scanner.
Note the username and password you choose because you will need it later to log into the front-end of Nessus scanner.
In the next screen, you will be prompted to enter the activation code. Choose to register Nessus (Home, Professional or Manager) and enter the activation code that was emailed to you then click continue. If the secret activation code is valid, Nessus should then automatically connect and begin downloading updates as well as the latest plugins. Note that it might take a while.
8.4 Using Nessus
You will be prompted to enter the login details you created earlier when the download is complete. Load the web interface, and the page will automatically take you to the Scan Queue. Because Nessus is a straightforward tool, scanning for vulnerabilities is easy. You will find almost everything you need right on the top menu of the application.
On the Scan Queue, on the sub-menu to the right of the page, click New Scan to open a New Scan Template page. This is where you will set up your scan target. Give the new scan an appropriate name then select Run Now and under policy select Internal Network Scan.
Under the Scan Target, you will enter the IP address of the host you want to scan or enter multiple IPs separated by commas. Nessus also allows you to scan an address range such as 192.168.0.1-100 or an entire subnet such as 192.168.0.1/24. When done filling the template details, click Run Scan at the bottom of the page and Nessus will do its thing.
Important tip: Users familiar with Nessus report that this tool may crash highly vulnerable targets. It is, therefore, important that you run a scan on a host that you have specifically set aside to test the tool. As a white hat hacker, I cannot emphasize enough how important it is that you only scan targets that you own or those that you have permission to scan. Nessus is a potent tool that you should never play around with.
You will automatically be taken back to the Scan Queue page when the scan begins. On this page, you can keep track of the progress of the scan and any other scans in progress. If you want to see more details about the scan, you can click on the scan in progress to view the progress on the Summary page. Note that the information on the summary page may not be automatically refreshed.
When the scan is complete, the Summary page will contain the details of the scan including the individual summaries of all the hosts you entered in the Scan Target field of the Scan Template. This information will be saved such that you can access it later by simply clicking on the Results tab on top of the page.
The scan summary will contain information about the scanned targets including all the vulnerabilities discovered in the host scanned. When you click on the host, you will be able to see an even more specific listing of the vulnerabilities discovered along with brief explanations of the information gathered during the scan.
When you click on vulnerability information, it will take you to a page with even greater details about the vulnerability including descriptions and Security Bulletin Numbers. Nessus often lists Windows-specific vulnerabilities by this number that corresponds with known vulnerabilities within Metasploit. This will make it easy for a hacker to easily find out how such a vulnerability analysis can be turned into an exploit.
8.5 Conclusion
You have had a first-hand experience using Nessus to scan for vulnerabilities on a target host. You should understand now why Nessus is the most trusted and preferred scanner on the market. It is simple to use, accurate, and reliable. The results are very detailed and exploiting found vulnerabilities is easier with Security Bulletin numbers when you scan a Windows host.
In the future, when you want to extend your vulnerability scanning, you can upgrade to the Nessus Manager or Nessus Cloud tools to have even more potent tools at your fingertips. Tenable also has several other great tools that you should discover including the Security Center Continuous View and the Passive Vulnerability Scanner which are used by IT organizations to put in place continuous monitoring solutions and to gather operational and vulnerability data through scanning, logging, and sniffing.
Comments
Post a Comment