Vulnerability Scanning with Nessus A Practical Guide
- 1. A Practical Guide Vulnerability Scanning with Nessus www.infosectrain.com www.infosectrain.com
- 2. Vulnerability Scanning with Nessus A Practical Guide What is Nessus? Q Nessus, developed by Tenable, is a powerful vulnerability scanner trusted by organizations worldwide to identify vulnerabilities in their IT infrastructure. It scans networks, servers, and applications to detect weaknesses that attackers could exploit. Nessus Professional is widely used in enterprise environments, while Nessus Essentials (formerly Nessus Home) is available for personal use, offering limited scanning capabilities for home networks. Why Nessus? The appeal of Nessus lies in its robust scanning engine, ease of use, and comprehensive coverage of vulnerabilities. It has one of the most extensive vulnerability databases, which is regularly updated to include the latest security issues. The scanner is capable of identifying misconfigurations, missing patches, default credentials, and more—making it an invaluable tool for security professionals. Setting Up Nessus Download and Install Nessus: Visit the to download the version suitable for your needs— Nessus Professional for business users or Nessus Essentials for home use. Tenable website www.infosectrain.com 1 | Page
- 3. Installation For installation, open the terminal and go to the download directory. www.infosectrain.com 2 | Page Vulnerability Scanning with Nessus A Practical Guide
- 4. For installation, use the following command : # dpkg -i Nessus-10.8.3-ubuntu1604_amd64.deb Start the nessus service- # service nessusd start And for confirming whether the nessus service has been started or not, we can confirm it with: # service nessusd status www.infosectrain.com 3 | Page Vulnerability Scanning with Nessus A Practical Guide
- 5. Activate Your License: you’ll need to activate your license. Nessus Essentials requires a free license key, while Nessus Professional comes with a paid license and a free trial of 7 days. Configuration by using the command #service nessusd start #service nessusd status For setup, click on the checkbox register offline and then continue www.infosectrain.com 4 | Page Vulnerability Scanning with Nessus A Practical Guide
- 7. Create new user account by giving user id and password www.infosectrain.com 6 | Page Vulnerability Scanning with Nessus A Practical Guide
- 8. Set Up the Scanner: Once Nessus is installed, you will be prompted to configure the scanner. You can choose from various scan types depending on your objectives (e.g., vulnerability assessment, compliance scans, or custom configurations). 1 Performing a Vulnerability Scan with Nessus To start using Nessus Professional, you'll need to access the Nessus Professional dashboard through your web browser. By default, the Nessus Professional service runs on port 8834, so you can access it using the following URL: https://localhost:8834/ Log in with your Nessus Professional credentials to access the dashboard. www.infosectrain.com 7 | Page Vulnerability Scanning with Nessus A Practical Guide
- 9. 2 Create a New Scan Once you're logged in, click on the “New Scan” button to initiate a scan. Nessus Professional offers several templates to choose from, depending on your requirements Basic Network Scan: A general vulnerability scan for networks Advanced Scan: Provides detailed control over scan parameters Web Application Test: Designed to identify vulnerabilities in web applications. For our example, let's assume you want to perform a Basic Network Scan Navigate to the Scans tab Click on New Scan Select Basic Network Scan from the list of available templates. 3 Configure Scan Settings Once you select a scan template, you will need to configure the scan settings. This includes specifying your target, scan schedule, and any additional options like port ranges or scan timeouts. Steps Name: Provide a descriptive name for your scan (e.g., "Internal Network Scan") Target: Enter the target(s) for the scan. www.infosectrain.com 8 | Page Vulnerability Scanning with Nessus A Practical Guide
- 10. Range of IP Addresses Set up the scan with the target IP, specify the project name along with a detailed description, and ensure all output is saved to your "scan" folder. Port Range: If you want to scan a specific range of ports, configure the Port Range field. For example, to scan common ports: 1-1024, 8080, 8443 www.infosectrain.com 9 | Page Vulnerability Scanning with Nessus A Practical Guide
- 11. Schedule: If you want to automate the scan, you can set it to run periodically (e.g., daily or weekly) under the Schedule tab. Daily Scan (scheduled at 6:30 PM every day): Configure Authentication: If your scan targets servers or devices requiring authentication, you can configure credentials such as SSH or SMB to gain deeper insights. Here’s how to specify credentials in the scan configuration: SSH Authentication: www.infosectrain.com 10 | Page Vulnerability Scanning with Nessus A Practical Guide
- 12. 4 Run the Scan After configuring the scan settings, you're ready to launch the scan. Nessus Professional will immediately begin scanning the target network, and the time required will vary based on the network’s size and complexity Click Save to save the scan configuration Click Launch to start the scan immediately. 5 Monitor the Scan Progress Once the scan is launched, Nessus Professional will display the progress in real-time within the web interface. The status bar will show how far along the scan is, and once completed, the results will be available for review. You can view the scan progress under the Scans tab, where you will see the percentage of the scan completed, the time elapsed, and the number of vulnerabilities detected so far. www.infosectrain.com 11 | Page Vulnerability Scanning with Nessus A Practical Guide
- 13. 6 View and Analyze Scan Results After the scan is completed, Nessus Professional will generate a comprehensive report outlining the vulnerabilities discovered. Each vulnerability will be categorized by its severity: Download Scan Results in CSV Format: www.infosectrain.com 12 | Page Vulnerability Scanning with Nessus A Practical Guide
- 14. 7 Exporting Results You can export the scan results in different formats from the Nessus Professional web interface by following these steps Open the scan results page Click on Export Choose the desired format (e.g., PDF, CSV, HTML) Save the file to your desired location. 8 Remediation and Continuous Scanning Once vulnerabilities are identified, prioritize remediation based on their severity. After addressing the critical vulnerabilities, you can continuously monitor the environment by scheduling periodic scans. Following these steps allows you to conduct an effective vulnerability scan using Nessus Professional, helping you secure your network against potential threats. Regular scans and diligent remediation are key components in maintaining a secure and resilient network environment. www.infosectrain.com 13 | Page Vulnerability Scanning with Nessus A Practical Guide
- 15. Contact us sales@infosectrain.com www.infosectrain.com Keep Learning with Follow us on