Nessus is a well-known vulnerability scanning tool that was developed by Renaud Deraison in 1998 and was later bought in 2005 by the company ‘tenable network security’. It can be used via a web based GUI which makes it easier to use. In this article we shall look into how we can install and use it.
- First of all we need to download the latest Nessus version which can be downloaded from https://www.tenable.com/products/nessus-vulnerability-scanner. One needs to register on Nessus home page with a valid email address on which an activation code will be sent.
- The downloaded file contains an installer package. Run it and install by following the onscreen instructions. You should pay special attention on the credentials you enter since you will need them later.
- In case of Linux, enter the following commands via command line:
- cd ‘Location of downloaded file’
- dpkg -i ‘Name of downloaded file’
- Once installation is complete, open a browser and type ‘https://localhost:8834/’. This will open the Nessus page on which you will have to enter the credentials entered while installing. You may get a security warning which says the connection is not secure and you may need to create an exception in browser settings.
- Once you have entered Nessus, you will see a screen such as one shown below.
- We are now ready to run a scan. The steps to follow to do that are:
- Select ‘New Scan’ and then type of scan for example ‘Basic Network Scan’.
- Add a name and description.
- Enter the IP you want to scan in the ‘Target’ or the range of IPs and save.
- Click on the play button to start the scan.
Once the scan starts running, you can view the vulnerabilities in run time as well by clicking on vulnerabilities. This will show the vulnerabilities highlighted in different colors depending on the criticality. You can also export the report in different formats once the scan completes.
waqar ahmed 