Installing Nessus Vulnerability Scanner in Kali Linux
Nessus vulnerability scanner is one of the top scanners today and offers many options for personal and enterprise use. Here is a simple setup installing Nessus (free edition) in you Kali Linux instance.
First, head to https://www.tenable.com/products/nessus and download the latest version of Nessus Essentials.
Register for an activation code.
Proceed on the “Download” section and choose the latest version for Debian operating system.
Open a Terminal and locate where you have save the Nessus installation file. Then install by running the following command.
$sudo dpkg -i Nessus-8.15.0-debian6_amd64.deb
Once the installation have completed, start Nessus scanner service by running the following command.
$sudo systemctl status nessusd.service
To launch Nessus instance, open up a browser and input https://local-ip:8334. Local IP as being the current IP address of your Kali host. Hostname works as well as seen below.
Once you have accepted the local self-signed certificate, you will be presented by the initial configuration of Nessus scanner.
Proceed and choose Nessus Essentials. By this time, you should have received an email from Tenable regarding the activation code.
Skip the registration process and input the activation code you have received.
Create and admin account and password.
The last installation step will be downloading plug-ins (this usually takes for a while).
Once plug-ins have been downloaded and initialized, we are ready to scan.
New Scan button (top right), will present you with the scanning templates. Scan templates ranges from Host Discovery, Credentialed Patch Audit, Active Directory scans, etc.
Host discovery scan is a simple scan that will allow you to discover all active (pingable) devices in your network and open ports/services.
Below is a sample discovery scan that will target IP ranges 10.0.2.1 up to 10.0.2.16
Once you have set all options, as for this example, we just mainly put the target IP ranges of the network that we wanted to scan on this template and we are ready to scan.
To scan, just hit the play button on the right of the scan template and to check the status of the scan, simply click anywhere on the scan name.
Results of our Discover scan revealed 2 active hosts and ports.
Advanced Scan, Non-Credentialed
Now that we have learned how to conduct discover scans, next phase is to create another scan template but we will use Advanced Scan instead without using any local accounts from our target host (non-credentialed).
We will leave everything default except for the IP of our target and the Name of our Advanced scan.
Scan Results — Advanced Scan
Scan results form host 10.0.2.15. We have identified 21 vulnerabilities ranging from Informational to Critical.
MS11–030: Vulnerability in DNS Resolution Could Allow Remote Code Execution
MS17–010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE)
There are many use case of Nessus and we have only covered the stand alone version. Enterprise deployment utilizes Tenable.sc — Security Center which allows you to deploy scanners throughout your network and increase your visibility and awareness.