Overview
Nessus is a proprietary vulnerability scanner developed by Tenable. It is a free security scanner that can assess the modern attack surface and find vulnerabilities. It also uses the CVE architecture for easy cross-linking between compliant security tools.
Nessus has multiple scanning options such as:
- Hosts discovery
- Basic network scan
- Web application scan
- Advance Scan
- Malware Scan
- etc
In this article, we will discuss how to install and use Nessus. We will also discuss its configurations and automation abilities.
Nessus Installation (Kali Linux)
Nessus is compatible with Linux and Windows Operating systems. This installation guide will be done on a Kali Linux machine.
To use Nessus, you need an activation code. This can be acquired by registering an account with them. you can register an account here.
The activation code will be emailed to you.
Click on the Download Nessus button in the email. This will bring you to the Tenable download page. View the downloads for “Nessus”.
You will be brought to the Download page for Nessus. By default, the website will detect your OS and already select the file you need to download. If not, look for the appropriate file to download for your OS. For Kali Linux, it is the “Linux-Debian-amd64” file.
Open a command line on Kali Linux, navigate to the file and use the following command to install Nessus.
dpkg -i Nessus-10.3.0-debian9_amd64.deb
To start Nessus, use this command.
/bin/systemctl start nessusd.service
Then navigate to https://kali:8834/ using a browser. It may take a while for Nessus to start, running it for the first time. Eventually, you will be asked for brought to the login page. your username and password it the same as when you registered with tenable. They will further ask you for the activation code.
Finally, you will be brought to this page.
How to use Nessus
To Start a new scan on Nessus, click the “New Scan” button on the top right of the interface. you will be brought to the “Scan Templates” page. This is where you will choose the type of scan for your target.
The scan chosen for the example is the Web Application Tests. From here, we need to enter some details such as the Name of the scan and the Targets. The target can be a URL, domain name or IP address. Multiple targets can be entered in one scan (up to 16 for the free version). The scan may take quite some time to complete.
After scanning, the results of the scan are shown. The Vulnerabilities are colour coded by risk, from “Critical” to “Low”.
By clicking on the target, we get a list of vulnerabilities found on it.
Clicking on one of the vulnerabilities will go into further detail about what it is about. This includes:
- Description of the vulnerability
- Solution
- Related online sources
- Security
- Risk information: severity, CWE, CVSS
- Output (basically the request and response information when the attack was used)
- etc
Nessus Reporting
Nessus is very versatile when it comes to generating reports. After selecting a scan. you can generate a Nessus report by clicking the “Report” button at the top left of the interface.
Nessus can generate a report with 3 types of file formats:
- HTML
- CSV
using 4 types of templates for the HMTL and PDF report:
- Complete list of vulnerabilities by host
- Detail vulnerabilities by host
- Detailed vulnerabilities by plugin
- Vulnerability operations
and various options for the CSV report.
Additionally, Nessus has the option to export the scan to a .nessus file or a .db file to access the same results on another Nessus interface. This button is found at the top right of the interface called “Export”.
Report examples (using scan on Mutillidae, web application scan)
HTML report example:
The HTML report only gives a summary of the vulnerabilities found. Further details of each vulnerability can be found by clicking the plugin number link, which will bring the user to the Nessus website.
PDF report example:
The PDF report is the same as the HTML report
CSV report example:
The CSV report can be quite complicated, so it may be better to leave some of the options out when generating the CSV report
Nessus configurations
Here are some configurations you may be interested in when creating a scan.
Schedule a scan to repeat
Ports to use for the scan
Scan Type (Options are different based on the type of scan selected)
Nessus Automation
There is no automation module for Nessus.
Creating a scan from the nessuscli and creating a Nessus scan from the Nessus API was also removed from Nessus version 6 onwards.
Nessus automation scanning is available only on Tenable.io and Tenable.sc through their API. However, they are only available through a subscription.
Even with third-party software, it does not seem possible.
Third-party software:s
- nessrest (https://github.com/tenable/nessrest) → only works on Nessus v6 and before
- AutoNesses (https://github.com/redteamsecurity/AutoNessus ) → only works on Nessus v6 and before
- Nessus Enterprise Rest Client (https://github.com/jfalken/nessus_enterprise_rest_client ) → only works on Nessus v6 and before
- Python-nessus (https://github.com/AdmiralGaust/python-nessus ) → outdated libraries
- Nessus-Automation (https://github.com/anil-yelken/Nessus-Automation) → (does not create new scans – script is used to integrate results into a SIEM)
Overall, Nessus cannot be automated unless using a paid version.
Conclusion
The Nessus Vulnerability Scanner is a free and easy-to-use tool. It thoroughly scans for vulnerabilities in your target, which quickly covers a lot of areas for your penetration test. The results produced from the scans are also very informative to help you understand the vulnerability well to exploit or patch it, Although there is no CLI scan or automation module available, it has a nice interface to manually use.
Related Articles
5 Popular Open Source Tools for Reconnaissance
How to use OWASP ZAP – Open Source Vulnerability Scanner
How to Automate OWASP ZAP – Automation Framework