Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Tutorials

Using Nessus for Network Scanning

InfoSec Institute by InfoSec Institute
February 25, 2013
in Tutorials
0
Nessus Vulnerability Scanner
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

If you are looking for a vulnerability scanner, you might have come across several expensive commercial products and tools with a wide range of features and benefits.

If a free, full-featured vulnerability scanner is on your mind, then it’s time you know about Nessus. This article covers installation, configuring, selecting policies, starting a scan, and analyzing the reports using NESSUS Vulnerability Scanner.

Nessus was founded by Renuad Deraison in 1998 to provide the Internet community with a free remote security scanner. It is one of the full-fledged vulnerability scanners that allow you to detect potential vulnerabilities in systems. Nessus is the world’s most popular vulnerability scanning tool and is supported by most research teams around the world.

The tool is free of cost for personal use in a non-enterprise environment. Nessus uses a web interface to set up, scan, and view reports. It has one of the largest vulnerability knowledge bases available; because of this KB, the tool is very popular.

Key features

  • Identifies vulnerabilities that allow a remote attacker to access sensitive information from the system
  • Checks whether the systems in the network have the latest software patches
  • Tries with default passwords, common passwords, on systems account
  • Configuration audits
  • Vulnerability analysis
  • Mobile device audits
  • Customized reporting

For more details on the features of Nessus, visit: http://www.tenable.com/products/nessus/nessus-product-overview/nessus-features.

Operating systems that support Nessus

Microsoft Windows XP/Vista/7
Linux
Mac OS X (10.5 and higher)
Free BSD
Sun Solaris and many more

Installation and configuration

  • You can download the Nessus home feed (free) or professional feed from the following link:

http://www.tenable.com/products/nessus/

  • Once you download the Nessus tool, you need to register with the Nessus official website to generate the activation key, which is required to use the Nessus tool. You can do it from the following link:

    (http://www.tenable.com/products/nessus/nessus-plugins/obtain-an-activation-code)

    • Click on “Nessus for Home” and enter the required details.
    • An e-mail with an activation key will be sent to your mail.
  • Install the tool. (Installation of the Nessus tool will be quite confusing, so tutorials should be useful).For installation guidelines go to: (http://static.tenable.com/documentation/nessus_5.0_installation_guide.pdf). Check for your operating system and follow the steps mentioned in the PDF.
  • Open Nessus in the browser; normally it runs on port 8834.

    (http://localhost:8834/WelcomeToNessus-Install/welcome) and follow the screen.

  • Create an account with Nessus.
  • Enter the activation code you have obtained by registering with the Nessus website. Also you can configure the proxy if needed by giving proxy hostname, proxy username, and password.
  • Then the scanner gets registered with Tenable and creates a user.
  • Download the necessary plug-in. (It takes some time to download the plug-in; while you are watching the screen, you can go through the vast list of resources we have for Nessus users).

Once the plug-ins are downloaded, it will automatically redirect you to a login screen. Provide the username and password that you have created earlier to login.

You might also like

Application hardening tips

Low Level IPhone programming

CDP Flood Attack

Running the tool:

Nessus gives you lots of choices when it comes to running the actual vulnerability scan. You’ll be able to scan individual computers, ranges of IP addresses, or complete subnets. There are over 1200 vulnerability plug-ins with Nessus, which allow you to specify an individual vulnerability or a set of vulnerabilities to test for. In contrast to other tools, Nessus won’t assume that explicit services run on common ports; instead, it will try to exploit the vulnerabilities.

Among of the foundations for discovering the vulnerabilities in the network are:

  • Knowing which systems exist
  • Knowing which ports are open and which listening services are available in those ports
  • Determining which operating system is running in the remote machine

Once you login to Nessus using the web interface, you will be able to see various options, such as:

  • Policies–Using which you can configure the options required for scan
  • Scans–for adding different scans
  • Reports–for analyzing the results

The basic workflow of Nessus tool is to Login, Create or Configure the Policy, Run the Scan, and Analyze the Results.

Policies

Policies are the vulnerability tests that you can perform on the target machine. By default, Nessus has four policies.

Figure A (Click to Enlarge)Figure A (Click to Enlarge)

Figure (A) shows the default polices that come with Nessus tool.

External network scan

The policy is preconfigured so that Nessus scans externally-facing hosts that provide services to the host. It scans all 65,535 ports of the target machine. It is also configured with plug-ins required for web application vulnerabilities tests such as XSS.

Internal network scan

This policy is configured to scan large internal networks with many hosts, services, embedded systems like printers, etc. This policy scans only standard ports instead of scanning all 65,535 ports.

Web app tests

Nessus uses this policy to detect different types of vulnerabilities existing in web applications. It has the capability to spider the entire website to discover the content and links in the application. Once the spider process has been completed, Nessus starts to discover the vulnerabilities that exist in the application.

Prepare for PCI DSS audits

This policy has PCI DSS (Payment Card Industry Data Security Standards) enabled. Nessus compares the results with the standards and produces a report for the scan. The scan doesn’t guarantee a secure infrastructure. Industries or organizations preparing for PCI-DSS can use this policy to prepare their network and systems.

Apart from these pre-configured policies, you can also upload a policy by clicking on “Upload” or configure your own policy for your specific scan requirements by clicking on “New Policy.”

Configuring the policy

  • Click on the Policies tab on the top of the screen
  • Click on the New Policy button to create a new policy

Under the General settings tab select the “setting type,” based on the scan requirement, such as Port Scanning, Performance Scanning, etc. Based on this type, Nessus prompts you for different options to be selected. For example, “Port Scanning” has the following options:

Figure B (Click to Enlarge)Figure B (Click to Enlarge)

Figure (B) shows configuring options for Port Scanning

Enter the port scan range. By default, Nessus scans all the TCP ports in the /etc/services file. You can limit the ports by specifying them manually (for example, 20-30). You have different scanners available, such as the Nessus SNMP scanner, SSH scanner, ping remote host, TCP Scanner, SYN scanner, etc. Enable by checking the check box as per the scan requirement.

  • Enter the credentials for the scan to use. You can use a single set of credentials or a multiple set of credentials if you have to. You can also work it out without entering the credentials.
  • The plug-in tab lists a number of plug-ins. By default, Nessus will have all the plug-ins enabled. You can enable or disable all the plug-ins at a time or enable few from the plug-in family as per the scan you’d like to perform. You can also disable some unwanted plug-ins from the plug-in family by clicking on that particular plug-in.

Figure C (Click to Enlarge)Figure C (Click to Enlarge)

  • Figure (C) shows the sub-plug-ins for the plug-in backdoors

In Figure (C), the green indicates the parent plug-in and the blue indicates the sub-plug-ins or the plug-ins under the parent plug-in (backdoor). You can enable or disable by simply clicking on the enabled button.

  • In Policy Preferences, you are provided with a drop-down box to select different types of plug-ins. Select the plug-in based on the scan requirement and specify the settings as per the plug-in requirement. Click “Finish” once completed. For example: configure the database.

Figure D (Click to Enlarge)Figure D (Click to Enlarge)

  • Figure (D) shows the configuration of database settings plug-in

Scans

Once you are done configuring the policies as per your scan requirement, you need to configure the scan details properly. You can do it under the Scan tab

Under the Scan tab, you can create a new scan by clicking “New Scan” on the top right. Then a pop-up appears where you need to enter the details, such as Scan Name, Scan Type, Scan Policy, and Target.

  • Scan Name: The name that you want to give to the scan.
  • Scan Type: You have options to run the scan immediately by selecting “RUN NOW.” Or you can make a template which you can launch later when you want to run the scan. All the templates are moved under the Template tab beside the Scan tab.
  • Scan Policy: Select the policy that you have configured previously in the policies section.
  • Select Target: Enter the target machine that you are planning to test. Depending upon the targets, Nessus takes time to scan the targets.

Results

Once the scanning process has been completed successfully, results can be analyzed.

  • You can see the name of the scan under the Results section. Click on the name to see the report.
  • Hosts–Specifies all the target systems you have scanned.
  • Vulnerabilities–Displays all the vulnerabilities on the target machine that has been tested.
  • Export Results–You can export the results into various formats such as html, pdf, etc. You can also select an individual section or complete result to export based on your requirement.
Let us try an example now

I have configured a policy named “Basic Scan.” We have many options while configuring or building the policy, such as port scanners, performance of the tool, advanced, etc.

Figure E (Click to Enlarge) Figure E (Click to Enlarge)

Figure (E) shows configuration settings of Port Scanning for the policy “Basic Scan.”

You don’t need credentials now, so skip the Credentials tab and move to the Plug-ins tab. You need to configure the specific plug-in as per the requirements of the scan that you want to perform on the remote machine.

Figure F  (Click to Enlarge)Figure F (Click to Enlarge)

Figure (F) shows the plug-ins I have enabled for the policy “Basic Scan.” I have enabled a few plug-ins for the Windows machine scan.

Figure G (Click to Enlarge)Figure G (Click to Enlarge)

Figure (G) shows configuring the scan.

I have configured the scan to run instantly with the policy that I have created earlier. And the scan target specifies the IP address I want to scan

Once all the details have been entered, click on Create Scan, which shows that the Scan is running, as shown in Figure (H) below:

Figure H (Click to Enlarge)Figure H (Click to Enlarge)

Once the scanning has been completed, you can see the results in Results tab. Figure (I) shows the same.

Figure I (Click to Enlarge)Figure I (Click to Enlarge)

Double clicking on the title displays the scan results.

Figure J (Click to Enlarge)Figure J (Click to Enlarge)

Figure (J) shows the Hosts details. It includes all the targets that you have scanned during the test. Double clicking on the host address displays the vulnerabilities Nessus has identified during the test. You can also click on the Vulnerabilities tab to check out the vulnerabilities.

Figure K (Click to Enlarge)Figure K (Click to Enlarge)

Figure (K) shows the Vulnerabilities that Nessus found during its scan. Nessus marks the risk as high, medium, info, etc. Clicking on Vulnerability gives you brief description of it.

For example, let us go with the Netstat port scanner, which displays the following information:

Figure L (Click to Enlarge)Figure L (Click to Enlarge)

Figure (L) shows the ports opened in the target machine.

In the same manner you can analyze complete details by clicking on the vulnerabilities. Nessus also suggests solutions or remedies for the vulnerabilities with a few references.

Conclusion

Nessus is a tool that automates the process of scanning the network and web applications for vulnerabilities. It also suggests solutions for the vulnerabilities that are identified during the scan.

Kamal B is a security researcher for InfoSec Institute. InfoSec Institute is an information security training company that offers popular CEH v8 Ethical Hacking Boot Camps.

References

http://static.tenable.com/documentation/nessus_5.0_installation_guide.pdf

http://static.tenable.com/documentation/nessus_5.0_HTML5_user_guide.pdf

http://static.tenable.com/documentation/WhatIsNewNessus5.pdf

Tags: exploitNessusscanningtutorial
Share30Tweet19
InfoSec Institute

InfoSec Institute

Recommended For You

Application hardening tips

by Paul Anderson
May 31, 2014
0
Application hardening tips

When a exploit has been discovered in an operating system or program the vendor pushes a patch or upgrade that eliminates the vulnerability. “Hardening” is the act of...

Read more

Low Level IPhone programming

by Paul Anderson
May 28, 2014
0
Low Level IPhone programming

Video from JailbreakCon Twitter: @JailbreakCon - http://twitter.com/JailbreakCon "Low Level iPhone Programming (And more!)" by winocm Slides: http://cl.ly/3B0U0i3X3n2W

Read more

CDP Flood Attack

by Paul Anderson
October 9, 2013 - Updated on February 24, 2014
0
Hacking With Netcat Basics

The Cisco Discovery Protocol (CDP) is a proprietary Data Link Layer protocol developed by Cisco Systems. It is used to share information about other directly connected Cisco equipment,...

Read more

LFI exploitation via php://input

by Paul Anderson
September 9, 2013 - Updated on September 16, 2013
0
LFI exploitation via php://input

Released by Zentrix, video description: Credits to my brothers Hooded Robin for teaching me this and also to Haxor. Special thanks to my brothers in Intra and Intra...

Read more

Safari Forensic Tutorial

by Paul Anderson
April 20, 2013
1
Safari Forensic Tutorial

Introduction In Mac OS X, iOS and in many apple products store serialized objects in property list files (.plist). These file are used to store information of applications,...

Read more
Next Post
Casio China hacked 150,000 accounts leaked by @TurkishAjan

Casio China hacked 150,000 accounts leaked by @TurkishAjan

Related News

BreachForums Owner Arrested and Charged

BreachForums Owner Arrested and Charged

March 17, 2023
ChipMixer platform tied to crypto laundering scheme – seized by authorities

ChipMixer platform tied to crypto laundering scheme – seized by authorities

March 17, 2023
NSA intercepting U.S. Routers

NSA intercepting U.S. Routers

June 6, 2014 - Updated on March 17, 2023
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology News
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact Us
  • List of our Writers

© 2022 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
  • Exploits
  • Data Breaches
  • Malware
  • Privacy
  • Mobile Security
  • Tools
  • Contact Us
  • Privacy Policy

© 2022 ZeroSecurity, All Rights Reserved.