Nessus Essentials – Vulnerability Assessment: Installing Nessus

Nessus plugins intialising

Vulnerability assessment tools are used to identify risks/threats that may cause security issues in a system. Today I am going to look at a vulnerability assessment tool from Tenable called Nessus Essentials, which can (manually or automatically) scan networks for vulnerabilities and then output reports.

Nessus Essentials

Nessus (https://www.tenable.com/products/nessus) offers a few different vulnerability assessment tools. The free option is Nessus Essentials, which can be used to scan 16 IP addresses and is a great way to get grips with a vulnerability assessment tool without spending any money.

geektechstuff_nessus_1
Nessus Essentials

Although it is free, nessus essentials does still require an activation code, which means registering for the product. Note: The activation code is one-use only. If you use it and need to reinstall nessus then you will need to to register again.

geektechstuff_nessus_4
Nessus – Register for activation code

Installing Nessus

Nessus is available for various Linux systems, Windows and Mac OS X. The downloads for Nessus are available at https://www.tenable.com/downloads/nessus , make sure you choose the appropriate download for the operating system (OS) you want to install it on.

I am going to run Nessus on Ubuntu (Debian Linux) so I have download the .deb file. Once downloaded the file is installed using:

sudo dpkg -i Nessus-8.8.0-ubuntu110_amd64.deb

Note: The filename may change depending on when you are reading this blog post.

dpkg -i to install
dpkg -i to install

Installation should take a few minutes. I’m running Nessus on a virtual computer (via Virtual Box) which has 30GB disk space, 4GB RAM and 2 processors.

Once installed Nessus can be started (on Ubuntu) via /etc/init.d/nessusd start and once started the service can be reached via:

On initial connection Nessus will ask which product you want to use. This blog entry is around the free “Nessus Esssentials” but there are trial versions of the other products available if you want to give them a try.

Confirm Nessus version
Confirm Nessus version

Nessus will then ask you to create a local nessus account for use with your installed Nessus product, and will ask for the registration key created earlier in this blog post. If you did not create a registration key then do not worry as you can do it now.

geektechstuff_nessus_3
Nessus plugins intialising

Nessus will then initialise (or initialize) and download / configure it’s plugins which can take some time depending on speed of internet connection / speed of machine etc.

Running A Scan

The various scan options are available by clicking “Scans”.

geektechstuff_nessus_7
Nessus Essential scan options

The first scan I would recommend is a “Host Discovery” as it will scan an IP range for hosts (devices) that are connected.

After this, try a “Basic Network Scan”. Nessus can take a while (depending on number of hosts, network speed etc) to report its findings but should eventually return a screen similar to the below:

Nessus Essentials basic network scan
Nessus Essentials basic network scan

The three tabs break down:

  • Hosts found and their amount of vulnerabilities
  • Vulnerability names and amount of each found
  • History

In the top right, is the option to export the findings as CSV (Comma Separated Values) or HTML (Hyper Text Markup Language), or to publish a report in PDF format.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.