No Tech Experience

Using the Nessus Vulnerability scanner

Step-by-Step Guide to Installing and Using Nessus Vulnerability Scanner

Nessus is a popular vulnerability scanner that helps identify and fix security issues in networks, systems, and applications. This guide will walk you through installing Nessus and performing a vulnerability scan.

Part 1: Installing Nessus

  1. Download Nessus
    • Visit the Tenable Downloads page.
    • Select the appropriate version for your operating system (Windows, Linux, macOS, etc.).
    • Register for an activation code if required (community edition is free).
  2. Install Nessus
    • For Windows:
      • Run the downloaded .exe file.
      • Follow the installation wizard prompts.
    • For Linux:
      • Open a terminal and run the following commands:bashCopy codesudo dpkg -i Nessus-<version>.deb # For Debian-based distros sudo yum install Nessus-<version>.rpm # For RHEL-based distros
    • For macOS:
      • Open the downloaded .dmg file and drag the Nessus application to the Applications folder.
  3. Start the Nessus Service
    • Windows/macOS: The service usually starts automatically after installation.
    • Linux: Use the following commands to start the Nessus service:bashCopy codesudo systemctl start nessusd sudo systemctl enable nessusd # To start it on boot
  4. Access the Nessus Web Interface
    • Open a web browser and navigate to https://<your-server-ip>:8834.
    • If running locally, use https://localhost:8834.
    • Log in or create a new account.
  5. Activate Nessus
    • Enter the activation code obtained during registration.
    • Update the plugin feed to ensure Nessus has the latest vulnerability checks.

Part 2: Performing a Vulnerability Scan

  1. Log in to Nessus
    • Access the Nessus web interface at https://<your-server-ip>:8834.
  2. Create a New Scan
    • Click Scans on the top menu and then New Scan.
    • Choose a scan template based on your needs:
      • Basic Network Scan: General-purpose scanning for network vulnerabilities.
      • Web Application Tests: For web application security.
      • Advanced Scan: Customizable for specific requirements.
  3. Configure the Scan
    • Enter a name for the scan.
    • Specify the target(s) (IP address, domain, or network range).
    • Customize settings if needed, such as authentication credentials or scanning policies.
  4. Launch the Scan
    • Click Save and then select the scan from the list.
    • Click Launch to begin scanning.
  5. Monitor the Scan
    • While the scan runs, monitor progress in the interface. Scanning time depends on the number of targets and the scan depth.
  6. Review Scan Results
    • Once completed, click on the scan to view results.
    • Results are categorized by severity:
      • Critical: Requires immediate attention.
      • High: Serious vulnerabilities needing quick action.
      • Medium/Low/Info: Less severe, but still worth addressing.
  7. Export Results
    • Export the results as a PDF, CSV, or other formats for reporting or further analysis.

Best Practices for Vulnerability Scanning

  • Update Regularly: Always update Nessus to ensure it detects the latest vulnerabilities.
  • Test in Non-Production: Perform scans in a test environment first to avoid disrupting live systems.
  • Secure Your Setup: Protect the Nessus server with firewalls and strong authentication.
  • Remediate Issues Promptly: Prioritize and fix vulnerabilities based on their severity and impact.