Vulnerability Scanning with Nessus: A Practical Guide

What is Nessus?

Nessus, developed by Tenable, is a powerful vulnerability scanner trusted by organizations worldwide to identify vulnerabilities in their IT infrastructure. It scans networks, servers, and applications to detect weaknesses that attackers could exploit. Nessus Professional is widely used in enterprise environments, while Nessus Essentials (formerly Nessus Home) is available for personal use, offering limited scanning capabilities for home networks.

Why Nessus?

The appeal of Nessus lies in its robust scanning engine, ease of use, and comprehensive coverage of vulnerabilities. It has one of the most extensive vulnerability databases, which is regularly updated to include the latest security issues. The scanner is capable of identifying misconfigurations, missing patches, default credentials, and more—making it an invaluable tool for security professionals.

Setting Up Nessus

• Download and Install Nessus: Visit the Tenable website to download the version suitable for your needs—Nessus Professional for business users or Nessus Essentials for home use.

• Installation

For installation, open the terminal and go to the download directory.

For installation, use the following command

# dpkg -i Nessus-10.8.3-ubuntu1604_amd64.deb

Start the nessus service-

# service nessusd start

And for confirming whether the nessus service has been started or not, we can confirm it with:-

# service nessusd status

• Activate Your License: After installation, you’ll need to activate your license. Nessus Essentials requires a free license key, while Nessus Professional comes with a paid license and a free trial of 7 days.
  Configuration by using the command

#service nessusd start

#service nessusd status

For setup, click on the checkbox register offline and then continue

Create new user account by giving user id and password

• Set Up the Scanner: Once Nessus is installed, you will be prompted to configure the scanner. You can choose from various scan types depending on your objectives (e.g., vulnerability assessment, compliance scans, or custom configurations).

Performing a Vulnerability Scan with Nessus

1. Performing a Vulnerability Scan with Nessus

To start using Nessus Professional, you’ll need to access the Nessus Professional dashboard through your web browser. By default, the Nessus Professional service runs on port 8834, so you can access it using the following URL:

https://localhost:8834/

Log in with your Nessus Professional credentials to access the dashboard.

2. Create a New Scan

Once you’re logged in, click on the “New Scan” button to initiate a scan. Nessus Professional offers several templates to choose from, depending on your requirements:

• Basic Network Scan: A general vulnerability scan for networks.
• Advanced Scan: Provides detailed control over scan parameters.
• Web Application Test: Designed to identify vulnerabilities in web applications.

For our example, let’s assume you want to perform a Basic Network Scan.

• Navigate to the Scans
• Click on New Scan.
• Select Basic Network Scan from the list of available templates.

3. Configure Scan Settings

Once you select a scan template, you will need to configure the scan settings. This includes specifying your target, scan schedule, and any additional options like port ranges or scan timeouts.

Steps:

• Name: Provide a descriptive name for your scan (e.g., “Internal Network Scan”).
• Target: Enter the target(s) for the scan.

Range of IP Addresses

Set up the scan with the target IP, specify the project name along with a detailed description, and ensure all output is saved to your “scan” folder.

Port Range: If you want to scan a specific range of ports, configure the Port Range field. For example, to scan common ports: 1-1024, 8080, 8443

Schedule: If you want to automate the scan, you can set it to run periodically (e.g., daily or weekly) under the Schedule tab. Daily Scan (scheduled at 6:30 PM every day):

Configure Authentication: If your scan targets servers or devices requiring authentication, you can configure credentials such as SSH or SMB to gain deeper insights. Here’s how to specify credentials in the scan configuration:

SSH Authentication:

4. Run the Scan

After configuring the scan settings, you’re ready to launch the scan. Nessus Professional will immediately begin scanning the target network, and the time required will vary based on the network’s size and complexity.

• Click Save to save the scan configuration.
• Click Launch to start the scan immediately.

5. Monitor the Scan Progress

Once the scan is launched, Nessus Professional will display the progress in real-time within the web interface. The status bar will show how far along the scan is, and once completed, the results will be available for review.

You can view the scan progress under the Scans tab, where you will see the percentage of the scan completed, the time elapsed, and the number of vulnerabilities detected so far.

6. View and Analyze Scan Results

After the scan is completed, Nessus Professional will generate a comprehensive report outlining the vulnerabilities discovered. Each vulnerability will be categorized by its severity:

Download Scan Results in CSV Format:

7. Exporting Results

You can export the scan results in different formats from the Nessus Professional web interface by following these steps:

• Open the scan results page.
• Click on Export.
• Choose the desired format (e.g., PDF, CSV, HTML).
• Save the file to your desired location.

8. Remediation and Continuous Scanning

Once vulnerabilities are identified, prioritize remediation based on their severity. After addressing the critical vulnerabilities, you can continuously monitor the environment by scheduling periodic scans.

Following these steps allows you to conduct an effective vulnerability scan using Nessus Professional, helping you secure your network against potential threats. Regular scans and diligent remediation are key components in maintaining a secure and resilient network environment.