A vulnerability is a weakness or error in a system or device’s code that, when exploited, can compromise the confidentiality, availability, and integrity of data stored in them through unauthorized access, the elevation of privileges, or denial of service.
There are different Scanning tools in the market which help us to find out these types of weaknesses in our system. Nessus is one of the great tools to help keep their domains free of the easy vulnerabilities that hackers and viruses commonly look to exploit.
Purpose: Vulnerability Assessment
- Vulnerability scanning is a process of identifying network, application, and security vulnerabilities.
- In addition to identifying security loopholes, vulnerability scans also predict effective solutions to counter a threat or attack.
- After the scan, a report is generated. The findings in the report can then be analyzed and interpreted to identify opportunities to improve security.
Open source but with a limitation: Scans up to 16 IPs
Nessus is developed by Tenable, Inc. It is a remote security scanning tool, which scans a computer for vulnerabilities that malicious hackers could use to gain access to any computer you have connected to a network.
Nessus Essentials is a free version of the Nessus vulnerability scanner. You can scan up to 16 IPs with Nessus Essentials. The activation code does not expire and can be used for as long as needed.
Why we should use Nessus:
If you are familiar with other network vulnerability scanners, you might be wondering what Pros Nessus has over them. Here are the advantages of using Nessus for vulnerability scan:
- Unlike other scanners, Nessus does not make assumptions about your server configuration (such as assuming that port 80 must be the only webserver) that can cause other scanners to miss real vulnerabilities.
- Nessus provides a plug-in interface, and many free plugins are available from the Nessus plug-in site. These plugs are often specific to detecting a common virus or vulnerability.
- The paid version of Nessus gives some other special vulnerability scan templates like Mobile Device Scan, MDM Config Audit, etc.
- When Nessus detects a vulnerability, it is also most often able to suggest the best way to mitigate the vulnerability.
Nessus Official Documentation:
https://docs.tenable.com/nessus/Content/Install.htm
Nessus Installation on Windows Machine
- Download Docker for Windows
https://docs.docker.com/desktop/windows/install/
Requirements: You should have at least 8 GB Ram & more than Windows 10 Pro (64 Bit)
Reason for Using Dockers: Docker is an open-source containerization platform. It enables developers to package applications into containers. You can deploy a managed Nessus scanner or an instance of Nessus Professional/Essential as a Docker image to run on a container. Nessus can audit the configuration of the Docker containers as well.
- Download the Linux kernel update package
- Signup for docker hub
- Search for Nessus image in docker hub
- Use this command on windows CLI:
docker pull tenableofficial/nessus
Nessus image is installed. The moment we get the docker image, the container is not there.
How to start the container?
docker run -it -d tenableofficial/nessus
- -it: means an interactive mode in the background
- -d: create a demon thread that will be up and running in the background if you cancel or close the terminal
Some id will be generated and it means that the container is up and running
Up till now we have pulled the image, executed the image, and created the container.
- Go to the following links:
https://www.tenable.com/products/nessus/nessus-essentials
https://docs.tenable.com/nessus/Content/InstallNessusEssentialsProfessionalOrManager.htm
- Get the activation code on your email
- Run this command:
docker run -p 8834:8834 tenableofficial/nessus
- Go to: https://localhost:8834/
- Log in with your credentials
- Allow all plugins to download (This will only happen once at the first login)
Scanning Ubuntu VM using Nessus Essentials
Authenticated scan:
- Automatic authentication
- HTTP login form
After running an authenticated scan through automatic authentication OR login form, if the Plugin ID 11219 shows credentialed checks: no, it means that SSH is not enabled on the Ubuntu VM.
- Allow Access To your Selected IP Addresses Or Networks on Ubuntu VM (Enable SSH on Ubuntu).
- Verify that you are able to SSH the Ubuntu using this command on windows CLI: SSH root@[ubuntu IP]
Re-run the scan and the credential checks should be yes.
Nessus Scanning on Local Machine using Basic Network Scan
“Knowing your enemy is winning half the war..”
Similarly, when you know about your target, half the task of Hacking is done.
Network Scanning is the procedure of identifying active hosts, ports, and the services used by the target application.
Suppose you are an Ethical Hacker and want to find vulnerabilities in the System, you need a point in the System that you can try to attack. Network Scanning for Ethical Hacking is used to find out these points in the system that a Black Hat Hacker can use to hack the network. And then the respective teams work on improving the security of the network.
Nessus provides a simple way to execute a basic network scan test to find out the loopholes and vulnerabilities in your targeted network
Nessus Scanning using Web Application Tests Template
Nessus provides template Web Application Tests so you can scan your targeted website with a single click:
Note: There are some other template Scanners provided by Nessus you can select as per your requirements. In the below screenshot you can see the list of vulnerability scanner templates in Nessus:
CVSS-Based Severity and Score
Nessus classified the vulnerabilities into 5 levels:
- Info: Identifies the non-vulnerability information and separates it from the vulnerability detail.
- Low: Identifies the flaws that might help an attacker to better refine his attack. However, by itself, this flaw won’t be sufficient to compromise that system.
- Medium: Identifies some information that is leaking from the remote host. An attacker might be able to read a file that he/she would not have the access to do so.
- High: identifies that the attacker can read arbitrary files on the remote host and or can execute commands on the remote host.
- Critical: It is the most important vulnerability which can be exploited by a tool and in most cases, the attacker doesn’t need to make an extra effort to exploit them.
After the scan is complete, you can see the vulnerability report under the “Vulnerabilities” tab. Click on the vulnerability to see the details of it. We have the name of the vulnerability, description, solution method, and links to learn about it more.
Conclusion
Many organizations all around the world use Nessus as one of their most believed pen-testing tools. It is utilized to scan IP addresses, sites, and sensitive information. Nessus can assist in identifying missing patches, malware, and mobile scanning. Additionally, it has a fully-featured dashboard, a broad range of scanning capabilities, and a multi-design report office.
There are many tools for pen-testing and vulnerability scans that differ from one company to another. However, the goal remains the same, to secure a business’s assets from outside intruders. Penetration testers with advanced skills can reveal an increasing number of flaws. This can be fixed to make systems more secure.
https://www.testhouse.net/blogs/penetration-testing-101-a-beginners-guide-to-ethical-hacking/
https://docs.tenable.com/nessus/Content/AssessmentSettings.htm
https://www.edureka.co/blog/network-scanning-kali-ethical-hacking/#WhatisNetworkScanning