NESSUS VULNERABILITY SCANNER
Nessus vulnerability scanner is often called the Swiss army knife of vulnerability scanners, as you might have noticed, the Nmap scripting engine has limited numbers of scripts and is only capable of detecting a few vulnerabilities, the reason you cannot completely rely on nmap for vulnerability assessment.
The most common approach used by Nessus is to look at the banners/version headers, which most of the times reveal interesting information about the target such as the version of the service that is running.
The most common approach used by Nessus is to look at the banners/version headers, which most of the times reveal interesting information about the target such as the version of the service that is running.
As you can see here, I have connected to a website’s FTP server on port 21. From the banner, we can see that it is running Pure-FTPd. However, it is not showing the exact version of the Pure-FTPd. Also, the banner information can be easily changed/faked. This may cause nessus to generate a false positive.
Nessus comes in two flavors:
1. Home feed
2. Professional feed
Nessus comes in two flavors:
1. Home feed
2. Professional feed
HOME FEED
Home feed is for personal use, and it contains information about everything from a vulnerability scanning perspective.
PROFESSIONAL FEED
Professional feed is for commercial usages mostly related to compliance checks and auditing purposes. This scanner is not available for free.
INSTALLING NESSUS ON BACKTRACK
Nessus comes preloaded in BackTrack. However, in order for nessus to work, we need the activation code, which can be obtained by signing up on the Nessus website, which will help us fetch the latest plug-ins from the Nessus website.
http://www.tenable.com/products/nessus/nessus-plugins/obtain-an-activation-code
http://www.tenable.com/products/nessus/nessus-plugins/obtain-an-activation-code
Next, you will have an option to choose “work feed” or “home feed.” Choose home feed and provide the e-mail address to which you want the activation code to be delivered.
Once you receive the code, you can issue the following command from your BackTrack con-
sole to register it:
/opt/nessus/bin/nessus-fetch –register <insert activation code>
Once you receive the code, you can issue the following command from your BackTrack con-
sole to register it:
/opt/nessus/bin/nessus-fetch –register <insert activation code>
ADDING A USER
After we have successfully updated the plug-ins, we need to register a user to nessus, The command for that would be as follows:
/opt/nessus/sbin/nessus-adduser
/opt/nessus/sbin/nessus-adduser
This will ask you for a username and a password; it will also ask you if you want to assign administrative privileges to that particular user. The output would look similar to the following:
Finally, you need to issue the following command in order to start the nessus server, which
would be accessible at https://localhost:8834.
/etc/init.d/nessusd start
You can confirm if a nessus server is running by combining the netstat and grep command. The following command would highlight if a nessus server is listening upon port 8834:
netstat –ano | grep 8834
Once you have completed these steps, you would need to navigate to https://localhost:8834 from your browser. Since you are accessing it the first time, you will be prompted to accept a generic certificate, which you need not do on subsequent visits.
Next, you just need to log in to nessus with the credentials you defined earlier. This is how your log-in screen would look like:
Finally, you need to issue the following command in order to start the nessus server, which
would be accessible at https://localhost:8834.
/etc/init.d/nessusd startYou can confirm if a nessus server is running by combining the netstat and grep command. The following command would highlight if a nessus server is listening upon port 8834:
netstat –ano | grep 8834Once you have completed these steps, you would need to navigate to https://localhost:8834 from your browser. Since you are accessing it the first time, you will be prompted to accept a generic certificate, which you need not do on subsequent visits.
Next, you just need to log in to nessus with the credentials you defined earlier. This is how your log-in screen would look like:
NESSUS CONTROL PANEL
Nessus control panel is divided into the following six main components:
Reports
This would be our actual findings compiled in the form of a report.
Mobile
This is a new feature added to the latest version of nessus for scanning mobile devices located on a network.
Scan
This tab is where we would spend most of our time after the policies tab. This enables us to scan the targets for vulnerabilities.
Policies
Policies are a core component of Nessus. In policies, we define what type of scan we want to perform on the target, which plug-ins to use, what targets should be excluded, what types of scans should be excluded, and so on.
Users
This is where we can add and delete users that can access the nessus.
Configuration
Configuration allows us to use a proxy and a bunch of other options for scanning.
Default Policies
As mentioned before, policies let us customize the type of scan and plug-ins we want to use to scan a target. Nessus comes preloaded with several default policies. Each policy has a different objective and is meant for different types of pentests. Some of the default policies are as follows:
External network scan
Internal network scan
Web app tests
Prepare for PCI DSS audits
Reports
This would be our actual findings compiled in the form of a report.
Mobile
This is a new feature added to the latest version of nessus for scanning mobile devices located on a network.
Scan
This tab is where we would spend most of our time after the policies tab. This enables us to scan the targets for vulnerabilities.
Policies
Policies are a core component of Nessus. In policies, we define what type of scan we want to perform on the target, which plug-ins to use, what targets should be excluded, what types of scans should be excluded, and so on.
Users
This is where we can add and delete users that can access the nessus.
Configuration
Configuration allows us to use a proxy and a bunch of other options for scanning.
Default Policies
As mentioned before, policies let us customize the type of scan and plug-ins we want to use to scan a target. Nessus comes preloaded with several default policies. Each policy has a different objective and is meant for different types of pentests. Some of the default policies are as follows:
External network scan
Internal network scan
Web app tests
Prepare for PCI DSS audits
The Nessus guidelines document, available on the official website, contains information about each of the default policies. Understanding the policies listed in this document will help in using Nessus more effectively.
No comments:
Post a Comment