Saturday, 22 June 2013
NESSUS - The Basics
Nessus is one of the most common and reliable vulnerability scanners used by security professionals to check and scan for known weaknesses in the system. Here, we are going to focus on how to configure a scan, understanding the result and knowing its ability to export the result for further use and analysis.
First, after installation and setup of Nessus, load it using the browser to https://localhost:8834 and log in using your username and password.
In the Scan Queue tab, click New Scan
Enter the following
And then click Run Scan
A completed scan will show the status as 'Completed' on the 'Results' tab
In the Hosts Summary, it will show a summary of the scan results
By clicking on the Vulnerabilities tab, it will show the summary of all the vulnerabilities found
Clicking on one of the vulnerability will produce a list of information associated to the vulnerability and even provide links of references to further read or research about it,
The Scan results can also be exported for further review.
The following export formats are available to be exported.
You can always load the exported file back to Nessus to view the results. Additionally, you can import the results (NBE Report) into the MSFconsole database!
Reference: Nessus; http://www.tenable.com/products/nessus