Post

An exposure to Nessus vulnerability scan

Posted Updated
By Zhibeau 1 min read

What is Nessus?

Nessus is a platform developed by Tenable that scans for security vulnerabilities in devices, applications, operating systems, cloud services and other network resources. It is maintained by Tenable with free version - Nessus Essentials. Nessus Essentials has a limit to 16 IPs Addresses that can be used for vulnerability scans. This article will introduce how to do vulnerability scan with Nessus Essentials.

Vulnerability scan with Nessus

Firstly, we need to download Nessus.

1_Download

During downloading, we can sign up and apply for a license.

2_Register

After downloading, we can install Nessus in the terminal.

3_Install

After installing, a local register is needed.

4_Register_local

Finally, we can create a new scan.

5_Create_newscan

In the new scan, we need firstly set the IP address.

6_set_ip

The scanned ports can be assigned. Here we choose to scall all ports.

7_scan_all_ports

The possible useful credential can be set for different authentification (SSL, windows, etc.)

8_set_credentials

After the scanning, we can read the report. We can searh keywords in the report. For example, “SMB share”.

9_SMB_Share

Vulnerabilities found are also listed.

10_Vulnerabilities

We can also export the report in other forms, e.g., pdf for small size reports, csv for large size reports.

11_Report_export

Software
Vulnerability scan
This post is licensed under CC BY 4.0 by the author.