Introduction and Installations
Nessus is a scanning tool that we can utilize for external and internal assesments.
To download and install it we go to google type nessus download and t hen we find this site called Tenable we find the image which is compatible with our debian system and download that then go to the terminal traverse to the download directory and then do
dpkg -i Nessusfilename
and then we type in the path it gives us in the terminal again like shown below
So we start nessus by doing /etc/init.d/nessusd start
and then we go to our browser and go to the the page kali:8834
and then we can install tool by signing up and stuff like that and it should like like something like this after its done installing and everything.
This is the free dition which allows us to scan any private IP address and we can scan 15 of these so class A to class C cant scan an external ip tho.
You can schedule Scans here and every thing
We can then go to the discovery tab and select what ports we wanna scan so like all of them or some of them that are defined in the program and then also in the assesment tab we can scan for diffrent types like Scan for all known web Vulnerablities,Scan for all web vulnerabilites and stuff like that .
Its kind of a slow scan btw it takes a while to do and its preety through.
In the new scan tab we have a lot of types of scans like
Malware Scans,Ransomware Scans ,Mobile Device Scan,Advanced Scan
The most common ones though would be basic and advanced scan
So after our scan is complete we can go to it and check all the vulnerabilites listed in their like below-
We can export these list of Vulnerablities by clicking the export button and we can get nessus document which we can then convert to excel and put in our report .
Resource and places to learn more :
- Nessus : https://tryhackme.com/room/rpnessusredux
- The Cyber Mentor : https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course