Introduction
Nessus is a vulnerability scanning tool developed by Tenable Incorporation. It is a subscription-based open source software that scans all ports on a computer/server for known vulnerabilities and exploits and reports in various ways.
Nessus uses a constantly updated database of exploits and vulnerabilities to search for possible exploits. Also, it is a beginner-friendly tool as it does not require advanced knowledge of operating systems or command line tools. Consequently, it is one of the best tools used for the reconnaissance/enumeration phase of a Security Penetration Test.
Now, since Nessus is a proprietary tool, it comes in different availabilities. There are three tiers of Nessus, based on the number of tools provided; I am:
- Nessus Essentials
- Nessus Professional
- Nessus Expert
Nessus Essentials is the free version of the Nessus tool and contains all the tools you need for regular vulnerability scans. Nessus Professional is the best version available and provides more features than the free version. It is suitable for professional penetration testers and security professionals. The last one, Nessus Expert, is the complete set of features provided by Nessus and is ideal for small business IT departments, etc.
Prerequisites
To continue with this tutorial, you must meet the following requirements:
- The machine must have a minimum of 4GB of RAM available. While Tenable recommends 8GB of RAM, 4GB is sufficient for relatively smaller scans.
- The Ubuntu machine should have at least 5GB of space just to install the Nessus Essentials tool.
- (Optional) To scan for vulnerabilities later in this tutorial, there should be another machine (Ubuntu machine also used for the same purpose in this tutorial) to scan. The target computer must also have a non-root user account and be logged in as the root account.
Install the Nessus Essentials tool
After fulfilling the requirements mentioned in the previous section, we will install the Nessus tool on our Ubuntu machine.
We will first download the installation package for Ubuntu using curl:
sudo curl --request GET --url 'https://www.tenable.com/downloads/api/v2/pages/nessus/files/Nessus-10.4.2-ubuntu1404_amd64.deb' --output /tmp/'Nessus-10.4.2-ubuntu1404_amd64.deb'
This downloaded the Nessus installation files into the /tmp
folder. We will now use dpkg to install Nessus on our Ubuntu machine. Type the following command to install it on your system:
sudo dpkg -i /tmp/Nessus-10.4.2-ubuntu1404_amd64.deb
Next, the Nessus tool is installed and now we need to restart the Nessusd
service. Type the following command:
sudo /bin/systemctl start nessusd.service
You can now access Nessus in your local browser at the following address:
http://localhost:8834/
Note: Port 8834 is the default port for Nessus
Most browsers will display a security popup asking you to go back. However, it is completely safe and you can click Advanced and then continue to the website.
Configure Nessus in your local browser
We have now successfully installed Nessus on our computer. The next step is to set up Nessus in a local browser and install the required plug-ins.
Once you reach the welcome screen, click on Nessus Essentials to continue with your free tier of Nessus. If you have a Professional or Expert subscription, you can continue with that option.
You will be asked to provide your name and email address to receive an activation code for Nessus Essentials.
If you already have an activation, you can skip the next step. Otherwise, provide your details to receive the code in the email sent.
Once you receive the code, go ahead and type it into your activation code block. Next you will be asked to create an administrative account.
Use any username of your choice and create a strong password. After you proceed, Nessus will start installing the necessary plug-ins. Depending on your internet connection and processor capabilities, this process takes some time. Once you receive notification that the plugins have been successfully installed and complied with, you can proceed to the next step.
Configure Nessus scan settings to scan for vulnerabilities
Now that we have successfully installed Nessus, we can run scans on target systems for reconnaissance purposes. To do this, open the **** My Scans**** folder on the Nessus home page. If you are installing Nessus for the first time, there will be no scans to display. Then, click the Rescan button in the upper right corner of the dashboard.
Clicking this button will take you to the Scan Pattern page, where there are three main categories of scans:
- discovery
- Vulnerabilities
- Compliance
The first two categories are available in the free tier of Nessus. In this tutorial, we will limit ourselves to the Vulnerability scan category.
This section will set up a basic network scan and explore the options. Then in the next area we will scan our second Ubuntu system.
Scan setup and configuration
Click on the Basic Network Scan option and you will be taken to the Scan Settings
page. There, under Settings, you'll see several options. The following table provides a brief explanation of each setting option.
Basic
This section includes three subsections:
- General: The name and IP address of the target system must be provided here. There are two optional fields, Description and Folder. By default, the folder is My Scan, but you can change it to any folder you choose. Description is an optional field, but in this tutorial, we simply enter text explaining that
This scan is used for demonstration purposes.
to set up a basic network scan (as required in later sections), you need to supply the IP address of the target machine (the second Ubuntu machine in this tutorial) in the target block.
You need to replace the IP address 192.xxx.xxx.xxx with the IP address of the target Ubuntu machine.
- Schedule: This option is disabled in the default settings. It is used when you need to schedule a scan later. If enabled, you need to provide the scan frequency, start time and time zone.
We won't schedule any scans in this tutorial, so we'll keep it off.
- Notifications: This option sends scan notifications to the email addresses you set up and is completely optional. Simply add the email addresses you want all notifications about your scan to receive, and Nessus will send them to you.
For this tutorial, we don't need any email notification, so we won't provide any to the email recipient list and leave it blank, just like below.
discovery
Here you need to decide the scope of your scan. Since there are 65535 ports on any network, it is only sometimes possible to scan all of them as most need to be operational. However, this is a mandatory setting which varies from scan to scan.
To perform a basic network scan, you don't need to select all ports later in this tutorial as this process will take a long time; therefore, we will keep the Discovery scope on the standard ports.
Nessus provides three options,
- Common Ports: Scan commonly used ports such as 80, etc.
- All Ports: Scans all 65535 ports.
- Custom Ports: Scan only the specified ports.
Depending on your needs, you can choose the one you prefer.
Assessment
In this section it is necessary to choose the vulnerabilities to be evaluated. These are the required settings, probably the most important section of the Scan Settings, as it defines what type of vulnerability will be scanned for the target system (the second Ubuntu machine in this tutorial). Nessus also provides various options in this section:
- Default: This is the essential evaluation method and does not cause any alarms on the scanned web application/server, but hardly provides any valuable information.
- Scan for known web vulnerabilities - This option scans for commonly known web vulnerabilities.
- Scan for all web vulnerabilities (fast): This option scans more effectively than the previous one and scans up to 1000 pages on the main domain.
- Scan for all (complex) web vulnerabilities: This is the most reliable option available as it scans for all known vulnerabilities at the time of the scan and runs various HTTP methods to look for possible exploits.
- Custom: In this method you can decide the scanning technique; therefore, it requires a higher knowledge of web and network applications than is required for this tutorial.
We will keep the assessment settings at Default
to complete a basic network scan with minimal customization. When the default is selected, Nessus will choose the best hiding and enumeration methods available.
Reports
This section customizes the report. For example, you can select which sections to include in the scan results and choose the level of detail of the scans, depending on disk space and other requirements.
Show missing patches that have been superseded
- This option lists all out-of-date patches.Hide results from plugins initiated as a dependency
- Checking this option ensures that used plugins are not mentioned in the report (which could make the report less readable)
In the Output section, "allow users to edit scan results", allows you to choose whether to get it as an HTML or XML file (used in a later section).
Advanced
This section provides more advanced options, such as slowing down scan requests when congestion is detected on the network. This is useful when scanning on an active network that may hang due to excessive congestion.
Here, the Default option scans 30 hosts (maximum) and gives each host a 5 second read timeout.
The Low Bandwidth Limit Scan options reduce the number of hosts scanned; however, they increase the timeout for each host to 15 seconds, thus giving more time to get a response from the target computer.
You need to pay attention to these settings when you scan more professionally and actively. However, for our Basic Network Scan,
we will only set these settings to Default since we are not dealing with advanced options.
Scan for vulnerabilities with Nessus
Now that we've covered scan configurations, this section will show a dummy scan performed on a similar Ubuntu machine, as used for the previous sections of this tutorial.
On the second machine, type the following command to get the machine's IP address:
ip a | grep 'inet 192'
There will be two IPv4 addresses in this output instruction. Your machine's IP address will be the one ending in 192.###.###.###/24
. The values before the /
represent your IP address; note the same.
Now move to the machine with Nessus, start a new Basic Network Scan
and type a name for the scan. Add some description if you like. Leave the folder on My Scans
and in the Destinations section type the IP address of your target computer.
Now move to the Discovery section; choose "Port scan (standard ports) from the drop-down menu".
After that, click on the Rating section and select Default
from the drop-down menu.
In the Report section, leave all the checkboxes at their default selection, as this scan is the simplest; there is no need to customize the generated reports.
Then, in the Advanced section, keep the Scan Type at Default
as this is a basic scan and no advanced customizations are required.
Finally, save the scan by clicking Save and you will be redirected to the My Scans folder. There, click the Play/Start button in front of the scan.
Once the scan is complete, you can continue to the next section, where we'll review the results.
Reviewing scan results
Once the scan is complete, click on it and you will be taken to the scan results section. You can generate an HTML report of the scan results by clicking the Report button in the upper right corner. A dialog will open; there, choose HTML and continue. Then, the report will be downloaded to your downloads folder.
Nessus will show you all the results and information gleaned from the scan here. There are five categories of results found:
- Critical - Critical or easily exploitable vulnerabilities.
- High - Vulnerabilities that skilled hackers can exploit.
- Medium: These vulnerabilities are usually not easily exploited and can be fixed with effort.
- Low - These vulnerabilities include standard patches that are not updated, etc. A high level of expertise is required to exploit such vulnerabilities.
- About - This section provides basic information about your machine, such as hardware and operating system details.
Conclusion
This article provided a step-by-step guide for installing Nessus on Ubuntu 22.04 and used the same guide to scan another Ubuntu 22.04 target computer. We have also explained the results provided by a Basic Network Scan
and exported the same as an HTML report.
Anyone who wants to expand their knowledge of Nessus can always refer to the Nessus Documentation. Also, to best understand Nessus tools, you need to have a fair understanding of computer networking. This could be the next step for anyone looking to enter the world of cybersecurity.