On the off chance that somebody needed to hack your local network, the first thing they’d do is run a vulnerability scan, at that point they’d run a penetration test. A vulnerability check burrows through the different devices on your network and searches for possible gaps, similar to open ports, outdated softwares with known vulnerabilities, or default passwords on devices. In the event that they discover anything, a hacker would test those vulnerabilities, and then figure out how to abuse them. Testing these vulnerabilities is a two-step procedure on the grounds that an output just uncovers the chance of issues, an penetration test checks that the issue is really exploitable.
Nessus is a remote security scanning tool, which checks a PC and raises a caution in the event that it finds any vulnerabilities that malicious hackers could use to access any PC you have associated with a system. It does this by running more than 1200 checks a given PC, testing to check whether any of these attacks could be utilized to break into the PC or in any case harm it.
Nessus is sold by Tenable Security. The tool is free for non-enterprise use; however, for enterprise consumption, there are options that are priced differently.
Download and Install Nessus
- Go to nessus essential page, enter name and email address, and then click the Register button. You will receive a activation code.
- Click the Download button, then download Nessus for your operating system. It’s available for Windows, Mac, and Linux.
- Once the download is complete, run the installer package and follow the on-screen instructions to finish installation.
- Once Nessus is installed, Enter
https://localhost:8834/in your web browser.
- When you launch Nessus for the first time, you get a “Your connection is not secure” warning from your browser. Click “Advanced” and then “Proceed to localhost” to bypass this warning.
- Create an account on the Account Setup screen, leave the Registration as “Home, Professional, or Manager,” and then enter the Activation Code from your email. Click “Continue.”
- Next, Nessus will download a number of tools and plugins so it can properly scan your network with updated utilities. This can take a few minutes.
Nessus User Interface
- Scans Page :- This page will allow you to create your new scans and manage them. You will also note that at the bottom left section of your screen, you have sections that allow you to configure policies that will apply to your scans, define plugin rules and monitor your scanners and agents as well. When you create a new scan or policy, a Scan Template or Policy Template appears.
- Settings Page :- Your settings page will contain configuration information, allowing you to define settings for your LDAP, Proxy and SMTP server for additional functionality and integration within your network.
Nessus Scan Configuration
Nessus gives you the ability to configure your scan based on different scan and policy templates.
Basic :- With this setting, you can determine security-related and authoritative parts of the scan. These angles will incorporate the name of the scan, the objectives of the scan, regardless of whether it is scheduled and who has access to it.
Discovery :- This is the place you would characterize the ports to be examined and the strategies to be utilized while conducting this discovery.
Assessment :- This setting permits you to decide the kind of vulnerability scan to perform and how they are performed. Nessus will check vulnerability of Web applications to attacks and different systems to brute-force attacks also. This setting has sections that permit you to modify general scans to Windows, SCADA, Web applications, and even brute-forcer checks.
Report :- This setting will permit you to decide how scan reports are produced and the data that ought to be incorporated inside them.
Advanced :- Here you will define scan effectiveness and the activities that the scan ought to perform. You will likewise have the option to enable scan debugging here.
Start a Vulnerability Scan
- Click the New Scan.
- Click on any scan type in our case Basic Network Scan.
- Name your scan and add a description.
- In the Targets field, enter IP scanning details.
- Click Save.
- On the next screen, click the Play icon to launch the scan.