Introduction

In today's interconnected digital world, ensuring the security of our systems is paramount. Vulnerability scanning is a crucial step in identifying potential weaknesses that attackers could exploit. Nessus, a widely used vulnerability scanner, allows us to systematically assess and mitigate these risks.

Prerequisites

Before diving into the vulnerability scanning process, ensure you have the following setup:

A vulnerable machine (Metasploitable 2 VM in this case) installed in VMware.

Kali Linux VM with Nessus installed.

Network connectivity between the VMs.

Step 1: Set Up Nessus

1. Download the Nessus package for Debian on the Nessus website and make sure you set the Platform to Linux-Debian-amd64. ---> Download

2. When it's finished downloading, open your Linux terminal and navigate to the location you downloaded the Nessus file to.

3. Install Nessus using this command:

sudo dpkg -i Nessus-*

4. Start the Nessus service with this command:

sudo systemctl start nessusd

5. On your browser, go to https://<kali-linux-IP>:8834/. It would show a warning page.

Nessus website showing a warning page

6. Click on Advanced. Then, click on Accept Risk and Continue.

7. Choose the Nessus Product you prefer. If you want the free version of Nessus, click on Nessus Essentials.

Nessus Packages

8. Enter your name and email address to receive an activation code by email. Paste the activation code into the space provided and choose a username and password.

9. Allow Nessus to download the necessary plugins.

10. Once the plugin downloads have completed, you can start using the Nessus service.

Step 2: Access Nessus Web Interface

Start Nessus on your Kali Linux VM when vm starts up

sudo systemctl enable nessusd

Access the Nessus web interface via https://localhost:8834 and log in with your credentials.

Step 3: Nessus Dashboard Overview

Dashboard Overview: Upon logging in, you will land on the Nessus dashboard. Here’s a breakdown of key components:


On top of the page, you'll see two tabs one is Scans and another one is Settings. On Scans page on left side, you'll see folders that stores the scans when done and under this we can manage Policies and Plugin Rules. On My Scans page we can see three buttons 
  1.  Import: This allows to import saved scan configurations from device.
  2. New folder: This will create a folder on the left-hand side we can use this to categorize scans.

  3. New Scan: This allows to create new scans for different hosts.

Step 4: Basic Scan Configuration

Navigate to the "Scans" tab and click on "New Scan."

Choose the "Basic Network Scan" template.

Enter the IP of your Metasploitable 2 VM as the target or any other target you may have selected.

Let's explore the basic network scan settings a bit. First on the general category under basic tab we can set the name, description, which folder to save, and the target IP or IP range, we can also upload target files.

On the discovery page we can see different scan types mostly port scan type as it is a basic scan.

On assessment page we can set scan types for web vulnerability related stuff.

The report page shows how the end report will be presented.

And lastly, the advanced page show in which rate the scan will take place.

After exploring everything come back to basic page and here, we can either save the scan for later run or we can start then scan then and there. Save the scan configuration and start the scan.

Step 4: Run the Scan

Run the Scan:

In the "Scans" tab, locate the scan you just created.

Click on the "Play" button (▶) to start the scan.

Monitor the Scan:

Nessus will begin scanning the Metasploitable 2 VM. The duration will vary depending on the network and the configuration.

Step 5: Analyze the Results

View Scan Results:

When the scan is finished it will show a tick mark on the scan, click on the scan name to open the scan results.

In this page we can see different tabs each for different purposes

1. On hosts tab we can see the target host and some scan details and a vulnerability chart.



2. Opening vulnerabilities tab will show all the vulnerabilities that are found on the host. It shows the vulnerability criticality and which vulnerability family it belongs to. We can click each vulnerability to get more info about that specific vulnerability.



3. On remediations page we can see Nessus giving some potential remediation strategies to mitigate the vulnerability.


4. Notes tab is more of an info tab that shows if any error occurred during the scan.


5. Opening VPR top threats will list the top vulnerabilities found on the target according to VPR score. We can click each vulnerability to get more insight about the vulnerability.



6. Lastly the history tab will show scan history.

Step 6: Differences between Basic and Advanced scan

Create a new scan using the "Advanced Scan" template for more detailed analysis.


The main differences we can see between the basic and advanced scan is in the new scan configuration. We can find it in discovery page. There are different types of discovery sections. As we can see there are four categories like host, port, service and identity.


Also, in the assessment page we can see different assessment types which isn't available in basic configurations.


The other pages are mostly same as basic scans. Also, in advanced scan we can see all plugins are enabled.

Step 7: Remediation and Reporting

In the upper right corner, there are other settings that we can configure. We can configure the same scan again to our needs and also export our scan as Nessus file format. In the scan page on right corner, we can see a report button use this to generate report for the scan.


It will show a prompt to generate a report, it can generate report in different formats, and it will provide scan templates to generate reports.

And That's a Wrap, Folks

You made it You've successfully navigated the world of Nessus vulnerability scanning, from setting up the tool to running basic and advanced scans. You've even learned how to analyze the results, prioritize remediation, and generate reports to show off your security skills. Remember, vulnerability scanning is an essential part of keeping your systems and networks secure. By regularly scanning for weaknesses, you'll be able to identify and fix potential entry points for attackers before they become a problem.
This isn't all, there is so much more to explore but that's a thing for another time. I'm mr1diot signing off and will come again with another article until then Happy Hacking!