Nessus Vulnerability Scanner Tool
Nessus is one of the more widely used network vulnerability scanners, originally starting as an open-source product and then gaining in popularity enough to become an enterprise-level, scalable commercial product from Tenable. Nessus also have community edition for home user. Nessus is available cloud-base and on-premises server-base solutions. Nessus is configurable and can allow you to use a wide range of plug-ins (scanning signatures based on vulnerability or operating system). You can scan operating systems and applications, including all flavors of Windows, macOS, and most Linux distributions and its also work on odd embedded OS devices as well. You can create preconfigured scans, target lists, and several other options when configuring a scan.
Plug-ins can be created using Nessus Attack Scripting Language (NASL). Nessus reports provide information on missing patches and updates & configuration issues. Nessus can output its results in a variety of report formats, including its native Nessus (XML) format, PDF reports, and CSV format. You can download this tool from Tenable’s website https://www.tenable.com.
Following are some screenshots for Nessus, we used Nessus essentials on Kali Linux environment for these screenshots.
- Download and install Nessus vulnerability scanning tool.
- Open a web browser.
- Go to URL http://localhost:8834 and you see login screen
Nessus Login Screen
After Login you see following screen, where you create policies and perform scanning of different assets.
Go to Policies Tab and Click Create New Policy,
There you can perform multiple task as per your requirement like Host discovery, Basic network scan, Advance scan and much more.
Following screen shot show the Advance scan,
Upon completion, you can observe the result,
other tabs, Remediation, Notes and History to get more details about history, issues
and remediation actions.
Go to Report and select the required format.
*As per my last blog, In future we discuss one-by-one Vulnerability Assessment (VA) tools. If you have any question, you can ask me in comments section.
No comments:
Post a Comment