Nessus is a Vulnerability Scanning Tool developed by Tenable Incorporation. It is an open-source, subscription-based software that scans all ports on a computer/server for known vulnerabilities and exploits and presents reports in various manners.Nessus uses a constantly updating database of exploits and vulnerabilities to scan for possible exploits. Furthermore, it is a beginner-friendly tool as it does not require advanced knowledge of operating systems or command line tools. As a result, it is one of the finest tools used for the Reconnaissance/Enumeration stage of a Security Penetration Test.
Now, as Nessus is a proprietary tool, it comes in different availabilities. There are three tiers of Nessus available, based on the number of tools provided; they are:
The Nessus Essentials is the free version of the Nessus tool, and it contains all the necessary tools for regular vulnerability scans. The Nessus Professional is the next best version available, providing more functionalities than the free version. It is suitable for Professional Penetration Testers and security practitioners. The last one, Nessus Expert, is the complete set of functionalities provided by Nessus and is ideal for IT departments of small enterprises, etc.
For demonstration, we shall use the Nessus Essential version of the tool. However, the installation process is similar for every performance.
To continue with this tutorial, you should meet the following requirements:
A server or virtual machine running Ubuntu 22.04 version, either the Desktop Distro or its Server substitute.
The machine must have a minimum of 4 GB of RAM available. Although Tenable recommends 8 GB of RAM, 4 GB is enough for comparatively smaller scans.
The Ubuntu machine should have at least 5 GB of space only to install the Nessus Essentials tool.
The system should have at least four dual-core processors. Anything over that will speed up the tests only.
The minimum processor speed for running Nessus on a system should be 1 GHz or more.
The Ubuntu machine should have a non-root user account, as it is a secure practice not to use the superuser(root) and access it.
(Optional) For performing the vulnerability scan later on in this tutorial, there should be another machine (Ubuntu machine used for the same purpose as well in this tutorial) to perform the scan upon. The target machine should also have a non-root user account and access to the root account.
A supported browser (Google Chrome, Mozilla Firefox) should be installed in the Ubuntu machine. We are using the Mozilla Firefox in this tutorial.
Now, let us head on to the installation part of this tutorial.
After meeting the requirements mentioned in the previous section, we shall install the Nessus Tool on our Ubuntu machine.
We shall first download the installation package for Ubuntu using curl:
This has downloaded the Nessus installation files in the /tmp folder. Now, we shall use the dpkg to install Nessus on our Ubuntu machine. Type the following command to install it in the system:
sudo dpkg -i /tmp/Nessus-10.4.2-ubuntu1404_amd64.deb
After this, the Nessus tool is installed, and now, we need to restart the Nessusd service. Type the following command:
sudo /bin/systemctl start nessusd.service
Now, you can access Nessus in your local browser at the following address:
Note: Port 8834 is the default port of Nessus
In most browsers, you’ll get a security pop-up asking you to Go Back. However, it is entirely safe and you can click on Advancedand then continue to the website.
Now, we have successfully installed the Nessus on our computer. The next step is configuring the Nessus in a local browser and installing the required plug-ins.
Once you have reached the Welcome screen, click on Nessus Essentials to continue with the free tier of Nessus. If you have a subscription for the Professionalor Expert tier, you can continue with that option. The installation process will be similar to this one.
Nessus Welcome ScreenAfter that, you will be asked to provide your Name and Email address to receive an activation code for your Nessus Essentials.
If you already have an activation, you can skip this step. Else, provide your details to receive the code in your submitted email.
Once the code is received, continue and type it into the activation code block. After that, you will be asked to create an administration account;
Use any username of your choice and create a strong password. For example, in this tutorial, the username is Sammy. Once you proceed after this, Nessus will start installing the necessary plug-ins. Depending on your internet connection and processor capabilities, this process takes some time. Once you get the notification that plug-ins have been installed and complied successfully, you can proceed to the next step.
Now that we have successfully installed Nessus, we can run scans on target systems for reconnaissance purposes. To do so, open the **** My Scans**** folder on the Nessus homepage. If you have installed Nessus the first time, there will not be any scans to view. So, click the New Scan button in the top right corner of your dashboard.
Upon clicking on the said button, you will be directed to the Scan Template page, where there are three major categories of Scans:
The first two categories are available in the free tier of Nessus. In this tutorial, we shall stick to the Vulnerability category of scans.
This section will configure a Basic Network Scan and explore options. Then in the following area, we shall scan our second Ubuntu system.
Configuration settings of the scan
Click on the Basic Network Scan option, and you will be landed on the Settings page of the scan. There, under Settings, you will see different options. The following table gives a brief explanation of each setting option.
This section includes three sub-sections:
General – You must provide the target system’s name and IP address here. There are two optional fields, Description and Folder. By default, the folder is My Scan, but you can change it to any folder you choose. The description is an optional field, but in this tutorial, we just put a text explaining that This scan is used for demonstration purposes. To configure a Basic Network Scan (as required in later sections), you must provide the target machine’s IP address (the second Ubuntu machine in this tutorial) in the targets block, as shown in the figure below.
You need to replace the IP address 192.xxx.xxx.xxx with the IP address of your target Ubuntu machine.
Schedule – This option is turned off in default settings. This is used when you need to schedule a scan later. If turned on, you must provide the scan’s frequency, start time, and time zone.
We will not schedule any scan in this tutorial, so we shall keep it off.
Notifications – This option sends scan notifications to the set email addresses and is completely optional. Just add the email addresses where you wish to receive all notifications about your scan, and Nessus will send them to it.
For this tutorial, we do not need any email notifications, so we shall not provide any to the email recipient’s list and leave it empty, just like below.
Here, you have to decide the scope of your scan. As there are 65535 ports on any network, it is only sometimes feasible to scan them all as most need to be operational. However, this is a required setting that varies from scan to scan.
To perform a Basic Network Scan, you do not have to select all ports later in this tutorial as that process will be time-consuming; therefore, we shall keep the Discovery scope to standard ports.
Nessus provides three options,
Common Ports – Scans of commonly used ports such as 80, etc.
All Ports – Scans all 65535 ports.
Custom Ports – Scans the given ports only.
Depending upon your needs, you can choose whichever you prefer.
In this section, you must choose the vulnerabilities to assess. These are required settings, arguably the most important section of Scan settings, as it defines which kind of vulnerabilities will be scanned for the target system(the second Ubuntu machine in this tutorial). Nessus provides various options in this section as well:
Default – This is the essential assessment method, and it does not provoke any alarms on the web application/server that are being scanned but hardly yield any valuable insights.
Scan for known web vulnerabilities – This option scans against commonly known web vulnerabilities.
Scan for all web vulnerabilities (quick) – This option scans more robustly than the previous one and scans up to 1000 pages on the main domain.
Scan for all web vulnerabilities (complex) – This is the most robust option available as it scans for all known vulnerabilities at the time of scan and performs various HTTP methods to scan for possible exploits.
Custom – In this method, you can decide your scanning technique; thus, it requires a higher knowledge of networking and web applications than is needed for this tutorial.
We shall keep the Assessment settings to Default to complete a Basic Network Scan with minimal customization. When default is selected, Nessus will choose the best methods of stealth and enumeration available.
This section customizes the report. For example, you can select which sections to include in your scan results and choose the verbosity of your scans, depending on your disk space and other requirements.
To get a report of the Basic Scan as shown in the later section, you should choose the settings as shown in the above figure or,
Under Processing, check the following two options:
Show missing patches that have been superseded – This option gives you the list of all patches that are not up to date.
Hide results from plugins initiated as a dependency – Checking this option ensures that the plugins used are not mentioned in the report (which could make the report less readable)
Under the Output Section, `allow users to edit scan results, allowing you to choose whether to get it an HTML or XML file (used in a later section).
This section provides more advanced options, such as slowing the scan requests when congestion is detected on the network. This is useful when you scan on an active network that could crash under over congestion.
Here, the Default option scans 30 hosts (max) and gives each host a read timeout of 5 seconds.
The Scan low bandwidth limits options reduce the number of hosts scanned; however, they increase the timeout for each host to 15 seconds, thus, giving more time to get a response from the target machine.
These settings must be taken care of when performing scans more professionally and actively. However, for our Basic Network Scan, we shall set these settings to Default only as we are not dealing with advanced options.
Now that we have covered the scan configurations, this section will show a dummy scan performed on a similar Ubuntu machine, as used for this tutorial’s previous sections.
On the second machine, type the following command to get the IP address of the machine:
ip a | grep ‘inet 192’
There will be two IPv4 addresses in this output statement. The IP address of your machine will be the one that ends with 192.###.###.###/24. The values before the / is your IP address; note the same.
Now, move to the machine with Nessus, start a new Basic Network Scan as shown in the previous section, and type in a name for the scan. Add some description if you wish. Leave the folder to My Scans, and in the Targets section, type the IP address of your target machine.
Settings of Dummy ScanNow move to the Discovery section; choose `Port scan(standard ports) from the dropdown menu.
Next, click on the Assessment section and select Default from the dropdown menu.
In the Report section, leave all the checkboxes to their default selection, as this scan is the most basic one; you do not have to customize the generated reports.
Then, in the Advanced section, keep the Scan Type to Default as this is a basic scan, and no advanced customizations are required.
Lastly, save the scan by clicking on Save, and you will be redirected to the My Scansfolder. There, click on the*Play/Launch* button in front of the scan (as shown in the figure below)
Once your scan is completed, you can continue to the next section, where we review the results.
Once the scan is completed, click on it, and you will be taken to the results section of the scan. You can generate an HTML report of the scan results by clicking the Report button in the top right corner. A dialog box will open; there, choose HTML and continue. Then, the report will be downloaded to your downloads folder. On opening it in your browser, you will get a page like this.
Scan ResultsNessus will show you all the results and information gathered from the scan here. There are five categories of results it finds:
Critical – Vulnerabilities that are critical or easily exploitable.
High – Vulnerabilities that experienced hackers can exploit.
Medium – These vulnerabilities are usually not easily exploitable and can be fixed with effort.
Low – These vulnerabilities include standard patches that are not updated, etc. It requires a high level of skills to exploit such vulnerabilities.
Info – This section provides basic information about the machine, such as its hardware and operating system details.
This article provided a step-by-step guide for installing Nessus on Ubuntu 22.04 and used the same to scan another Ubuntu 22.04 target machine. We also explained the results provided by a Basic Network Scan and exported the same as an HTML report.
Anyone looking to extend their knowledge of Nessus can always refer to the Nessus Documentation. Also, to better grasp the tools of Nessus, it is necessary to have a decent understanding of Computer Networking. This could be the next step for anyone trying to get into Cyber Security.