Vulnerability scanning has always played a vital part to strengthen the security of the server at which your useful sites are hosted. It can also be used to scan the security of the computer which is connected to the internet. It basically scans the open ports and then checks for the vulnerabilities present in the services running on those ports.It is always useful for a server admin or else of any system to be aware of the weak points of the server security so that he may make it a hack proof system. That's why I decided to post a tutorial on this site to help you all scan for the weakness in accordance with the latest increasing available exploits.I suggest using backtrack as every thing is already cooked up there. In any other Linux you may have to install all the packages first.
Installing Nessus in Linux:-
Download the Nessus from the official site. Run the following commands under the terminal, If it's present in Downloads:-
cd /root/Downloads (replace root with the username using which you have logged in)dpkg -i Nessus-4.4.1-ubuntu1010_i386.debNote:- "Nessus-4.4.1-ubuntu1010_i386.deb" is the name of downloaded .deb file. It depends on your version and name of the downloaded nessus version.
If you want it to be installed on any other system then kindly read this official PDF file to get further information. Download Nessus Installation Guide
Registering and Setting up Nessus:-
Lets start this part, Keep on reading and if you need any help comment to ask:-
- I am using "Backtrack 5 r1", So, here I shall go to (A little bit of further effort may tell you how to configure that in any other Linux, as its not much different. Except the menus might be different) Applications>Backtrack>Vulnerability Assessment>Vulnerability Scanners>Nessus>Nessus Register .
- Browser will popup and there it will give you choice whether to use nessus at home or at commercial level. For commercial use you have to purchase a license. So, I am assuming you want to use it at home. Thus select "Using Nessus at home" and next click agree at next page.
- There provide your email address and then login into your email account and there you have to verify it for nessus and get the activation code needed. Copy that code provided in email which is in the format of xxxx.xxxx.xxxx.xxxx.xxxx
- Open up the terminal and there write following command:-
/opt/nessus/bin/nessus-fetch --register xxxx.xxxx.xxxx.xxxx.xxxx
So, press enter, wait for nessus to fetch newest plugins to scan vulnerabilities and after that your nessus is registered and is ready to be used. Close the terminal.
- Now again to go the panel and Applications>Backtrack>Vulnerability Assessment>Vulnerability Scanners>Nessus>nessus user add. There terminal will popup and then write your username there (Any which you may like) and press enter and write down the password.(Password characters may not be shown not even dots. So, don't worry just write the password),If it asks to give admin privileges in terminal type "y" and press enter. If it asks for any rules then just press enter. And in end it will ask for confirmation type "y" and hit enter.
- Now, lets start nessus. Applications>Backtrack>Vulnerability Assessment>Vulnerability Scanners>Nessus>Nessus Start and click it. Terminal will popup showing starting Nessus.
- Open up Mozilla (In my case mozilla worked well than chrome. Flash plugin must be pre-installed in browser.). Navigate to :- https://127.0.0.1:8834 and if it asks for exeption just add one. And let the nessus load. After loading just put the username which you have selected in step number 5 earlier and also type the password chosen there. Hit login and you have a working nessus. Further usage video will be posted soon. Just subscribe to us.
Tags: hacking tools, scanners, tips and tricks