Nessus is a Vulnerability Scanning Tool developed by Tenable Incorporation. It is an open-source, subscription-based software that scans all ports on a computer/server for known vulnerabilities and exploits and presents reports in various manners.
Nessus uses a constantly updating database of exploits and vulnerabilities to scan for possible exploits. Furthermore, it is a beginner-friendly tool as it does not require advanced knowledge of operating systems or command line tools. As a result, it is one of the finest tools used for the Reconnaissance/Enumeration stage of a Security Penetration Test.
Now, as Nessus is a proprietary tool, it comes in different availabilities. There are three tiers of Nessus available, based on the number of tools provided; they are:
The Nessus Essentials is the free version of the Nessus tool, and it contains all the necessary tools for regular vulnerability scans. The Nessus Professional is the next best version available, providing more functionalities than the free version. It is suitable for Professional Penetration Testers and security practitioners. The last one, Nessus Expert, is the complete set of functionalities provided by Nessus and is ideal for IT departments of small enterprises, etc.
For demonstration, we shall use the Nessus Essential version of the tool. However, the installation process is similar for every performance.
To continue with this tutorial, you should meet the following requirements:
Now, let us head on to the installation part of this tutorial.
After meeting the requirements mentioned in the previous section, we shall install the Nessus Tool on our Ubuntu machine.
We shall first download the installation package for Ubuntu using curl:
- sudo curl --request GET --url 'https://www.tenable.com/downloads/api/v2/pages/nessus/files/Nessus-10.4.2-ubuntu1404_amd64.deb' --output /tmp/'Nessus-10.4.2-ubuntu1404_amd64.deb'
This has downloaded the Nessus installation files in the
/tmp folder. Now, we shall use the dpkg to install Nessus on our Ubuntu machine. Type the following command to install it in the system:
- sudo dpkg -i /tmp/Nessus-10.4.2-ubuntu1404_amd64.deb
After this, the Nessus tool is installed, and now, we need to restart the
Nessusd service. Type the following command:
- sudo /bin/systemctl start nessusd.service
Now, you can access Nessus in your local browser at the following address:
Note: Port 8834 is the default port of Nessus
In most browsers, you’ll get a security pop-up asking you to Go Back. However, it is entirely safe and you can click on Advancedand then continue to the website.
Now, we have successfully installed the Nessus on our computer. The next step is configuring the Nessus in a local browser and installing the required plug-ins.
Once you have reached the Welcome screen, click on Nessus Essentials to continue with the free tier of Nessus. If you have a subscription for the Professionalor Expert tier, you can continue with that option. The installation process will be similar to this one.
After that, you will be asked to provide your Name and Email address to receive an activation code for your Nessus Essentials.
If you already have an activation, you can skip this step. Else, provide your details to receive the code in your submitted email.
Once the code is received, continue and type it into the activation code block. After that, you will be asked to create an administration account;
Use any username of your choice and create a strong password. For example, in this tutorial, the username is
Sammy. Once you proceed after this, Nessus will start installing the necessary plug-ins. Depending on your internet connection and processor capabilities, this process takes some time. Once you get the notification that plug-ins have been installed and complied successfully, you can proceed to the next step.
Now that we have successfully installed Nessus, we can run scans on target systems for reconnaissance purposes. To do so, open the **** My Scans**** folder on the Nessus homepage. If you have installed Nessus the first time, there will not be any scans to view. So, click the New Scan button in the top right corner of your dashboard.
Upon clicking on the said button, you will be directed to the Scan Template page, where there are three major categories of Scans:
The first two categories are available in the free tier of Nessus. In this tutorial, we shall stick to the Vulnerability category of scans.
This section will configure a Basic Network Scan and explore options. Then in the following area, we shall scan our second Ubuntu system.
Click on the
Basic Network Scan option, and you will be landed on the
Settings page of the scan. There, under
Settings, you will see different options. The following table gives a brief explanation of each setting option.
This section includes three sub-sections:
This scan is used for demonstration purposes. To configure a Basic Network Scan (as required in later sections), you must provide the target machine’s IP address (the second Ubuntu machine in this tutorial) in the targets block, as shown in the figure below.
You need to replace the IP address 192.xxx.xxx.xxx with the IP address of your target Ubuntu machine.
We will not schedule any scan in this tutorial, so we shall keep it
For this tutorial, we do not need any email notifications, so we shall not provide any to the email recipient’s list and leave it empty, just like below.
Here, you have to decide the scope of your scan. As there are 65535 ports on any network, it is only sometimes feasible to scan them all as most need to be operational. However, this is a required setting that varies from scan to scan.
To perform a Basic Network Scan, you do not have to select all ports later in this tutorial as that process will be time-consuming; therefore, we shall keep the Discovery scope to standard ports.
Nessus provides three options,
Depending upon your needs, you can choose whichever you prefer.
In this section, you must choose the vulnerabilities to assess. These are required settings, arguably the most important section of Scan settings, as it defines which kind of vulnerabilities will be scanned for the target system(the second Ubuntu machine in this tutorial). Nessus provides various options in this section as well:
We shall keep the Assessment settings to
Default to complete a Basic Network Scan with minimal customization. When default is selected, Nessus will choose the best methods of stealth and enumeration available.
This section customizes the report. For example, you can select which sections to include in your scan results and choose the verbosity of your scans, depending on your disk space and other requirements.
To get a report of the Basic Scan as shown in the later section, you should choose the settings as shown in the above figure or,
Under Processing, check the following two options:
Show missing patches that have been superseded - This option gives you the list of all patches that are not up to date.
Hide results from plugins initiated as a dependency - Checking this option ensures that the plugins used are not mentioned in the report (which could make the report less readable)
Under the Output Section, `allow users to edit scan results, allowing you to choose whether to get it an HTML or XML file (used in a later section).
This section provides more advanced options, such as slowing the scan requests when congestion is detected on the network. This is useful when you scan on an active network that could crash under over congestion.
Here, the Default option scans 30 hosts (max) and gives each host a read timeout of 5 seconds.
The Scan low bandwidth limits options reduce the number of hosts scanned; however, they increase the timeout for each host to 15 seconds, thus, giving more time to get a response from the target machine.
These settings must be taken care of when performing scans more professionally and actively. However, for our
Basic Network Scan, we shall set these settings to Default only as we are not dealing with advanced options.
Now that we have covered the scan configurations, this section will show a dummy scan performed on a similar Ubuntu machine, as used for this tutorial’s previous sections.
On the second machine, type the following command to get the IP address of the machine:
- ip a | grep ‘inet 192’
There will be two IPv4 addresses in this output statement. The IP address of your machine will be the one that ends with
192.###.###.###/24. The values before the
/ is your IP address; note the same.
Now, move to the machine with Nessus, start a new
Basic Network Scan as shown in the previous section, and type in a name for the scan. Add some description if you wish. Leave the folder to
My Scans, and in the Targets section, type the IP address of your target machine.
Now move to the Discovery section; choose `Port scan(standard ports) from the dropdown menu.
Next, click on the Assessment section and select
Default from the dropdown menu.
In the Report section, leave all the checkboxes to their default selection, as this scan is the most basic one; you do not have to customize the generated reports.
Then, in the Advanced section, keep the Scan Type to
Default as this is a basic scan, and no advanced customizations are required.
Lastly, save the scan by clicking on Save, and you will be redirected to the My Scansfolder. There, click on the*Play/Launch* button in front of the scan (as shown in the figure below)
Once your scan is completed, you can continue to the next section, where we review the results.
Once the scan is completed, click on it, and you will be taken to the results section of the scan. You can generate an HTML report of the scan results by clicking the Report button in the top right corner. A dialog box will open; there, choose HTML and continue. Then, the report will be downloaded to your downloads folder. On opening it in your browser, you will get a page like this.
Nessus will show you all the results and information gathered from the scan here. There are five categories of results it finds:
This article provided a step-by-step guide for installing Nessus on Ubuntu 22.04 and used the same to scan another Ubuntu 22.04 target machine. We also explained the results provided by a
Basic Network Scan and exported the same as an
Anyone looking to extend their knowledge of Nessus can always refer to the Nessus Documentation. Also, to better grasp the tools of Nessus, it is necessary to have a decent understanding of Computer Networking. This could be the next step for anyone trying to get into Cyber Security.
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.