| Filename | Installing and Running Nessus 4.2.2: The Basics |
| Permission | rw-r--r-- |
| Author | WhySoSeriousssssssssssss |
| Date and Time | 22:49 |
| Label | hack |
| Action |
-----------------------------------------------------------------------------------------------------------
Nessus is now no longer using the Nessus Client as in previous versions. It uses a Web Interface to set up, scan and view reports.
Choose Linux - Accept the agreement - Choose the version that is for your distribution
You'll want to choose Nessus-4.2.2-ubuntu810_i386 if your using Backtrack
To install:
root@bt~# dpkg --install Nessus-4.2.2-ubuntu810_i386.deb
Now you will need to add a user to use Nessus:
root@bt~# /opt/nessus/sbin/nessus-adduser
You are going to enter a login name and then a password for logging in to Nessus:
Login: (type what you want for a name)
Authentication (enter)
Login Password: (Create a Password)
Login Password: (Repeat)
Do you want this Nessus user to be an "admin" user? yes (Enter)
(Leave the rules blank) (Enter)
This user will have "admin" privileges on the Nessus server
Is this O.K.? Yes (Enter)
user added
You will now have to register to get the plugin feed: Tenable Network Security
Accept the agreement and enter an email address to recieve a key. In the email sent to you will be a path with the key added to it. Copy that and paste in console:
root@bt~# /opt/nessus/bin/nessus-fetch --register (your key# here)
To start the Nessus server:
root@bt~# /etc/init.d/nessusd start
To stop the Nessus server:
root@bt~# /etc/init.d/nessusd stop
The Web Interface
NOTE: there is no longer a Nessus Client.
Open your favorite browser and type in the address bar:
https://127.0.0.1:8834 (don't forget the "s" in https)
NOTE: If using Firefox with Noscript, make sure you allow the address to view the Nessus Web Interface.
You will now be shown the login access page. Once you have entered your user name and password you will be taken to the Nessus web interface. The default view is Reports. Before scanning you must configure a few things Click Policies and Add.
Policies
- Enter a Name.
- In Port Scanners check all that apply.
- In Port Scan Options you can leave it at default or choose a range for faster scanning.
- Click Next.
Credentials
- Click Next.
Plugins
- If you know a specific plugin you can filter by name.
- Click Enable All.
- Click Next.
Preferences
You can leave this default and Click Submit.
Now you have a policy to run a scan with.
Now you are ready to Run a Scan against targets. Click Scans and Add.
Launch a Scan
- Enter a Name for the network.
- Leave type as default "Run Now".
- Policy: Choose the policy name from the drop down box you created earlier.
- Enter your Scan Targets.
- Click Launch Scan.
NOTE: This is the final part to complete the Basics of installing and scanning with nessus.
Scan Status
- Give it some time to finish scanning.
- Click Reports when finished scanning.
- Highlight the report for the network you scanned.
- Click Browse.
- Click on the IP you want more info about.
NOTE: There is a vulnerability in BT4 involving Mono and XSS allowing privilege escalation. Nessus offers a solution to fix it. The solution is to upgrade to Ubuntu 9.04.
source: JellyBelly
Download Nessus for Windows-32 bit here
Download Nessus for Windows-64 bit here
Download Nessus for Linux Debian here
0 comments:
Post a Comment