What is Nessus And How to Install and use it

A complete overview of Nessus 


* What is NESSUS

Nessus is a remote security scanning tool, which scans a computer and raises an alert if it discovers any vulnerabilities that malicious hackers could use to gain access to any computer you have connected to a network.  It does this by running  checks on a given computer, testing to see if any of these attacks could be used to break into the computer or otherwise harm it.

* What can NESSUS do ?

It can scan for 

Vulnerabilities that could allow unauthorized control or access to sensitive data on a system

Misconfiguration (e.g. open mail relay)

Denials of service (Dos) vulnerabilities

Default passwords, a few common passwords, and blank/absent passwords on some system accounts

*  How does NESSUS Work ?
Each computer has thousands of ports, all of which may or may not have services (ie: a server for a specific high-level protocol) listening on them.  Nessus works by testing each port on a computer, determining what service it is running, and then testing this service to make sure there are no vulnerabilities in it that could be used by a hacker to carry out a malicious attack.

* Features Of Nessus

    - Unlike other scanners, Nessus does not make assumptions about your server configuration (such as assuming that port 80 must be the only web server) that can cause other scanners to miss real vulnerabilities.

    - Nessus is very extensible, providing a scripting language for you to write tests specific to your system once you become more familiar with the tool. Its also provides a plug-in interface, and many free plug-ins are available from the Nessus plug-in site.   These plugs are often specific to detecting a common virus or vulnerability. 

    - Up to date information about new vulnerabilities and attacks.  The Nessus team updates the list of what vulnerabilities to check for on a daily basis in order to minimize the window between an exploit appearing in the wild, and you being able to detect it with Nessus.

    - Open-source.  Nessus is open source, meaning it costs nothing, and you are free to see and modify the source as you wish.

    - Patching Assistance:  When Nessus detects a vulnerability, it is also most often able to suggest the best way you can mitigate the vulnerability.


Knowledge source :- Nessus On cs.cmu.edu


* How To Install Nessus
First go to Nessus on tenable and select on of the three plans as per your requirements

As I am using this for free and educational purposes I will press the Download button
 - It will then take me to a page where i have to input my name and email address

- Once you enter the email address you will receive an email with the activation key and you will have to select the version of nessus as per your device 

- Here i am selecting the Windows version as I am trying to execute this on Windows
Once it is downloaded execute the file 



- it may or may not ask for permission to change things on windows if prompted allow it 

- once done it will ask you to create an account , since we have already created an account we will just press the skip button beneath it and enter the activation code 
- then we press continue 

- it will ask you to create a username and password , fill that as per your choice
after that it will start downloading and compiling the neccesary plugins


- it will then start and give you a basic tour on how to use it 
 


 - I closed this prompt and went to my scan and pressed create a new scan
it will the ask you for the type of scan you want to run 
I will be using a basic host Discovery Scan 



 - after pressing on the required scan it will then ask for details and the targets on which the scan is to ve performed

- I will be performing a scan on my network and give the required name of my choice and then press on launch


- it will show you on my scans and you can click on it to see its status and results

- here is a view once you click on it 


- Thanks for reading 

Comments

Post a Comment

Popular posts from this blog

CYBER-BASICS 3: SQL

Image
 Structured Query Language  SQL is used when a database is connected to a site allowing you the capabilities to store,retrieve and search for data. Different users will have different authorization over the access of data.   The most common thing done on sql databases is sql injection. SQL can be used in login pages for a website, the log in information for websites will sent to the server as a form of query and if the information the database will report back to the application. After this the the user permission will be granted by a cookie or an authentication token stored both in the browser and in the server.   The reason a site uses services for sql is that they need to store data somewhere and PIIs(Personally Identidiable Information) such as passwords, messages etc need to be saved.  Some common techniques of sql attack defenses are 1) input validation(compares input against malicious and non malicious preknown inputs) 2) parametrized queries(makes sure sql diffrentiates between
Read more

CYBERTOOLS:4-Using Decoys and Packet Fragmentation in nmap to bypass firewalls

 Using Decoys and Packet Fragmentation in nmap to Bypass Firewalls How to know if a device has firewall:- nmap tells us the port is filtered if the port hides behind a firewall or ids PACKET FRAGMENTATION  nmap -f is used to fragment packets. TCP header is split into parts so that the firewall has hard time reading content you can specify -f multiple times to split a packet again and again. -f once will give 8 byte packet -f -f will give 16 byte packet the more smaller the packet the harder it is to handle  to split packet into custom amount of bytes use nmap --mtu <value> this will split packet into your choice of bytes  while using --mtu the value must be a multiple of 8 USING DECOYS Using decoys work by making the target think that multiple ips are scanning a single target. This will make it harder to determine which ip are innocent and which ip are the culprit. This can be defeated by router path tracing , response dropping and other mechanisms, but is still an effective tec
Read more

SNORT Installation

Image
 1) Make sure that your kali has the following setting in the following way 2) open kali and type the following command in the terminal to check ip address and copy it or remember it  the command is "ifconfig" 3) type the following command to start snort installation  sudo apt-get install snort 4) type your ip range as required 5) go to snorts directory and create a backup of the snort.conf as we will edit it soon  to create backups use the following commands  "cp snort.conf snort.conf.back" 6) we create another backup for the snort file to edit  using the command "cp snort.conf test_snort.conf" 7) we edit with a file editor i am using nano and put your ip range  using the command  sudo nano test_snort.conf 8) test your snort changes using the following command  the command is "sudo snort -T -i eth0 -c /etc/snort/test_snort.conf" 9) now we define our new rules  10) then we test it again using the command in step 8 11) then we start using our snor
Read more