<Introduction>
In this blog post, I’ll explore the world of vulnerability scanning using Nessus Essentials, a powerful tool and the free version of Tenable’s Nessus Professional. Nessus Essentials enables you to scan your network for vulnerabilities, providing an excellent opportunity to gain hands-on experience with various aspects of vulnerability assessment and network security.
If you find this content informative and you are interested in cybersecurity, please regularly check back on www.Cyb3r-S3c.com. For more free content, please like and subscribe to the Cyb3r-0verwatch YouTube channel.
<WHAT’S COVERED>
I’ll start with a brief overview of Nessus and then guide you through a step-by-step walkthrough on how to install Nessus Essentials on Kali Linux.
<Nessus Overview>
Nessus was originally developed in 1998 as an open-source project by Renaud Deraison, at the young age of 17 years old. In 2005, Deraison co-founded Tenable Network Security and transitioned Nessus to a commercial product, adopting a proprietary licensing model. While the paid versions offer advanced features, the core functionality of Nessus remains accessible through the free Nessus Essentials edition.
<What is ‘Nessus Essentials’?>
Before diving in, let’s take a moment to understand what Nessus Essentials is. It’s a powerful vulnerability scanner designed to identify weaknesses in systems and network devices. Think of Nessus as a digital guardian, scanning your network for potential vulnerabilities. These weaknesses are like open windows for hackers. By identifying and addressing these issues, you effectively close those windows, helping to safeguard your data and systems against cyberattacks. One caveat is that vulnerability scanners like Nessus, are primarily signature-based, meaning they may not detect every vulnerability. While it’s a critical tool, no scanner can guarantee 100% coverage.
<Limitations>
While Nessus Essentials is a great tool that is free to use, it does come with certain limitations compared to the paid versions of Nessus:
Limited Scanning Scope: Nessus Essentials can scan up to 16 unique IP addresses. While sufficient for small home networks, this restriction makes it unsuitable for larger networks or business environments.
Fewer Plugins: Plugins are the core of Nessus’s vulnerability detection capabilities. Nessus Essentials provides a limited subset of these plugins, meaning it may miss vulnerabilities that the paid versions could detect.
No Compliance Checks: Unlike the paid versions, Nessus Essentials does not include pre-configured scans for compliance frameworks such as CIS Benchmarks, PCI-DSS, or HIPAA, which are essential for regulatory audits.
Basic Reporting: Reporting features in Nessus Essentials are limited, lacking advanced customization, scheduling, and detailed insights available in the paid versions.
No Technical Support: Users of Nessus Essentials do not have access to Tenable’s technical support team, making troubleshooting more challenging if issues arise.
Despite these limitations, Nessus Essentials is an excellent starting point for learning vulnerability scanning and securing smaller networks.
<Account Registration and Download>
Alright, let’s get started! The first step is to search for 'Tenable Nessus Essentials' on Google to locate the download page for the installation package. Among the search results, you’ll find a few links related to Nessus Essentials. Click on the following link: https://www.tenable.com/products/nessus/nessus-essentials to proceed.
I arrive at the 'Tenable Nessus Essentials' trial webpage, which features a brief introduction to the tool and a registration form to get started.
To download Nessus, I need to fill out the registration form with some basic information. This step provides me with an activation code, which is essential for keeping Nessus up-to-date with the latest updates, templates, and vulnerability signatures.
After submitting my information, I’m directed to a confirmation page that instructs me to check my email for the activation code. The page also includes a download button to obtain the Nessus Essentials installation package.
<Choosing Your Platform>
Clicking the 'Download' button redirects me to the Tenable Nessus download page. Here, the first step is to select the version and platform for installing Nessus. Since Kali Linux is Debian-based, I choose the 'Linux-Debian-amd64' architecture. With the appropriate option selected, I click 'Download' to save the installation package to my Kali system.
On the page, it also provides other methods to download like Curl, Docker, and a VM.
After clicking 'Download' I just need to click 'I Agree' on the License Agreement prompt.
And the install package will start downloading.
As noted earlier, Tenable will also send an email that contains the activation code and download link.
<Installing Nessus Essentials>
apt update && apt full-upgrade -yBefore installing Nessus Essentials, I’ll run the following command in the CLI to update Kali to the latest version. This ensures that all dependencies are up to date, helping to avoid potential issues during the installation.
cd ~/DownloadsWith the Nessus install package downloaded and Kali updated, I can now start the install process. I will need to navigate to the Nessus installer that was downloaded earlier. In this case, I’ll just use the 'cd' command to navigate to the '/Downloads' folder, as shown in the CLI.
sudo dpkg -i Nessus-*.deb // Replace * with the actual version numberI can now run 'dpkg', the Debian Package Manager to install Nessus, now that I am in the '/Downloads' folder. I’ll run the following command shown in the CLI to start the install process.
The installation process has begun and it might take a few minutes to complete.
<Fixing Dependencies>
sudo apt-get -f installAs noted earlier, it's always a good idea to update your OS before installing Nessus to minimize potential installation issues. Sometimes issues still occur, if problems arise and some dependencies are missing. If this happens, don’t worry! We can easily resolve it. Just run the following command in the CLI, and it will automatically install any required dependencies needed for Nessus to function properly.
<Starting Nessus>
Awesome! Nessus Essentials appears to have been installed successfully. At the bottom of the installation output it will provide the commands needed to start the 'nessusd' service. It will also provide the URL to access the Nessus webui.
sudo systemctl start nessusdTo start the service, I’ll run the following command shown in the CLI.
To verify that the 'nessusd' service started I ran the following command shown in the CLI to show the status. As can be seen in the CLI the status shows 'active (running)'.
<Accessing Nessus Web Interface>
Nice, now that the service is running I can open up the web browser and navigate to the localhost on port 8834. This will launch the Nessus Essentials web interface.
<Setting Up Nessus>
When first browsing to the Nessus webui, I get prompted to perform initial configuration and to continue with the Nessus installation.
Clicking on 'Settings' allows me to configure a proxy.
Set up a host to receive the plugin feed.
And the last option is to create an encryption password that later gets applied to the user account.
For the initial setup, I will just click “continue”.
On the next screen, I’ll select “Register for Nessus Essentials”, then click 'Continue'.
On this screen, I'll just click ‘skip’.
On the register nessus page, I’ll enter in the activation code I received in a Tenable email.
On the License Information page, I’ll click 'Continue' to move on to the next screen.
Now I am at the account creation portion of the setup. This will be the first initial account and basically the admin account for Nessus. I will usually use a password vault to generate my password and for password management.
At this point, Nessus will start the process of downloading and updating the plugins.
<Navigating the Nessus Dashboard>
Alright with setup complete, I'm brought to the 'Nessus Dashboard' > 'My Scans' folder, where I can now start running scans. Nessus provides several options to tailor your vulnerability scanning to your needs.
If I want to create a scan, I can click on ‘New Scan’ located on the far right in the main dashboard. I will look at that more later.
By clicking on ‘New Folder’ I can create custom folders, allowing me to organize my scans. This would be useful if I wanted to separate my scans by datacenter, platform, business units, etc…
Under ‘Resources’ on the left hand side of the dashboard, clicking on ‘Policies’ allows me to create custom policies.
I can also create plugin rules that allows me to modify plugins and apply them to specific hosts and/or for specific time frames.
Finally under ‘Resources’, Nessus contains a static code analyzer called Terrascan. Which is helpful if I want to integrate it with my continuous integration/continuous deployment pipeline, as an example.
Circling back to the Nessus dashboard. When I click the ‘New Scan’ button, I’m presented with a variety of pre-built scan templates, such as 'Host Discovery', 'Basic Network Scan', 'Log4Shell', and more. Think of these templates as recipes designed to detect vulnerabilities. For beginners, I recommend starting with the 'Basic Network Scan' template, as it scans your local network for common vulnerabilities. In blog posts, I’ll walk through configuring and running vulnerability scans with Nessus.
When I click on ‘Settings’, I’m directed to the ‘About’ panel where I can view important details about the Nessus installation, including the version, license usage, last update date, and log events. The ‘Settings’ tab offers a wide range of customization options for your Nessus scanner, with various panels neatly organized on the left side for easy navigation.
Going to ‘Advanced Settings’ allows me to more granularly configure my scanners UI, scanning functions, logging, performance, security, and miscellaneous options like packet capture and automatic update settings.
The ‘Password Mgmt’ panel allows you to customize your Nessus password policy.
The ‘Scanner Health’ panel monitors the health of the Nessus scanner, giving you insight into how system resources are being utilized during scans. This is particularly helpful for troubleshooting performance issues and optimizing scan efficiency.
Finally the ‘My Account’ panel allows you to change the account name and password, as well as generate API keys to allow for integration with other platforms and solutions.
</Conclusion>
In this video, I explored Nessus Essentials, a powerful vulnerability scanner. I briefly discussed how Nessus came to be. I covered the purpose of Nessus Essentials, as a vulnerability scanner, along with its limitations. I dove into a practical demonstration, successfully installing Nessus Essentials on Kali Linux. Finally, I went over the variety of configuration options that allow Nessus to be tailored to your needs. This is just the tip of the iceberg! Nessus offers a vast array of features for advanced users, especially if you use the Professional or Enterprise versions. Stay tuned for future demonstrations where I'll delve deeper into Nessus Essentials' capabilities and help you unleash its full potential.
Thank you for reading this blog post of "Nessus Essentials: Installation Made Simple". If you find this content informative and you are interested in cybersecurity, please regularly check back on cyb3r-s3c.com for updates. Also for more free content, please like and subscribe to the Cyb3r-0verwatch YouTube channel. Until next time keep learning, the only way to improve is to keep learning.
/Signing Off,
Pragmat1c_0n3
Comments