Nessus Vulnerability Scanner is the most widely used tool during the VA (Vulnerability Assessment) phase of Ethical Hacking. Nessus supports more technologies than any other vendor, including operating systems, network devices, hypervisors, databases, tablets/phones, web servers and critical infrastructure.
Key features include:
- High-Speed Asset Discovery
- Vulnerability Assessment
- Malware/Botnet Detection
- Configuration & Compliance Auditing
- Scanning & Auditing of Virtualized & Cloud Platforms
Nessus is a product from Tenable Network Security which offers different editions of Nessus for different types of users.
The Nessus Home Edition is free of cost which is meant to be used for testing purpose in a lab environment and that’s the one we are going to install on Kali Linux. Follow these simple steps.
Step #1 : Obtain the Activation Code for Nessus Scanner
Nessus scanner requires an activation code both during its installation and to update its plugins in future. Go to Nessus activation code registration page and register by entering your name and e-mail address.
Check your inbox and save the Activation Code which we require later.
Step #2 : Download the Nessus Home Edition
Go to the Nessus Home Edition’s download page , select the OS as Linux and download the appropriate (32-bit or 64-bit) Nessus.deb package. You’ll be asked to agree the Subscription Agreement before the download can start. The agreement says that you’re liable to the consequences of the security ramifications of the tool and you’re being agreed to use the tool for non-commercial purpose.
Step #2 : Install the Nessus on Kali Linux
Once you have the Nessus.deb package on Kali Linux, install it like so:
dpkg -i Nessus_pkg.deb
Note down two things from the installation syslog messages on the screen.
1. Nessus service name : nessusd
2. URL of Nessus :
Step #3 : Start the Nessus service
Nessus daemon is started just like any other Linux service.
service nessusd start
You can verify the status of Nessus service like so:
service nessusd status
To make the Nessus service to start during system booting, run
update-rc.d nessusd defaults
Don’t worry about the warning messages.
Step #4: Access the Nessus Scanner
Open the web browser and enter the URL https://localhost:8834. Try to remember the Nessus scanner’s port number — 8834.
An untrusted secure connection warning message will pop up. After confirming the security exception, you’ll get the Welcome page of Nessus. Click on Continue.
In the next page, you’ll be asked to setup a System Administrator account so you can login to the scanner and perform various tasks. Enter a username and password (remember the password!). Click on Continue.
Next you’ll be asked to enter the Activation Code that you obtained in step #1 to register the product. Enter the activation code and click on Continue.
That’s it. Now Nessus will start to fetch plugins from the Nessus cloud and update its local database. Depending on your Internet speed, it’ll take a while to complete. Meanwhile, you can go to your kitchen and start preparing Coffee from Nescafe coffee beans.
After Nessus finished downloading the latest security plugins for scanning, you can login using the Username and Password you set earlier.
You will be welcomed by the Nessus Dashboard wherein you can start initiating a scan.