Nessus on Kali Linux: A Comprehensive Vulnerability Scanner
Nessus on Kali Linux: A Comprehensive Vulnerability Scanner
Nessus is one of the most widely used vulnerability scanners in the cybersecurity community, developed by Tenable Network Security. Originally created by Renaud Deraison as an open-source project in 1998, it was commercialized in 2005 and has since become the go-to tool for network infrastructure vulnerability assessment, with over 75,000 organizations worldwide relying on it .
What Makes Nessus Powerful
Nessus operates by scanning target systems to identify security weaknesses through a vast library of pre-built checks called plugins. These plugins can detect outdated software, misconfigurations, weak passwords, unauthorized access, and known vulnerabilities across operating systems, applications, and network devices . The tool provides detailed findings with severity ratings (Critical, High, Medium, Low, Info), CVSS scores, and specific remediation recommendations .
Installation on Kali Linux
Since Kali doesn't come with Nessus pre-installed, you must download the appropriate Debian package from Tenable's website and install it using the dpkg command :
```bash
sudo dpkg -i Nessus-10.8.5-ubuntu1604_amd64.deb
```
After installation, start the Nessus service :
```bash
sudo systemctl start nessusd.service
```
Then access the web interface at `https://localhost:8834/` to complete the setup, where you'll register with an activation code (available for free through Nessus Essentials) and create an administrator account .
Real-World Scanning Example
A practical example of using Nessus on Kali involves scanning an intentionally vulnerable Metasploitable 2 target .
Step 1: Create a Scan Policy
In the Nessus web interface, navigate to Policies → New Policy → Advanced Scan. Configure discovery settings to scan all ports (0-65535) on both TCP and UDP .
Add SSH credentials for authenticated scanning (username: msfadmin, password: msfadmin). This allows Nessus to inspect installed packages and configurations internally, producing significantly more detailed findings than an unauthenticated scan .
Step 2: Launch the Scan
Create a new scan targeting your Metasploitable VM's IP address and launch it . A typical credentialed scan of Metasploitable 2 takes approximately 6-10 minutes and can identify around 63 vulnerabilities, including 6 critical and 4 high-severity issues .
Step 3: Analyze Results
The scan report reveals grouped vulnerabilities, such as "Windows / Apache Log4j (Multiple Issues)" related to Log4Shell (CVE-2021-44228), along with critical remote code execution vulnerabilities and medium-severity denial of service vectors .
Command-Line Operations
For automation and headless environments, Nessus provides the nessuscli tool. Key commands include :
```bash
# Update plugins
sudo /opt/nessus/sbin/nessuscli update
# Create a scan
sudo /opt/nessus/sbin/nessuscli scan new --name "Linux Scan" --policy "Basic Network Scan" --targets "192.168.1.10-20"
# Export report
sudo /opt/nessus/sbin/nessuscli report export --id 1 --format pdf --file /tmp/report.pdf
```
Nessus can also integrate directly with Metasploit through its bridge plugin, allowing penetration testers to launch scans directly from msfconsole and feed results into exploitation workflows .

Comments
Post a Comment