Nessus on Kali Linux: A Comprehensive Vulnerability Scanner

Nessus on Kali Linux: A Comprehensive Vulnerability Scanner


Nessus is one of the most widely used vulnerability scanners in the cybersecurity community, developed by Tenable Network Security. Originally created by Renaud Deraison as an open-source project in 1998, it was commercialized in 2005 and has since become the go-to tool for network infrastructure vulnerability assessment, with over 75,000 organizations worldwide relying on it .

 
You can Download The Book for Advance skills


What Makes Nessus Powerful


Nessus operates by scanning target systems to identify security weaknesses through a vast library of pre-built checks called plugins. These plugins can detect outdated software, misconfigurations, weak passwords, unauthorized access, and known vulnerabilities across operating systems, applications, and network devices . The tool provides detailed findings with severity ratings (Critical, High, Medium, Low, Info), CVSS scores, and specific remediation recommendations .


Installation on Kali Linux


Since Kali doesn't come with Nessus pre-installed, you must download the appropriate Debian package from Tenable's website and install it using the dpkg command :


```bash

sudo dpkg -i Nessus-10.8.5-ubuntu1604_amd64.deb

```


After installation, start the Nessus service :


```bash

sudo systemctl start nessusd.service

```


Then access the web interface at `https://localhost:8834/` to complete the setup, where you'll register with an activation code (available for free through Nessus Essentials) and create an administrator account .


Real-World Scanning Example


A practical example of using Nessus on Kali involves scanning an intentionally vulnerable Metasploitable 2 target .


Step 1: Create a Scan Policy


In the Nessus web interface, navigate to Policies → New Policy → Advanced Scan. Configure discovery settings to scan all ports (0-65535) on both TCP and UDP .


Add SSH credentials for authenticated scanning (username: msfadmin, password: msfadmin). This allows Nessus to inspect installed packages and configurations internally, producing significantly more detailed findings than an unauthenticated scan .


Step 2: Launch the Scan


Create a new scan targeting your Metasploitable VM's IP address and launch it . A typical credentialed scan of Metasploitable 2 takes approximately 6-10 minutes and can identify around 63 vulnerabilities, including 6 critical and 4 high-severity issues .


Step 3: Analyze Results


The scan report reveals grouped vulnerabilities, such as "Windows / Apache Log4j (Multiple Issues)" related to Log4Shell (CVE-2021-44228), along with critical remote code execution vulnerabilities and medium-severity denial of service vectors .


Command-Line Operations


For automation and headless environments, Nessus provides the nessuscli tool. Key commands include :


```bash

# Update plugins

sudo /opt/nessus/sbin/nessuscli update


# Create a scan

sudo /opt/nessus/sbin/nessuscli scan new --name "Linux Scan" --policy "Basic Network Scan" --targets "192.168.1.10-20"


# Export report

sudo /opt/nessus/sbin/nessuscli report export --id 1 --format pdf --file /tmp/report.pdf

```


Nessus can also integrate directly with Metasploit through its bridge plugin, allowing penetration testers to launch scans directly from msfconsole and feed results into exploitation workflows .

Comments

Popular posts from this blog

Bug Bounty Hunter – The Professional Vulnerability Hunter

Termux tutorial

Vulnerability Assessor – The Proactive Security Specialist