Nessus professional logo
Nessus Professional is a widely-used vulnerability scanner developed by Tenable, Inc., designed to help security professionals identify and address potential vulnerabilities within their network infrastructure. As a premier tool in the realm of cybersecurity, Nessus Professional offers comprehensive scanning capabilities, detecting vulnerabilities, misconfigurations, and compliance issues across various systems and applications.
Download Nessus
Navigation
  • Installation and Setup
  • Basic Commands
  • Scanning
  • General Tips

Installation and Setup

Download and Install Nessus

Windows
Download the installer from the Tenable website and run it.
Linux
sudo dpkg -i Nessus-<version>-deb-x64.deb   #Debian-based
sudo rpm -ivh Nessus-<version>.rpm          #Red Hat-based

Start Nessus Service

Windows
net start "Tenable Nessus"
Linux
sudo systemctl start nessusd.service

Access Nessus Web Interface

Activate Nessus

  • Enter the activation code provided by Tenable.

Create a Nessus User

  • Set up an admin user for Nessus web interface access.

Basic Commands

Start Nessus Daemon
sudo systemctl start nessusd.service
Stop Nessus Daemon
sudo systemctl stop nessusd.service
Check Nessus Daemon Status
sudo systemctl status nessusd.service
Update Nessus Plugins
sudo /opt/nessus/sbin/nessuscli update --plugins-only

Scanning

Creating a Scan

  • Navigate to Scans: Scans > New Scan
  • Choose Scan Template: Select from options like Basic Network Scan, Advanced Scan, etc.
  • Configure Scan Settings:
    1. Name: Name of the scan.
    2. Targets: IP addresses or ranges to be scanned.
    3. Schedule: Set the schedule if recurring scans are needed.
  • Advanced Settings: Configure port scanning, scan performance, etc.

Scan Types and Templates

  • Basic Network Scan: General vulnerability scan for a network.
  • Advanced Scan: Highly configurable scan for more control.
  • Web Application Tests: Scans for vulnerabilities in web applications.
  • Credentialed Patch Audit: Scans with credentials to check for missing patches.
  • Compliance Audits: Checks for compliance with standards like PCI-DSS, CIS, etc.

Running a Scan

  • Manual Start: Click the play button to start the scan immediately.
  • Scheduled Start: Configure the schedule to run at specified times.

Scan Policies

  • Creating a Custom Scan Policy:
    1. Navigate to Policies: Policies > New Policy
    2. Configure Settings: Name, description, targets, scan types.
    3. Plugin Selection: Choose specific plugins or families of plugins.
    4. Advanced Configuration: Ports, performance settings, etc.

Credentialed Scans

  • Windows Credentials:
    1. Protocols: SMB, WMI, WinRM.
    2. Settings: Username, password, domain, elevated privileges (if needed).
  • Linux Credentials:
    1. Protocols: SSH.
    2. Settings: Username, password/private key.

Advanced Settings

  • Port Scanning:
    1. Default Ports: Standard ports used in the scan.
    2. Custom Ports: Specify custom ports.
  • Scan Performance:
    1. Max Simultaneous Hosts: Control parallel scans.
    2. Max Simultaneous Scans per Host: Control parallel checks on a single host.
  • Network Timeouts:
    1. Max Scan Time: Set the maximum duration of the scan.
    2. Host Discovery Timeout: Set time for discovering hosts.

Reporting

  • Generating Reports:
    1. Navigate to Completed Scans: Click on a completed scan.
    2. Export Options: HTML, PDF, CSV, Nessus (for importing back into Nessus).
  • Customizing Reports:
    1. Filters: Apply filters to include/exclude specific vulnerabilities or hosts.
    2. Format: Choose different formats for the report (Executive Summary, Detailed, etc.).

Plugin Management

  • Updating Plugins:
    1. Automatic Update: Configure Nessus to automatically update plugins.
    2. Manual Update: Download plugins from Tenable and update manually.
  • Enable/Disable Plugins:
    1. Plugin Rules: Customize rules to enable or disable specific plugins or families.

General Tips

Forgot Password

cd "C:\Program Files\Tenable\Nessus\"
.\nessuscli.exe luser
.\nessuscli.exe chpasswd <user from above command>

Fix Installation Expired Error Message

cd 'C:\Program Files\Tenable\Nessus'
net stop "Tenable Nessus"
.\nessuscli.exe fetch --register XXXX-XXXX-XXXX-XXXX

Update via CLI

cd 'C:\Program Files\Tenable\Nessus'
.\nessuscli.exe update --all