Vulnerability Assessment & Scanning Nessus Tutorial
This is the second part of IT auditing and fundamentals, the first part of this article has been discussed on the previous issue.
What is nessus? What nessus can do ? And other similar question has been discussed above but from this point I will demonstrate you the best feature of nessus with some examples. Keep in mind that nessus are available into two feeds one is a home feed while other is for professional (you need to purchase it), figure 6 show you to simple interface of nessus.
Whether you are using home feed or professional feed there is a four policies exist by default and they are:
- Eternal network scan
- Internal network scan
- Prepare for PCI DSS audit
- Web app test
This is not enough and nessus are not bound you within these policies nessus provide a feature to create your own policy according to your requirement of the test. In the figure below demonstrate that I have edited the default policies and even I have created a new policy according to my requirement.
Now we can easily edit the policies and while editing the policies you can check the best scan type, port scanner and performance.
- TCP scan: If you want nessus to scan TCP open ports than check on this option.
- UDP scan: Same for UDP port scan just mark check.
- Ping host: Ping is just to test the host is alive or not
- SNMP scan: It will direct nessus to scan target of SNMP service
- Netstat SSH scan: It will tell nessus to scan a open port by using Netstat command
- You can set of the port range to scan.
- The other setting is very simple but it is a best practice to remains these default, even you can change the performance like if you are going to conduct a test on a enterprise network that has above 100 host than change the maximum host per scan setting.
The next window is about the credentials.
You can set the credential type like:
- Windows credentials
- SSH settings
- Clear text protocol settings
The third window is to set plug ins, nessus contain a wide range of plug ins like :
- CGI scanning
- Web server scanning
- RED HAT
Plug ins are the wonderful feature that will let an auditor to choose the best plug in according to the requirement of the test.
The last windows is about preferences, now in this point you can choose plugin setting like if you want to conduct an audit on Oracle database than choose oracle setting with oracle SID and so on.
Network Vulnerability Scanning Example Test
Now let suppose an auditor have to test the internal network, for this purpose nessus internal network scan policy is the best choice for a test behind a firewall, if you have a default plug in setting than it is a best. Keep in mind that in the internal test enable all the plug ins.
On the scan menu add a new scan.
Here I am using internal scan policy while in the scan range I have choose all the host from this subnet of class C IP. Launch a scan and it takes some time depending on the number of host.
Here is the report
It shows that there is a four host alive and they contain a lot of vulnerabilities even some vulnerabilities are at high risk but keep in mind that all the exploits against a vulnerability is not available on public, so how to check the available exploit against a vulnerability? It is very simple from the left side below click on show filter than mark a check on exploit exist.
Now the exploits of these vulnerabilities are available in public and we can see the detail of this exploits like CVE information, vulnerability publication date and more information.
Lets call a result of Zenmap you can integrate nmap (zenmap) result into nessus for the maximum performance that is why I have discussed zenmap before. On the scan windows of nessus simply browse the target file and import nmap result into nessus.
Its all done and I hope you have enjoyed it.
Vulnerability Assessment & Scanning Nessus Tutorial Reviewed by Ethical Hacking on 8:14 AM Rating: