|
|
| (One intermediate revision by the same user not shown) |
| Line 1: |
Line 1: |
| [[Main Page | Home]] > [[Nessus-Vulnerability-Scanner]] > [[How to Scan Websites Using Nessus]] | | [[Main Page | Home]] > [[Nessus-Vulnerability-Scanner]] |
|
| |
|
| = Website Vulnerability Scanning Using Nessus =
| | *[[How to Scan Websites Using Nessus]] |
| | |
| == Purpose ==
| |
| This article provides step-by-step instructions to perform authenticated and unauthenticated vulnerability scans on web applications using Nessus. It also covers enabling all required plugins and applying rate limits to avoid impacting production systems.
| |
| | |
| == Prerequisites ==
| |
| * Nessus Essentials / Professional / Tenable.sc / Tenable.io
| |
| * Valid credentials for the target website (if authenticated scan is required) | |
| * Target website URL or server IP
| |
| * Approved maintenance window (recommended)
| |
| | |
| == Scope ==
| |
| This procedure scans only the approved website or web server. It must not be used to scan systems outside the authorized scope.
| |
| | |
| == Steps ==
| |
| | |
| === Create a New Scan ===
| |
| # Log in to Nessus.
| |
| # Click '''New Scan''' → select **Advanced Scan**.
| |
| # Enter a suitable name and description.
| |
| # Under the **Targets** field, enter:
| |
| * Website FQDN (e.g., `https://portal.example.com`)
| |
| * Server IP if required.
| |
| | |
| === Enable All Relevant Plugins ===
| |
| # Go to the '''Plugins''' tab.
| |
| # Ensure **all plugins** are enabled.
| |
| # Ensure the following plugin families remain enabled:
| |
| * Web servers
| |
| * Web application vulnerabilities
| |
| * SSL/TLS configuration checks
| |
| * CGI abuses
| |
| * Authentication checks
| |
| | |
| === Configure Authentication ===
| |
| Nessus provides multiple credential categories, as visible in the Credentials tab.
| |
| To configure authentication for web applications, use one of the following categories:
| |
| | |
| * '''Cloud Services'''
| |
| * '''API Gateway'''
| |
| * '''Database'''
| |
| * '''Host'''
| |
| * '''Miscellaneous'''
| |
| * '''Plaintext Authentication'''
| |
| | |
| == Steps to Add Web Authentication ==
| |
| # Go to '''Credentials'''.
| |
| # Select the appropriate method:
| |
| * **Host → HTTP/HTTPS Credentials** for direct website login
| |
| * **Miscellaneous → HTTP Headers** for session cookies or tokens
| |
| # Enter the required fields:
| |
| * Username
| |
| * Password
| |
| * Domain (if required)
| |
| * Cookie or header name/value (for token-based or session-based login)
| |
| # Save the configuration.
| |
| | |
| == Notes ==
| |
| * Nessus does not support full form-based login automation like Burp Suite; instead, use session cookies or authenticated headers.
| |
| * For OAuth/Bearer token authentication, insert the token under **Miscellaneous → HTTP Headers**.
| |
| * If scanning APIs, use **API Gateway** credentials if applicable.
| |
| | |
| === Apply Rate Throttling (To Prevent Overloading Servers) ===
| |
| Navigate to '''Settings''' → '''Advanced'''.
| |
| | |
| Recommended throttling:
| |
| * **Max concurrent checks per host:** 1
| |
| * **Max concurrent hosts:** 1
| |
| * **Network receive timeout:** 5 seconds
| |
| * **Max time per host:** 1 hour (adjust as needed)
| |
| | |
| These settings help reduce load on production websites.
| |
| | |
| === Limit the Scan to the Website Only ===
| |
| To avoid scanning unwanted systems:
| |
| # In '''Settings''' → '''Discovery''' → **Host Discovery**:
| |
| * Disable ARP Ping, ICMP Ping, and reverse DNS lookups.
| |
| # In '''Advanced''':
| |
| * Set **"Avoid scanning unreachable hosts"** to Yes.
| |
| # Only use the FQDN/IP listed in the authorized scope.
| |
| | |
| === Start the Scan ===
| |
| # Review all configurations.
| |
| # Click **Launch**.
| |
| # Monitor progress in real-time.
| |
| | |
| === Review Report ===
| |
| After the scan completes:
| |
| # Open the scan report.
| |
| # Filter vulnerabilities by:
| |
| * Critical
| |
| * High
| |
| * Medium
| |
| * Low
| |
| # Export PDF/CSV if required.
| |
| | |
| == Best Practices ==
| |
| * Always use an approved testing window for production systems.
| |
| * Prefer authenticated scans to detect deeper vulnerabilities.
| |
| * Ensure credentials or tokens are valid before starting a scan.
| |
| * Update Nessus plugins before every scan.
| |
| | |
| == References ==
| |
| * Tenable Nessus Documentation: https://docs.tenable.com/nessus
| |
