|
|
| Line 1: |
Line 1: |
| [[Main Page | Home]] > [[Nessus-Vulnerability-Scanner]] > [[How to Scan Websites Using Nessus]] | | [[Main Page | Home]] > [[Nessus-Vulnerability-Scanner]] |
|
| |
|
| = Website Vulnerability Scanning Using Nessus =
| | *[[How to Scan Websites Using Nessus]] |
| | |
| == Purpose ==
| |
| This article provides step-by-step instructions to perform authenticated and unauthenticated vulnerability scans on web applications using Nessus. It also covers enabling required plugins and applying rate limits to avoid impacting production systems.
| |
| | |
| == Prerequisites ==
| |
| <ul>
| |
| <li>Nessus Essentials / Professional / Tenable.sc / Tenable.io</li>
| |
| <li>Valid credentials for the target website (if authenticated scan is required)</li>
| |
| <li>Target website URL or server IP</li>
| |
| <li>Approved maintenance window (recommended)</li>
| |
| </ul>
| |
| | |
| == Scope ==
| |
| This procedure scans only the approved website or web server. It must not be used to scan systems outside the authorized scope.
| |
| | |
| == Steps ==
| |
| | |
| <ol>
| |
| | |
| <li><b>Create a New Scan</b>
| |
| <ol>
| |
| <li>Log in to Nessus.</li>
| |
| <li>Click <b>New Scan</b> → select <b>Advanced Scan</b>.</li>
| |
| <li>Enter a suitable name and description.</li>
| |
| <li>Under the <b>Targets</b> field, enter:
| |
| <ul>
| |
| <li>Website FQDN (e.g., https://portal.example.com)</li>
| |
| <li>Server IP (if required)</li>
| |
| </ul>
| |
| </li>
| |
| </ol>
| |
| </li>
| |
| | |
| <li><b>Enable All Relevant Plugins</b>
| |
| <ol>
| |
| <li>Go to the <b>Plugins</b> tab.</li>
| |
| <li>Ensure <b>all plugins</b> are enabled.</li>
| |
| <li>Verify the following plugin families remain enabled:
| |
| <ul>
| |
| <li>Web Servers</li>
| |
| <li>Web Application Vulnerabilities</li>
| |
| <li>SSL/TLS Configuration Checks</li>
| |
| <li>CGI Abuses</li>
| |
| <li>Authentication Checks</li>
| |
| </ul>
| |
| </li>
| |
| </ol>
| |
| </li>
| |
| | |
| <li><b>Configure Authentication</b>
| |
| <p>Nessus provides several credential categories. Use the appropriate one depending on the authentication method required by the application:</p>
| |
| | |
| <ul>
| |
| <li><b>Cloud Services</b></li>
| |
| <li><b>API Gateway</b></li>
| |
| <li><b>Database</b></li>
| |
| <li><b>Host</b></li>
| |
| <li><b>Miscellaneous</b></li>
| |
| <li><b>Plaintext Authentication</b></li>
| |
| </ul>
| |
| | |
| <p><b>Steps to Add Web Authentication:</b></p>
| |
| | |
| <ol>
| |
| <li>Go to <b>Credentials</b>.</li>
| |
| <li>Select appropriate method:
| |
| <ul>
| |
| <li><b>Host → HTTP/HTTPS Credentials</b> for basic site authentication</li>
| |
| <li><b>Miscellaneous → HTTP Headers</b> for session cookies or tokens</li>
| |
| </ul>
| |
| </li>
| |
| <li>Enter required fields:
| |
| <ul>
| |
| <li>Username</li>
| |
| <li>Password</li>
| |
| <li>Domain (if applicable)</li>
| |
| <li>Cookie or header name/value (for token-based / session-based login)</li>
| |
| </ul>
| |
| </li>
| |
| <li>Save the authentication configuration.</li>
| |
| </ol>
| |
| | |
| <p><b>Notes:</b></p>
| |
| | |
| <ul>
| |
| <li>Nessus does not support full form-based login automation like Burp Suite.</li>
| |
| <li>Use session cookies or tokens for authenticated scans.</li>
| |
| <li>For OAuth/Bearer tokens, insert the token under <b>Miscellaneous → HTTP Headers</b>.</li>
| |
| <li>Use <b>API Gateway</b> credentials when scanning API endpoints with authentication.</li>
| |
| </ul>
| |
| | |
| </li>
| |
| | |
| <li><b>Apply Rate Throttling (To Prevent Overloading Servers)</b>
| |
| <p>Navigate to <b>Settings → Advanced</b> and configure the following recommended limits:</p>
| |
| | |
| <ul>
| |
| <li><b>Max concurrent checks per host:</b> 1</li>
| |
| <li><b>Max concurrent hosts:</b> 1</li>
| |
| <li><b>Network receive timeout:</b> 5 seconds</li>
| |
| <li><b>Max time per host:</b> 1 hour (adjust based on environment)</li>
| |
| </ul>
| |
| | |
| <p>These settings help ensure low-impact scanning on production websites.</p>
| |
| </li>
| |
| | |
| <li><b>Limit the Scan to the Website Only</b>
| |
| <ol>
| |
| <li>Go to <b>Settings → Discovery → Host Discovery</b> and disable:
| |
| <ul>
| |
| <li>ARP Ping</li>
| |
| <li>ICMP Ping</li>
| |
| <li>Reverse DNS Lookups</li>
| |
| </ul>
| |
| </li>
| |
| <li>Go to <b>Advanced</b> → Enable <b>"Avoid scanning unreachable hosts"</b>.</li>
| |
| <li>Ensure only the intended FQDN/IP is included in the <b>Targets</b> list.</li>
| |
| </ol>
| |
| </li>
| |
| | |
| <li><b>Start the Scan</b>
| |
| <ol>
| |
| <li>Review all settings.</li>
| |
| <li>Click <b>Launch</b>.</li>
| |
| <li>Monitor scan progress in real time.</li>
| |
| </ol>
| |
| </li>
| |
| | |
| <li><b>Review and Export Report</b>
| |
| <ol>
| |
| <li>Open the scan report.</li>
| |
| <li>Filter vulnerabilities by:
| |
| <ul>
| |
| <li>Critical</li>
| |
| <li>High</li>
| |
| <li>Medium</li>
| |
| <li>Low</li>
| |
| </ul>
| |
| </li>
| |
| <li>Export results as:
| |
| <ul>
| |
| <li>PDF</li>
| |
| <li>CSV</li>
| |
| </ul>
| |
| </li>
| |
| </ol>
| |
| </li>
| |
| | |
| </ol>
| |
| | |
| == Best Practices ==
| |
| <ul>
| |
| <li>Always use an approved testing window when scanning production systems.</li>
| |
| <li>Prefer authenticated scans for deeper insight into vulnerabilities.</li>
| |
| <li>Ensure authentication tokens/cookies are valid before starting a scan.</li>
| |
| <li>Always update Nessus plugins before scanning.</li>
| |
| </ul>
| |
| | |
| == References ==
| |
| <ul>
| |
| <li>Tenable Nessus Documentation: https://docs.tenable.com/nessus</li>
| |
| </ul>
| |
