Difference between revisions of "Nessus-Vulnerability-Scanner"

From Notes_Wiki
(Created page with " Home > Nessus-Vulnerability-Scanner > How to Scan Websites Using Nessus = Website Vulnerability Scanning Using Nessus = == Purpose == This article provides step-by-step instructions to perform authenticated and unauthenticated vulnerability scans on web applications using Nessus. It also covers enabling all required plugins and applying rate limits to avoid impacting production systems. == Prerequisites == * Nessus Essentials / Professional / T...")
 
Line 4: Line 4:


== Purpose ==
== Purpose ==
This article provides step-by-step instructions to perform authenticated and unauthenticated vulnerability scans on web applications using Nessus. It also covers enabling all required plugins and applying rate limits to avoid impacting production systems.
This article provides step-by-step instructions to perform authenticated and unauthenticated vulnerability scans on web applications using Nessus. It also covers enabling required plugins and applying rate limits to avoid impacting production systems.


== Prerequisites ==
== Prerequisites ==
* Nessus Essentials / Professional / Tenable.sc / Tenable.io
<ul>
* Valid credentials for the target website (if authenticated scan is required)
  <li>Nessus Essentials / Professional / Tenable.sc / Tenable.io</li>
* Target website URL or server IP
  <li>Valid credentials for the target website (if authenticated scan is required)</li>
* Approved maintenance window (recommended)
  <li>Target website URL or server IP</li>
  <li>Approved maintenance window (recommended)</li>
</ul>


== Scope ==
== Scope ==
Line 17: Line 19:
== Steps ==
== Steps ==


=== Create a New Scan ===
<ol>
# Log in to Nessus.
# Click '''New Scan''' → select **Advanced Scan**.
# Enter a suitable name and description.
# Under the **Targets** field, enter:
  * Website FQDN (e.g., `https://portal.example.com`)
  * Server IP if required.


=== Enable All Relevant Plugins ===
  <li><b>Create a New Scan</b>
# Go to the '''Plugins''' tab.
      <ol>
# Ensure **all plugins** are enabled.
          <li>Log in to Nessus.</li>
# Ensure the following plugin families remain enabled:
          <li>Click <b>New Scan</b> → select <b>Advanced Scan</b>.</li>
  * Web servers
          <li>Enter a suitable name and description.</li>
  * Web application vulnerabilities
          <li>Under the <b>Targets</b> field, enter:
  * SSL/TLS configuration checks
              <ul>
  * CGI abuses
                <li>Website FQDN (e.g., https://portal.example.com)</li>
  * Authentication checks
                <li>Server IP (if required)</li>
              </ul>
          </li>
      </ol>
  </li>


=== Configure Authentication ===
  <li><b>Enable All Relevant Plugins</b>
Nessus provides multiple credential categories, as visible in the Credentials tab.
      <ol>
To configure authentication for web applications, use one of the following categories:
          <li>Go to the <b>Plugins</b> tab.</li>
          <li>Ensure <b>all plugins</b> are enabled.</li>
          <li>Verify the following plugin families remain enabled:
              <ul>
                <li>Web Servers</li>
                <li>Web Application Vulnerabilities</li>
                <li>SSL/TLS Configuration Checks</li>
                <li>CGI Abuses</li>
                <li>Authentication Checks</li>
              </ul>
          </li>
      </ol>
  </li>


* '''Cloud Services'''
  <li><b>Configure Authentication</b>
* '''API Gateway'''
      <p>Nessus provides several credential categories. Use the appropriate one depending on the authentication method required by the application:</p>
* '''Database'''
* '''Host'''
* '''Miscellaneous'''
* '''Plaintext Authentication'''


== Steps to Add Web Authentication ==
      <ul>
# Go to '''Credentials'''.
        <li><b>Cloud Services</b></li>
# Select the appropriate method:
        <li><b>API Gateway</b></li>
  * **Host → HTTP/HTTPS Credentials** for direct website login
        <li><b>Database</b></li>
  * **Miscellaneous → HTTP Headers** for session cookies or tokens
        <li><b>Host</b></li>
# Enter the required fields:
        <li><b>Miscellaneous</b></li>
  * Username
        <li><b>Plaintext Authentication</b></li>
  * Password
      </ul>
  * Domain (if required)
  * Cookie or header name/value (for token-based or session-based login)
# Save the configuration.


== Notes ==
      <p><b>Steps to Add Web Authentication:</b></p>
* Nessus does not support full form-based login automation like Burp Suite; instead, use session cookies or authenticated headers.
* For OAuth/Bearer token authentication, insert the token under **Miscellaneous → HTTP Headers**.
* If scanning APIs, use **API Gateway** credentials if applicable.


=== Apply Rate Throttling (To Prevent Overloading Servers) ===
      <ol>
Navigate to '''Settings''' → '''Advanced'''.
          <li>Go to <b>Credentials</b>.</li>
          <li>Select appropriate method:
              <ul>
                <li><b>Host → HTTP/HTTPS Credentials</b> for basic site authentication</li>
                <li><b>Miscellaneous → HTTP Headers</b> for session cookies or tokens</li>
              </ul>
          </li>
          <li>Enter required fields:
              <ul>
                <li>Username</li>
                <li>Password</li>
                <li>Domain (if applicable)</li>
                <li>Cookie or header name/value (for token-based / session-based login)</li>
              </ul>
          </li>
          <li>Save the authentication configuration.</li>
      </ol>


Recommended throttling:
      <p><b>Notes:</b></p>
* **Max concurrent checks per host:** 1
* **Max concurrent hosts:** 1
* **Network receive timeout:** 5 seconds
* **Max time per host:** 1 hour (adjust as needed)


These settings help reduce load on production websites.
      <ul>
        <li>Nessus does not support full form-based login automation like Burp Suite.</li>
        <li>Use session cookies or tokens for authenticated scans.</li>
        <li>For OAuth/Bearer tokens, insert the token under <b>Miscellaneous → HTTP Headers</b>.</li>
        <li>Use <b>API Gateway</b> credentials when scanning API endpoints with authentication.</li>
      </ul>


=== Limit the Scan to the Website Only ===
  </li>
To avoid scanning unwanted systems:
# In '''Settings''' → '''Discovery''' → **Host Discovery**:
  * Disable ARP Ping, ICMP Ping, and reverse DNS lookups.
# In '''Advanced''':
  * Set **"Avoid scanning unreachable hosts"** to Yes.
# Only use the FQDN/IP listed in the authorized scope.


=== Start the Scan ===
  <li><b>Apply Rate Throttling (To Prevent Overloading Servers)</b>
# Review all configurations.
      <p>Navigate to <b>Settings → Advanced</b> and configure the following recommended limits:</p>
# Click **Launch**.
# Monitor progress in real-time.


=== Review Report ===
      <ul>
After the scan completes:
        <li><b>Max concurrent checks per host:</b> 1</li>
# Open the scan report.
        <li><b>Max concurrent hosts:</b> 1</li>
# Filter vulnerabilities by:
        <li><b>Network receive timeout:</b> 5 seconds</li>
  * Critical
        <li><b>Max time per host:</b> 1 hour (adjust based on environment)</li>
  * High
      </ul>
  * Medium
 
  * Low
      <p>These settings help ensure low-impact scanning on production websites.</p>
# Export PDF/CSV if required.
  </li>
 
  <li><b>Limit the Scan to the Website Only</b>
      <ol>
          <li>Go to <b>Settings → Discovery → Host Discovery</b> and disable:
              <ul>
                <li>ARP Ping</li>
                <li>ICMP Ping</li>
                <li>Reverse DNS Lookups</li>
              </ul>
          </li>
          <li>Go to <b>Advanced</b> → Enable <b>"Avoid scanning unreachable hosts"</b>.</li>
          <li>Ensure only the intended FQDN/IP is included in the <b>Targets</b> list.</li>
      </ol>
  </li>
 
  <li><b>Start the Scan</b>
      <ol>
          <li>Review all settings.</li>
          <li>Click <b>Launch</b>.</li>
          <li>Monitor scan progress in real time.</li>
      </ol>
  </li>
 
  <li><b>Review and Export Report</b>
      <ol>
          <li>Open the scan report.</li>
          <li>Filter vulnerabilities by:
              <ul>
                <li>Critical</li>
                <li>High</li>
                <li>Medium</li>
                <li>Low</li>
              </ul>
          </li>
          <li>Export results as:
              <ul>
                <li>PDF</li>
                <li>CSV</li>
              </ul>
          </li>
      </ol>
  </li>
 
</ol>


== Best Practices ==
== Best Practices ==
* Always use an approved testing window for production systems.
<ul>
* Prefer authenticated scans to detect deeper vulnerabilities.
  <li>Always use an approved testing window when scanning production systems.</li>
* Ensure credentials or tokens are valid before starting a scan.
  <li>Prefer authenticated scans for deeper insight into vulnerabilities.</li>
* Update Nessus plugins before every scan.
  <li>Ensure authentication tokens/cookies are valid before starting a scan.</li>
  <li>Always update Nessus plugins before scanning.</li>
</ul>


== References ==
== References ==
* Tenable Nessus Documentation: https://docs.tenable.com/nessus
<ul>
  <li>Tenable Nessus Documentation: https://docs.tenable.com/nessus</li>
</ul>

Revision as of 21:47, 9 December 2025

Home > Nessus-Vulnerability-Scanner > How to Scan Websites Using Nessus

Website Vulnerability Scanning Using Nessus

Purpose

This article provides step-by-step instructions to perform authenticated and unauthenticated vulnerability scans on web applications using Nessus. It also covers enabling required plugins and applying rate limits to avoid impacting production systems.

Prerequisites

  • Nessus Essentials / Professional / Tenable.sc / Tenable.io
  • Valid credentials for the target website (if authenticated scan is required)
  • Target website URL or server IP
  • Approved maintenance window (recommended)

Scope

This procedure scans only the approved website or web server. It must not be used to scan systems outside the authorized scope.

Steps

  1. Create a New Scan
    1. Log in to Nessus.
    2. Click New Scan → select Advanced Scan.
    3. Enter a suitable name and description.
    4. Under the Targets field, enter:
  2. Enable All Relevant Plugins
    1. Go to the Plugins tab.
    2. Ensure all plugins are enabled.
    3. Verify the following plugin families remain enabled:
      • Web Servers
      • Web Application Vulnerabilities
      • SSL/TLS Configuration Checks
      • CGI Abuses
      • Authentication Checks
  3. Configure Authentication

    Nessus provides several credential categories. Use the appropriate one depending on the authentication method required by the application:

    • Cloud Services
    • API Gateway
    • Database
    • Host
    • Miscellaneous
    • Plaintext Authentication

    Steps to Add Web Authentication:

    1. Go to Credentials.
    2. Select appropriate method:
      • Host → HTTP/HTTPS Credentials for basic site authentication
      • Miscellaneous → HTTP Headers for session cookies or tokens
    3. Enter required fields:
      • Username
      • Password
      • Domain (if applicable)
      • Cookie or header name/value (for token-based / session-based login)
    4. Save the authentication configuration.

    Notes:

    • Nessus does not support full form-based login automation like Burp Suite.
    • Use session cookies or tokens for authenticated scans.
    • For OAuth/Bearer tokens, insert the token under Miscellaneous → HTTP Headers.
    • Use API Gateway credentials when scanning API endpoints with authentication.
  4. Apply Rate Throttling (To Prevent Overloading Servers)

    Navigate to Settings → Advanced and configure the following recommended limits:

    • Max concurrent checks per host: 1
    • Max concurrent hosts: 1
    • Network receive timeout: 5 seconds
    • Max time per host: 1 hour (adjust based on environment)

    These settings help ensure low-impact scanning on production websites.

  5. Limit the Scan to the Website Only
    1. Go to Settings → Discovery → Host Discovery and disable:
      • ARP Ping
      • ICMP Ping
      • Reverse DNS Lookups
    2. Go to Advanced → Enable "Avoid scanning unreachable hosts".
    3. Ensure only the intended FQDN/IP is included in the Targets list.
  6. Start the Scan
    1. Review all settings.
    2. Click Launch.
    3. Monitor scan progress in real time.
  7. Review and Export Report
    1. Open the scan report.
    2. Filter vulnerabilities by:
      • Critical
      • High
      • Medium
      • Low
    3. Export results as:
      • PDF
      • CSV

Best Practices

  • Always use an approved testing window when scanning production systems.
  • Prefer authenticated scans for deeper insight into vulnerabilities.
  • Ensure authentication tokens/cookies are valid before starting a scan.
  • Always update Nessus plugins before scanning.

References

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Nessus-Vulnerability-Scanner&oldid=9801"