CentOS 7.x Scanning machines using nessus web portal
From Notes_Wiki
Home > CentOS > CentOS 7.x > VAPT Tools > Nessus > CentOS 7.x Scanning machines using nessus web portal
Scan generic target without authentication
To scan a generic target (Windows / Linux / Device) without authentication use:
- Access nessus portal at https://FQDN:8834/ and login as root user
- Go to "My Scans" -> "New Scan"
- Select "Advanced Scan"
- Under Basic -> General
- Give appropriate name and description (Eg centos7-scan-target)
- Give target IP(s) (Eg 172.31.1.41)
- Under Discovery -> Host Discovery
- Enable UDP under ping methods
- Under Discovery -> Port scanning
- Enable TCP under "Network Port Scanners"
- Under Assessment -> General
- Enable perform thorough tests
- Under Advanced
- Uncheck "Enable safe checks"
- Check "Enumerate launched plugins"
- Save the scan
- Run the scan
Scan Linux target with authentication
To scan a Linux target with authentication use:
- Create scan similar to non-authenticated scan described above
- Go to Scan -> Configure.
- Go to credentials tab while configuring the scan
- Select SSH.
- Update authentication method to password
- Give root username and password
- Save the scan
- Run the scan
Scan Windows target with authentication
To scan a Windows target with authentication use:
- Create scan similar to non-authenticated scan described above
- Go to Scan -> Configure
- Go to credentials tab while configuring the scan
- Click on Windows
- Let authentication method be password
- Enter administrator username and password. Optionally enter domain name.
- Uncheck "Never send crendentials in clear"
- Uncheck "Do not use NTLMv1 authentication"
- Check "Start Remote Registry service during the scan"
- Check "Enable administrative shares during the scan"
- Save the scan
- Run the scan
Export scan reports
- Open scan page
- From top right corner choose Export as either pdf or html
- Export either executive summary (brief) or custom (Detailed) report in desired format.
Home > CentOS > CentOS 7.x > VAPT Tools > Nessus > CentOS 7.x Scanning machines using nessus web portal