<yambe:breadcrumb self="Nessuss">Penetration testing tools|Penetration testing tools</yambe:breadcrumb>

Nessus

Nessus is very good and feature rich vulnerability scanner developed by Tenable security team. It allows one to scan number of hosts for vulnerablities and also gives suggestions on how they can be fixed.

Installation

1. Download nessus from http://www.tenable.com/products/nessus/select-your-operating-system
2. You can download nessus manual from http://www.tenable.com/products/nessus/documentation
3. Install nessus using 'rpm -ivh nessus*.rpm' command.
4. Visit http://www.nessus.org/register/ to regsiter for activation code
5. Use '/opt/nessus/bin/nessus-fetch --register <activation_key>' to register nessus
6. Use '/opt/nessus//sbin/nessus-adduser' command and add a admin user with no rules.
7. Use '/sbin/service nessusd start' to start nessusd service.
8. Enable connection to port 8834 through firewall.

Basic usage

1. Access nessus user interface using https://<IP>:8834/ Flash is required for nessus UI to work.
2. Go to Policies tab and create a full scan policy with unsafe checks
3. Go to Scan tab and schedule scan for test vm based on created policy.
4. Go to Reports section and see scan report.

<yambe:breadcrumb self="Nessuss">Penetration testing tools|Penetration testing tools</yambe:breadcrumb>