🕳️
The Cyber Security Library
  • The Library
  • Offensive Security
    • Solar, Exploiting log4j
      • Reconnaissance
      • Discovery
      • Proof of Concept
      • Exploitation
    • Basic Authentication Bypass
      • Username Enumeration
      • Brute Force
      • Logic Flaw
      • Cookie Tampering
    • Insekube
      • Recon with Nmap
      • Checking out the web address
      • Creating a Reverse shell
      • Inside the Kubernetes pod
      • CVE-2021-43798
    • Snort
      • What is Snort? (For the uninitiated)
      • Task exercise
      • Traffic Generator
      • Brief overview of IDS and IPS
      • Checking Snort
      • Snort Sniffer mode
      • Packet Logger mode
    • Runtime Detection Evasion
      • Learning Objectives of AMSI
      • Runtime detections
      • AMSI Overview
      • AMSI Instrumentation
      • Powershell Downgrade
      • Powershell Reflection
      • Patching AMSI
    • Red team recon using OSINT
      • Taxonomy of Reconnaissance
      • Built-in tools
      • Advanced Searching
      • Specialized Search Engines
  • Malware
    • Introduction to Malware Analysis
      • What are the different types of malware analysis
      • Doing different types of analysis
      • Anti analysis techniques
    • Ransomeware: Maze
    • Exploring Steganography
    • Simple Trojan with Python
      • The Python Trojan
      • Breaking down the python code
  • Vulnerability Management
    • Nessus
      • Introduction
      • Nessus Essentials
      • Scans
      • Authenticated Scans
      • Results
      • Running custom scans
  • Cloud
    • AWS
      • AWS CDK: Deploy and using amazon SQS Que from Repo
        • Node modules and Bootstrapping troubleshooting
        • Sending and Receiving information from the stack
        • Destroying the stack and cleaning up
      • Using Different AWS Services with Splunk
        • AWS Config
          • How Does Config work?
          • How to enable Config
          • Settings
          • Aggregation
          • Creating Config Resource
          • Creating Aggregator
          • Adding Rules
        • CloudTrail
          • What is CloudTrail?
          • Features of CloudTrail
          • Benefits of CloudTrail
          • CloudTrail Event History
          • Securing CloudTrail
        • EventBridge
          • Configuring EventBridge and Event Patterns
          • EventBridge Targets
        • CloudWatch
          • The CloudWatch Dashboard
            • Virtual Machine
          • CloudWatch Alarms and Metric Filters
            • Searching logs using metric filters
            • CloudWatch Alarms
          • CloudWatch CIS Alarms
            • SNS
        • Configuring VPC Flow Logs
          • An introduction to VPC flow logs
        • Automating Incident Response with EventBridge
          • Creating Lambda functions
        • CloudTrail SIEM Integration (Splunk)
          • AWS architecture for integrating with Splunk
      • AWS DevOps EBS Volumes
        • CloudWatch
        • EBS Volume
        • Lambda
      • EKS Creating a deployment with AWS in the command Line
        • Setting up AWS Cloud9
        • Creating a Cluster
        • Creating Deployment
      • How to CloudShell SSH in to ec2 Instances
    • Azure
      • Worker CTF (Azure DevOps)
        • Enumeration
        • Using SVN
        • Exploring the Domain
        • Cracking Azure DevOps console
      • Software development environments and Azure DevOps pipeline abuse
        • Accessing Azure Devops
        • Exploring Project Pages
  • Splunk
    • Splunk SIEM Integration
      • AWS architecture for integrating with Splunk
    • Splunk Threat Hunting Ep.6 Credential Access
  • DevOps
    • Using AWS, Docker, Jenkins and SonarQube to improve code quality
      • Updating the Cloud Instance and Getting Docker
      • Installing SonarQube
      • Creating Jenkins Server
      • Manaing SonarQube and Jenkins
    • Creating a Codebuild project and getting the output with CloudWatch Logs
      • IAM
      • CodeBuild
  • CTF's
    • THM Wonderland
      • Nmap and Gobuster
      • Entering Wonderland
      • Privilege Escalation
    • Healthcare OpenEMR system -THM Plotted EMR
      • Recon with Nmap
      • Exploring the ports found
      • Gobuster
      • Searchsploit Open emr
    • Steam Cloud CTF Exploiting Kubernetes
      • SteamCloud Privilege Escalation
    • THM Flatline CTF
      • Recon with Nmap
      • Searchsploit for freeswitch
      • Using the exploit
      • Escalating my privileges
      • Gaining access inside the Windows RDP
    • Biteme CTF
      • Recon
      • Looking into the PHP code and decoding hexadecimal
      • Python script and Bash script
      • Bruteforcing MFA Code
      • Trying to gain access via SSH
      • Inside SSH
      • Fail2ban Privilege Escalation
    • Devoops CTF
      • Enumeration
      • Exploiting Web Page
      • Creating Python exploit
    • GoBox CTF
      • Enumeration
      • Using Burpsuite and creating Reverse shell
    • Explore: Android Box
      • Enumeration
      • Initial foothold
      • Privilege escalation
Powered by GitBook
On this page
  • Network Scanning
  • Scanning with Nessus
  • Scan Templates
  • Host Discovery scans
  1. Vulnerability Management
  2. Nessus

Nessus Essentials

PreviousIntroductionNextScans

Last updated 1 year ago

Immediately, you are presented with the core area of Nessus – the My Scans panel.

This page gives you more details about the scan, including the status of the scan, how long it took, and when it took place. Additionally, Nessus also includes the History of a scan, which allows you to see each time it was launched, as well as the results of each historical scan. This is useful in comparing the results of scans performed across a range of time.

Settings

You can see details about the Nessus server itself by going to the Settings panel (found by clicking on the Settings hyperlink in the top navigation bar). In the About section, the Overview tab displays details about the Nessus server, including its version number and when it was last updated. If the Nessus scan results need to be encrypted, an encryption password can also be set in the About section, using the Encryption Password tab.

Users with administrative permissions on the Nessus server (for example, the nessus-user account) can also adjust the configuration of Nessus from the Advanced Settings section of the Settings. Any changes to settings made here are global and will affect all Nessus users. Some changes also require restarting the Nessus server.

Network Scanning

Nessus is primarily used to scan devices on a network and comes with several pre-configured scan templates to begin scanning with Nessus. In this lab, explore the Host Discovery and Basic Network scan templates offered by Nessus, and use them to scan a range of targets.

Scanning with Nessus

Nessus is a vulnerability scanner; therefore, scanning systems is its primary function, with a range of scan templates to help facilitate the creation of scans and policies.

A scan is simply Nessus assessing the host for vulnerabilities based on pre-determined rules. Nessus includes several different types of pre-configured scans, all with different built-in rules, and can be launched any number of times against multiple hosts.

Scan Templates

Using the Nessus web interface, open the My Scans panel and click the New Scan button to show all Nessus templates available. For Nessus Essentials users, any scan template not marked as UPGRADE is available for you.

Some templates are used to identify vulnerabilities related to specific malware or exploits (such as the WannaCry Ransomware, or Spectre and Meltdown templates). In contrast, others focus on searching for vulnerabilities more generally.

Host Discovery scans

Identifying the hosts on a network should always be the first step in a vulnerability assessment. Nessus provides a Host Discovery scan that allows users to scan a network for live hosts, and output a list of basic information about each device it discovers. This scan can also perform a simple port scan, identifying open ports on live hosts, but this behavior is disabled by default.

Click the Host Discovery button from the Scan Templates page to start configuring a new Host Discovery scan. You'll be presented with the configuration panel for the scan, where you can configure the Name, Description, and Targets fields.

Image 10

As with most Nessus scans, you're only required to complete two fields in the configuration panel before the scan is ready to launch: In the General tab, you must enter a Name (the name of the scan), and a list of Targets.

When specifying targets, Nessus supports CIDR notation (e.g. 10.10.10.0/24), a range (e.g. 10.10.10.0-10.10.10.255), or a comma-separated list (e.g. 10.10.10.121, 10.10.10.232, 10.10.10.255). Nessus also supports adding domain names to this field (e.g. immersivelabs.com).

Alternatively, targets can be added to a text file and uploaded to Nessus by clicking the Add File link. If a file of targets is added, the Targets field will be automatically populated with the contents of this file when the template is saved.

You can customize the Host Discovery scan to meet your needs by adjusting the Scan Type setting in the Discovery tab. Host enumeration (the default) checks if the host is live by pinging the host and reporting the results. In contrast, the Host Discovery scan can be configured to attempt to perform OS Identification, and can even be configured to perform a port scan of the host. You can fine-tune any options by choosing the Custom option, which will display an additional section under the Discovery tab.

Unlike other scan templates, the Host Discovery scan doesn't attempt to identify any vulnerabilities on a system. It's just used for enumeration (discovery) purposes, so there are few other options to configure. You can adjust the verbosity that Nessus will report on results in the Report tab, as well as change options related to the scan performance in the Advanced tab. Once your scan is ready to launch, click the Save button to create the scan and return to the My Scans table. You should see your new scan added to the table.

My Scans
Scan Details
scan type