Running custom scans

Learning outcomes

• Interact with Nessus using the web interface

• Use Nessus to import scan results

• Use Nessus to launch a scan against a host and to launch a scan using SSH credentials

• Analyze Nessus scan results for vulnerabilities

What's involved

• Interact with the Nessus web interface

• Import an exported Nessus scan into Nessus

• Create and launch a Nessus scan using a scan template

• Create and launch a Nessus scan with credentials

• Identify vulnerability details from Nessus scan results

• Compare the results of Nessus scans

Scenario

You're a junior analyst at Chaos Security, and a local financial organization has hired you to analyze two new hosts that will be deployed on their network. These two hosts, one Windows and one Linux, must first be analyzed for vulnerabilities before they’re released properly.

Fortunately, one of your colleagues has already scanned the Windows host and provided you with the results to analyze. However, you'll need to scan the Linux host yourself and then analyze the results.

2 Imported scans

Windows scan 1

Windows Scan 1 VPR Top Threats

Windows sCAN 2 VPR Top Threats

Setting up 2 scans with the linux creds - Linux server - 10.102.79.185

Basic scan no credentials

Basic scan with credentials

Basic scan with Linux credentials to give me more results