Skip to content
Gallery
ETT - Bestpass
ETT-BestPass
Information required from Bestpass
Infrastructure Requirements
Software License Details
Domain Transfer
SPAN Responsibilities
AWS-ETT Infrastructure - DevOps Team
ETT SQL Details
Mobile App Transfer
Transition Services Agreement (TSA)
Tax Year Changes
Transfer a Domain with NO Downtime
ETT Deployment
ETT Domains
ETT Build Deployments
ETT Payments - Flex Microform
Knowledge Transfer - Technical
Domain KT
Share
Explore
In-House Tools Used

icon picker
Nessus

Description

Nessus is a paid, commercial vulnerability assessment tool.
We use free version of Nessus, called Nessus Essentials (formerly called Nessus Home). Although it has limited features, Nessus Essentials still comes handy in many situations when you need to perform an automated Vulnerability Scanning on a target.

Quick Installation Guide


Browse to
https://www.tenable.com/products/nessus/nessus-essentials
and enter your First Name, Last Name and Email address to register for an activation code.
image.png
b. On the next page, press the “Download” button, and choose the appropriate version for your OS:
image.png

c. Press “I Agree” to the license agreement and let Nessus download (you can press “Save” on the popup that appears just before the download). Hang tight, as your machine needs to download around 75 MB.
image.png
d. Browse to the Nessus GUI at
https://localhost:8834/
and you should get a security error. Click Advanced > Add Exception > Confirm Security Exception to allow Nessus.
image.png
image.png

e. Select Nessus Essentials and press Continue.
image.png

f. When you get a screen that asks for you to enter in your First and Last Name and Email address, just click Skip as you have already registered for an activation code.
image.png

g. Go to your email inbox, and you should have received an email from Tenable containing your activation code. Copy this, and paste it into Nessus, and click Continue.
image.png

h. Create a user account by entering in a username and password and click ​Submit. You will use this account to log into Nessus every time.
image.png

i. Wait for Nessus to finish the installation (will usually take around 45 to 60 minutes)!.Go grab some lunch/dinner during the process. Once it’s done, log in with your newly made user account.
image.png

Creating a New Scan

We can give the scan a name and description, and specify the target(s) we want to scan. We can even schedule when, and how frequently we want the scan to occur, and send email notifications to specified people. Once you have finished loading up your weapon, click on the little arrow next to Save and click Launch!!
image.png

Analysing the Scan Result

The scan will take a few minutes to complete, and Nessus will display a tick mark once it has completed the scan.
image.png

When you click on the scan, you can see a list of vulnerabilities Nessus has found. They will come up one by one during the scan, so you don’t have to wait until the scan fully finishes to view the result.
image.png

Clicking on the SMB folder reveals a list of specific informational “vulnerabilities”, such as SMB version support, log in enabled etc..
image.png

Generating a Scan Report

Generating a scan report couldn’t have been any more easier! Simply click Report on the top right corner, and select a file format (PDF, HTML, CSV) that suits you. You can then select either an Executive Summary or a full, technical Custom report.
image.png
Once you have selected your report type and have adjusted some details to suit your needs, click Generate Report. You will see a concise report, if you selected Executive Summary, and a long, detailed report if you selected Custom Report.
image.png
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.