Nessus is a security vulnerability scanning program with many users around the world. Nessus Professional, Nessus Manager, Nessus Home and Nessus Cloud editions are available. It provides the detection of security vulnerabilities and malware in physical, virtual and cloud environments.
The penetration service, which includes activities such as auditing IT infrastructures in terms of security and identifying security levels and closing the gaps, ensures that institutions are prepared and resistant to cyber attacks. In this way, cybersecurity professionals who perform penetration tests ensure that the vulnerable points of the system are repaired and security tightened when a real attack is encountered, by thinking like a hacker and applying infiltration and hijacking scenarios to the system and trying all the methods that the attackers can try.
Nessus provides comprehensive reporting on the vulnerabilities of the target devices according to criteria such as which operating system is running on the devices, which services are running on which ports, the vulnerabilities of the operating system and services, the vulnerabilities of software components and network protocols, and the compliance requirements. Nessus provides the ability to sort and filter the vulnerabilities it detects in the system according to many different criteria, allowing to better understand the vulnerabilities.
Each computer has thousands of ports, all of which may or may not have services (ie: a server for a specific high-level protocol) listening on them. Nessus works by testing each port on a computer, determining what service it is running, and then testing this service to make sure there are no vulnerabilities in it that could be used by a hacker to carry out a malicious attack. Nessus is called a "remote scanner" because it does not need to be installed on a computer for it to test that computer. Instead, you can install it on only one computer and test as many computers as you would like.
1- Firstly, register by going to "https://www.tenable.com/products/nessus/nessus-essentials". After the registration is completed, an activation code will be sent to your e-mail address. We will use this code during the installation phase.
2- You go to "https://www.tenable.com/downloads/nessus?loginAttempted=true" and download the Nessus version suitable for your operating system.
3- In the next step, we go to the terminal and install the version we downloaded.
sudo dpkg -i "Nessus-8.14.0-debian6_amd64.deb"
4- Then, write the command to the terminal that allows to start the Nessus service.
/bin/systemctl start nessusd.service
5- In the next step, open a new web browser and write the connection port given at the end of the installation "https://kali:8834/" in the browser opened and log in to Nessus. Then, choose Nessus Essentials, the free version, and continue.
6- Now, you enter the activation code given when you registered with Nessus. Then, you are creating your user account.
7- In this step, Nessus downloads some required plugins and the installation is complete.
Metasploitable-2 is a test environment created for use in hands-on penetration testing training and security research. A vulnerable test environment is needed in cyber security trainings, Metasploitable-2 application can be used for this.
1- First of all, go to "https://sourceforge.net/projects/metasploitable/files/Metasploitable2/" and perform the download process. The compressed file is about 800 MB and can take a while to download over a slow connection. After you have downloaded the Metasploitable-2 file, you will need to unzip the file to see its contents.
2- Next, open your virtualization platform and click Open a Virtual Machine to install Metasploitable2 that you downloaded. Then, run it with VMWare Player.
3- The user name and password are entered to log in on the screen that appears after the installation.
- -User Name:
msfadmin
- -Password:
msfadmin
4- In the next step, type "ifconfig"
command on the command line to find out the IP address assigned to the machine and other details about the virtual machine. That is all. Now we can start hacking :)
1- Firstly, I open Nessus and select the "Basic Network Scan" option.
2- Then, I specify the name for the scanning process and write the IP of the target machine. After these steps, I launch the scanning process.
3- In this step, we see that the scanning process is finished and the vulnerabilities are listed according to their degree. I choose VNC Server 'password' Password from the vulnerabilities listed. The definition of the vulnerability and the degree of risk are given on the screen by Nessus. In the next step, I will try to infiltrate the machine using this vulnerability.
4- I open the command line. To run the VNC viewer client, I type the command "vncviewer"
and then enter the destination IP address. I press enter and in the password query I type the password ("password") that Nessus found.
5- As you can see, VNC viewer worked and I reached the opposite machine. Here, I ask "who am i"
and see that I have access to the machine as root. So, now I can do whatever I want in the system.
Çolak, F. (September, 2019). Nessus Nedir ve Ne Amaçla Kullanılır? Fatih Çolak Bilişim Blog.
Retrieved June 9, 2021, from https://www.fatihcolak.com.tr/nessus-nedir-ve-ne-amacla-kullanilir.html
Nessus. Tenable. Retrieved June 9, 2021, from https://www.tenable.com/products/nessus
Wendlandt, D. Nessus: A security vulnerability scanning tool. Carnegie Mellon University.
Retrieved June 9, 2021, from https://www.cs.cmu.edu/~dwendlan/personal/nessus.html