TryHackMe — Nessus

Hello All,

Today I am going to write about a beginner level room in TryHackMe- i.e., Nessus. Let’s start.

I know that so many of you who are trying to come into the Security domain or who were working in this field are familiar with this tool. For those who don’t know about it here is a small intro to the tool.

Nessus is one of the leading industry tool developed by Tenable. It is one of the many vulnerability scanners used during vulnerability assessments and penetration testing engagements, including malicious attacks.

So as I said earlier Nessus was developed by Tenable and if offers Nessus in different editions and details of each of them can be found at the official website. Below are the products that tenable offers.

https://www.tenable.com/products

1. Nessus Home version
2. Nessus Enterprise Edition
3. Tenable Security Center
4. Nessus Manager

Now coming back to our Nessus room, THM offers a Ubuntu machine for this lab but we can install these on both Windows and Linux environments.

Once we deploy our machine we need to access it and install the Nessus Home editions. To install the Nessus Home edition in our machine, we need to navigate to the Nessus Home edition product page and register there to get our trial license. This trial license can scan up to 15 IP addresses at a time. Below is the registration link from where you get the activation code.

I have registered and download the .deb package on my attacker machine and installed it.

Note: We will see two different sets of download packages on the download page. The second set will have the home edition versions

I have started the service using the command and navigated to the browser to configure my scanner.

/bin/systemctl start nessusd.service

We can see the configuration progress in the browser. The path to access the web console is using 8834 port.

HTTP://localhost:8834/

Once you start the server and access the path, you will get the 3-step procedure to configure your Nessus tool

1. Create an Administrator Account
2. Add your license
3. Wait for the plugins to download

Once you download all the plugins, you will see a welcome screen.

Lets explore more Nessus portal. Once we open the portal, we will see multiple options like Scan, Policies, Scan Templates, Plugin Rules.

When we click “New Scan” , First we will see option Scan Templates.

By default, Nessus offers a wide variety of Scan Templates from Basic Host Discovery to Compliance standards.

Once we select a scan template, you will see multiple options to customize your scan as per your environment.

Next step will be customizing by Creating a scan name, Targets. You can add your targets manually by separate using Comma or you can add a csv file with a list of targets( IP address or Host Names). You can schedule your scan using schedule and notify the status by sending mails

Next one is Discovery Tab:

You can choose scan type which includes scanning OS, Ports, Services etc based on your requirements.

If we take example of Host Discovery Scan template, you can able to Scan Host, OS and Ports.

Using Report option, we can export the scan results and add additional Information.

Using Advanced option, we can control the scans, host threshold etc.

When we create scans of Audit requirements, sometimes we need to use credential based scans for either SSH/Windows hosts.

Nessus provides a wide varieties of Scan plugins for each application, Vendor with regularly updated vulnerabilities.

Nessus official Website states that

 “As information about new vulnerabilities are discovered and released into the general public domain, Tenable, Inc. research staff designs programs to enable Nessus to detect them. These programs are named plugins, and are written in the Nessus proprietary scripting language, called Nessus Attack Scripting Language (NASL).
Plugins contain vulnerability information, a generic set of remediation actions, and the algorithm to test for the presence of the security issue.
Nessus supports the Common Vulnerability Scoring System (CVSS) and supports both v2 and v3 values simultaneously. If both CVSS2 and CVSS3 attributes are present, both scores are calculated. However in determining the Risk Factor attribute, currently the CVSS2 scores take precedence.
Plugins also are utilized to obtain configuration information from authenticated hosts to leverage for configuration audit purposes against security best practices.

Once we create our scan, We can see the status under “My Scans” Tab.

Once it get completes, we can view the scan results, Vulnerabilities.

Under Vulnerabilities, we can see the detected vulnerabilities like above.

This is how we can use free version of Nessus to scan up to 15 hosts by creating custom templates, adding required plugins. Nessus is one of the widely used tools across various enterprises.

Thanks for reading this. :)