Saturday, October 15, 2011

Nessus


Nessus is a proprietary comprehensive vulnerability scanning program. It is free of charge for personal use in a non-enterprise environment. Its goal is to detect potential vulnerabilities on the tested systems.
For example:
§  Vulnerabilities that allow a remote cracker to control or access sensitive data on a system.
§  Misconfiguration (e.g. open mail relay, missing patches, etc).
§  Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.
§  Denials of service against the TCP/IP stack by using mangled packets
------------------------------------------------------------------------------------------------------
Most organisations does network vulnerability assessment by using this tool.
You can download NESSUS from here:
Download and install Nessus .Its free of charge for personal use and chargable for Business use for corporate offices.

After Installing you get “Nessus Server manager .exe”  file and  “Nessus client.exe” on Desktop.Open  “Nessus Server manager .exe”   you find like this:



Now click on the “Manage user’s”  button.
Click on the “ + “ button to add user make the user as admin.like below:



The click on the “Start Nessus server”  button.
Now  start the “Nessus client”. Browser will be opened to you with address “https://localhost:8834/”.
Now Login with credentials you have created in Manage users.like below:



For default scan:
Click on “scans” button and click “add”



Now you get this :



Type name of the test and select  policy and enter the targets.It there are larger number of IP’s then upload from the text file.i.e(Target file).Here the policies are : “Internal network scan” and “external netwrok scan” , “Web app test” .
If you are scanning external network select that and if you are testing Web application select that task.
Im selecting Internal network for just testing.
Then launch scan: 



The scan starts:


After the scan is completed click on the “Reports” button.
Double click on the scan result.(here it is “test123” in the below image)



Then you will get this page:  The click on the “Download reports” button.



Select the extension of download report as .rtf or html.
**This is just the basic default scan.

0 comments:

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More