Penetration Testing Using Nessus

By -

Penetration Testing using Nessus 

Nessus is one of the best Vulnerability Scanners out there . Its a product of Teenable Security and is available in a free as well as a commercial version . If a free, full-featured vulnerability scanner is on your mind, then it’s good for you to know about Nessus.Nessus can be used for conducting Vulnerability Assessment during a Penetration testing project .
For a quick background on Nessus , Nessus was founded by Renuad Deraison in 1998to provide the Internet community with a free remote security scanner. Nessus is a full-fledged vulnerability scanners that allow you to detect potential vulnerabilities in systems. Nessus is the world’s most popular vulnerability scanning tool and also the most widely used . Moreover Nessus is also Multi Platform
Nessus is free of cost for personal use in a non-enterprise environment. It uses a web interface to set up, scan, and view reports. It has one of the largest vulnerability knowledge bases available; because of this KB, the tool is very popular.

Nessus Key features

  • Identifies vulnerabilities that allow a remote attacker to access sensitive information from the system
  • Checks whether the systems in the network have the latest software patches
  • Tries with default passwords, common passwords, on systems account
  • Configuration audits
  • Vulnerability analysis
  • Mobile device audits
  • Customized reporting
For more details on the features of Nessus, visit: http://www.tenable.com/products/nessus/nessus-product-overview/nessus-features.
Nessus has Multi OS support and supports Microsoft Windows XP/Vista/7 , Linux , Mac OS X (10.5 and higher),Free BSD , Sun Solaris and many more for that matter .

Installation and configuration

  • Download the Nessus home feed (free) or professional feed here .
  • Once you download the Nessus, you need to register with the Nessus official website to generate the activation key, which is required to use the Nessus tool. Click here to generate the Activation Key .
  • Follow the instructions on the page and the activation key will be emailed to you on your email ID .
  • Install Nessus by following the steps and Instructions on the Screen .
  • Create an account with Nessus.
  • Enter the activation code you have obtained by registering with the Nessus website. Also you can configure the proxy if needed by giving proxy hostname, proxy username, and password.
  • Then the scanner gets registered with Tenable and creates a user.
  • Download the necessary plug-in. (It takes some time to download the plug-in; while you are watching the screen, you can go through the vast list of resources we have for Nessus users).
Once the plug-ins are downloaded, it will automatically redirect you to a login screen. Provide the username and password that you have created earlier to login.
Thats it and the most powerful Vulnerability scanner is ready to be used for Penetration testing .

Nessus Tutorial : Penetration Testing and Vulnerability Assessment

 

Running Nessus :

Nessus will give you lot of options when it comes to running the actual vulnerability scan. Nessus comes with 4 types of basic scans (which themselves are very powerfull) and also allows the user to create their own custom scans and hence gives the power to the user . With Nessus Vulnerability Scanner you can scan individual computers, ranges of IP addresses, or complete subnets. There are over 1200 vulnerability plug-ins with Nessus, which allow you to specify an individual vulnerability or a set of vulnerabilities to test for.
Here an important thing to note is that , distinguished from other tools, Nessus won’t assume that explicit services run on common ports; instead, it will try to exploit the vulnerabilities.
Foundations for discovering the vulnerabilities in the network are:
  • Which hosts are live
  • What ports are Open and what services are running on what Ports
  • What Operating system is running in the remote machine
Once you have loged into the Nessus web interface, you will be able to see various options, such as:
  • Policies–Using which you can configure the options required for scan
  • Scans–for adding different scans
  • Reports–for analyzing the results
The basic workflow of Nessus tool is to Login, Create or Configure the Policy, Run the Scan, and Analyze the Results.

Policies

Policies are the vulnerability tests that you can perform on the target machine. By default, Nessus has four policies.

External network scan

This in built policy  scans externally-facing hosts that provide services to the host. The External Network Scan Policy will  scan all 65,535 ports of the target machine. It is also configured with plug-ins required for web application vulnerabilities tests such as XSS.

Internal network scan

This policy is configured to scan large internal networks with many hosts, services, embedded systems like printers, etc. This policy scans only standard ports instead of scanning all 65,535 ports.

Web app tests

Nessus uses this policy to detect different types of vulnerabilities existing in web applications. It has the capability to spider the entire website to discover the content and links in the application. Once the spider process has been completed, Nessus starts to discover the vulnerabilities that exist in the application.

Prepare for PCI DSS audits

This policy has PCI DSS (Payment Card Industry Data Security Standards) enabled. Nessus compares the results with the standards and produces a report for the scan. The scan doesn’t guarantee a secure infrastructure. Industries or organizations preparing for PCI-DSS can use this policy to prepare their network and systems.
Apart from these pre-configured policies, you can also upload a policy by clicking on “Upload” or configure your own policy for your specific scan requirements by clicking on “New Policy.”

Scans

Once the policies have been configured as per your scan requirement, you need to configure the scan details properly. This can be done quickly under the Scans Tab :
When you go to the Scan tab, you can create a new scan by clicking “New Scan” on the top right. Then a pop-up appears where you need to enter the details, such as Scan Name, Scan Type, Scan Policy, and Target.
  • Scan Name: The name that you want to give to the scan.
  • Scan Type: You have options to run the scan immediately by selecting “RUN NOW.” Or you can make a template which you can launch later when you want to run the scan. All the templates are moved under the Template tab beside the Scan tab.
  • Scan Policy: Select the policy that you have configured previously in the policies section.
  • Select Target: Enter the target machine that you are planning to test. Depending upon the targets, Nessus takes time to scan the targets.

Results

Once the scanning process has been completed successfully, results can be analyzed.
  • You can see the name of the scan under the Results section. Click on the name to see the report.
  • Hosts–Specifies all the target systems you have scanned.
  • Vulnerabilities–Displays all the vulnerabilities on the target machine that has been tested.
  • Export Results–You can export the results into various formats such as html, pdf, etc. You can also select an individual section or complete result to export based on your requirement.
Nessus has become an Industry standard for Vulnerability Assessments for large organizations over the years . It is important for an information security researcher to understand Nessus and work on it . Comes as a good addition to the skill set of Information Security researcher .

Comments

Post a Comment

Popular posts from this blog

HACK EMAIL-ID,USERNAME AND PASSWORD OR ANY USER DETAILS BY USING KALI LINUX.

By -
Image
HACK EMAIL-ID,USERNAME AND PASSWORD OR ANY USER DETAILS BY USING  KALI LINUX . Today,i am going to show you how you can get email-id,username and password or any user details you want by using  KALI LINUX . STEPS FOR SETTING UP YOUR SYSTEM. Download Kali Linux from   here . Extract the contents of Kali Linux iso file which you  downloaded in step and copy it to pendrive or instead of pendrive burn the iso file in cd if you want to make a cd of it. After copying all contents to pendrive or burning the iso file in cd,reboot you system,press F8 on boot-time and select boot from pendrive if you have copied all the files in pendrive,else boot from cd-rom if you burn the iso file in cd. After selecting the boot from device,the kali installation window will open,install accordingly as per your requirement. NOTE:During installation,in mount point of selected installation drive,set mount point to  "/" . Remember the username and password while installation as this will
Read more

Port Fail Vulnerability : Critical VPN Vulnerability

By -
Image
Port Fail Vulnerability : Critical VPN Vulnerability How Port Fail Vulnerability Exposes your REAL IP on SKYPE Using Port Fail Vulnerability it’s possible to disclose the real IP of a Skype accounts you’re interested in. There are a bunch of Skype IP resolvers which can give you the VPN IP address and port number of a Skype user using only their Skype login. Then you need to use the same thing a copyright monitoring company would use — send some UDP packets to the whole internet on the exact port. It’s remarkable but Skype will send you a reply for almost any data! The nping utility from  nmap  package suits our needs very well: # nping --udp -p 13318 --data-string 'hellothere!' -c 1 serv.valdikss.org.ru Starting Nping 0.7.00 ( https://nmap.org/nping ) at 2015-12-20 19:54 MSK SENT (0.0157s) UDP 195.154.127.59:53 > 92.42.31.8:13318 ttl=64 id=10802 iplen=39  RCVD (0.0859s) UDP 185.61.149.121:4272 > 195.154.127.59:53 ttl=54 id=1534 iplen=32    Max rtt: N/A | M
Read more