Penetration Testing Using Nessus

Penetration Testing using Nessus 

Nessus is one of the best Vulnerability Scanners out there . Its a product of Teenable Security and is available in a free as well as a commercial version . If a free, full-featured vulnerability scanner is on your mind, then it’s good for you to know about Nessus.Nessus can be used for conducting Vulnerability Assessment during a Penetration testing project .
For a quick background on Nessus , Nessus was founded by Renuad Deraison in 1998to provide the Internet community with a free remote security scanner. Nessus is a full-fledged vulnerability scanners that allow you to detect potential vulnerabilities in systems. Nessus is the world’s most popular vulnerability scanning tool and also the most widely used . Moreover Nessus is also Multi Platform
Nessus is free of cost for personal use in a non-enterprise environment. It uses a web interface to set up, scan, and view reports. It has one of the largest vulnerability knowledge bases available; because of this KB, the tool is very popular.

Nessus Key features

  • Identifies vulnerabilities that allow a remote attacker to access sensitive information from the system
  • Checks whether the systems in the network have the latest software patches
  • Tries with default passwords, common passwords, on systems account
  • Configuration audits
  • Vulnerability analysis
  • Mobile device audits
  • Customized reporting
For more details on the features of Nessus, visit:
Nessus has Multi OS support and supports Microsoft Windows XP/Vista/7 , Linux , Mac OS X (10.5 and higher),Free BSD , Sun Solaris and many more for that matter .

Installation and configuration

  • Download the Nessus home feed (free) or professional feed here .
  • Once you download the Nessus, you need to register with the Nessus official website to generate the activation key, which is required to use the Nessus tool. Click here to generate the Activation Key .
  • Follow the instructions on the page and the activation key will be emailed to you on your email ID .
  • Install Nessus by following the steps and Instructions on the Screen .
  • Create an account with Nessus.
  • Enter the activation code you have obtained by registering with the Nessus website. Also you can configure the proxy if needed by giving proxy hostname, proxy username, and password.
  • Then the scanner gets registered with Tenable and creates a user.
  • Download the necessary plug-in. (It takes some time to download the plug-in; while you are watching the screen, you can go through the vast list of resources we have for Nessus users).
Once the plug-ins are downloaded, it will automatically redirect you to a login screen. Provide the username and password that you have created earlier to login.
Thats it and the most powerful Vulnerability scanner is ready to be used for Penetration testing .

Nessus Tutorial : Penetration Testing and Vulnerability Assessment


Running Nessus :

Nessus will give you lot of options when it comes to running the actual vulnerability scan. Nessus comes with 4 types of basic scans (which themselves are very powerfull) and also allows the user to create their own custom scans and hence gives the power to the user . With Nessus Vulnerability Scanner you can scan individual computers, ranges of IP addresses, or complete subnets. There are over 1200 vulnerability plug-ins with Nessus, which allow you to specify an individual vulnerability or a set of vulnerabilities to test for.
Here an important thing to note is that , distinguished from other tools, Nessus won’t assume that explicit services run on common ports; instead, it will try to exploit the vulnerabilities.
Foundations for discovering the vulnerabilities in the network are:
  • Which hosts are live
  • What ports are Open and what services are running on what Ports
  • What Operating system is running in the remote machine
Once you have loged into the Nessus web interface, you will be able to see various options, such as:
  • Policies–Using which you can configure the options required for scan
  • Scans–for adding different scans
  • Reports–for analyzing the results
The basic workflow of Nessus tool is to Login, Create or Configure the Policy, Run the Scan, and Analyze the Results.


Policies are the vulnerability tests that you can perform on the target machine. By default, Nessus has four policies.

External network scan

This in built policy  scans externally-facing hosts that provide services to the host. The External Network Scan Policy will  scan all 65,535 ports of the target machine. It is also configured with plug-ins required for web application vulnerabilities tests such as XSS.

Internal network scan

This policy is configured to scan large internal networks with many hosts, services, embedded systems like printers, etc. This policy scans only standard ports instead of scanning all 65,535 ports.

Web app tests

Nessus uses this policy to detect different types of vulnerabilities existing in web applications. It has the capability to spider the entire website to discover the content and links in the application. Once the spider process has been completed, Nessus starts to discover the vulnerabilities that exist in the application.

Prepare for PCI DSS audits

This policy has PCI DSS (Payment Card Industry Data Security Standards) enabled. Nessus compares the results with the standards and produces a report for the scan. The scan doesn’t guarantee a secure infrastructure. Industries or organizations preparing for PCI-DSS can use this policy to prepare their network and systems.
Apart from these pre-configured policies, you can also upload a policy by clicking on “Upload” or configure your own policy for your specific scan requirements by clicking on “New Policy.”


Once the policies have been configured as per your scan requirement, you need to configure the scan details properly. This can be done quickly under the Scans Tab :
When you go to the Scan tab, you can create a new scan by clicking “New Scan” on the top right. Then a pop-up appears where you need to enter the details, such as Scan Name, Scan Type, Scan Policy, and Target.
  • Scan Name: The name that you want to give to the scan.
  • Scan Type: You have options to run the scan immediately by selecting “RUN NOW.” Or you can make a template which you can launch later when you want to run the scan. All the templates are moved under the Template tab beside the Scan tab.
  • Scan Policy: Select the policy that you have configured previously in the policies section.
  • Select Target: Enter the target machine that you are planning to test. Depending upon the targets, Nessus takes time to scan the targets.


Once the scanning process has been completed successfully, results can be analyzed.
  • You can see the name of the scan under the Results section. Click on the name to see the report.
  • Hosts–Specifies all the target systems you have scanned.
  • Vulnerabilities–Displays all the vulnerabilities on the target machine that has been tested.
  • Export Results–You can export the results into various formats such as html, pdf, etc. You can also select an individual section or complete result to export based on your requirement.
Nessus has become an Industry standard for Vulnerability Assessments for large organizations over the years . It is important for an information security researcher to understand Nessus and work on it . Comes as a good addition to the skill set of Information Security researcher .


Popular posts from this blog

How To Hack ADSL Router Using NMAP Tool