Nessus Installation in Kali Linux
In this section, I’ll be teaching you how to get Nessus Essentials, a free version of the enterprise-grade vulnerability scanning platform Nessus.
I recommend you complete the next steps while in a Kali Linux VM.
Check your email for the activation code. copy and save in notepad
In a terminal, navigate to the directory you downloaded the file to (Most likely /root/Downloads
and use the following command to install Nessus from the .deb file:
sudo dpkg -i <Nessus .deb file name> (run as super user) (Debian package tool) (install) (Nessus package)
Next, you’ll need to run the Nessus service (also referred to as the Nessus daemon), which starts everything up. Use the command
service nessusd start, and after a few seconds, go to your browser, and visit
https://kali:8834/
This is the local web GUI for Nessus. Can’t find the webpage? the “kali” section of the URL is your hostname (the part that appears in the terminal after “root@”).
If you’ve previously used Nessus, you may get an error stating you have a corrupt database. To fix this, you need to kill the service using service nessud stop, remove all Nessus files, download the latest version, and install it again. To delete all files for a clean re-install, use the following command in the terminal: rm -rf /opt/nessus (recursively remove everything in the Nessus directory, opt/nessus)
Once you get to the site, you should now be asked what product you want to use, select Nessus Essentials. You can either register here or, if you did it earlier, skip this step to submit your activation code, which should’ve been emailed to you. Finally, you’ll be asked to create a username and password to access Nessus locally within your VM. This form should inherit your Kali account details (in my case, ‘root’ and ‘toor’) but you are able to change them to anything you wish.
Select the Nessus essentials product and continue
Click SKIP in next page as you already registered
Now, Nessus will begin downloading plugins and other essential files required for its proper functioning. Please allow this process to complete, as it may take a significant amount of time. Feel free to take a break, stretch your legs, and return when the download is finished. Once completed, you will be presented with the Nessus dashboard.
From here, you have access to various features in Nessus, including the ability to launch scans, create policies, review plugins, and much more. In this module, we will primarily focus on plugins and utilizing a pre-made scan template. However, I highly recommend exploring Nessus further, as it is extensively utilized in the industry, and gaining hands-on experience with it can be highly beneficial.
On the left-hand side, you’ll find a navigation menu that provides access to several important sections:
- My Scans: This section displays all scans conducted by the currently logged-in user. It includes completed, scheduled, pending, and failed scans.
- All Scans: Here, you can view scans conducted by any user within the organization. This section provides an overview of completed, scheduled, pending, and failed scans.
- Trash: Once you no longer require a scan template, you can move it to the Trash. Doing so removes it from the “My Scans” and “All Scans” tabs, keeping your workspace organized.
- Policies: Scans are performed using a target and a policy, which consists of a list of settings and plugins. Different plugins focus on specific security issues, and policies allow you to configure and customize the scanning process.
- Plugin Rules: Plugins are integral to Nessus as they conduct scanning and enumeration. By using different plugins, you can obtain varied results. This section enables you to fine-tune the scan by selecting specific security issues or areas of interest to focus on.
- Scanners: Scanners refer to different hosts capable of performing enumeration. This feature becomes relevant when you need to scan multiple VLANs or physical networks that are not directly interconnected. In our case, we have one scanner available, which is the local scanner running within our VM.
Feel free to explore these sections further to gain a deeper understanding of their functionalities and how they can contribute to your security assessments.
