Nessus
Nessus.md
Nessus
Overview
Nessus is one of the most widely used commercial vulnerability scanners, developed by Tenable. It performs deep inspection of hosts to identify known CVEs, misconfigurations, default credentials, missing patches, and compliance violations. It outputs prioritized reports with remediation guidance.
Category
#scanning #vulnerability-assessment
Phase
Scanning
Developer
Tenable, Inc. — tenable.com/products/nessus
Editions
| Edition | Cost | Notes |
|---|---|---|
| Nessus Essentials | Free | Up to 16 IPs; good for lab/learning |
| Nessus Professional | Paid | Unlimited IPs, compliance, advanced reports |
| Tenable.io | Cloud/Enterprise | Full platform with dashboards |
Install (Linux)
# Download .deb from tenable.com/downloads/nessus
sudo dpkg -i Nessus-*.deb
sudo systemctl start nessusd
# Access at: https://localhost:8834
Key Scan Types
| Scan Template | Use Case |
|---|---|
| Basic Network Scan | General purpose host/service scan |
| Advanced Scan | Fully configurable |
| Web Application Test | HTTP/HTTPS vulnerability testing |
| Credentialed Patch Audit | Local checks with SSH/WMI creds |
| Malware Scan | Detect malware artifacts |
| PCI DSS Compliance | Payment card industry audit |
| HIPAA Audit | Healthcare compliance |
Workflow
1. Create new scan → Choose template
2. Set target IP(s) or range
3. (Optional) Add credentials for deep local checks
4. Launch scan → Wait for completion
5. Review findings sorted by severity (Critical/High/Medium/Low/Info)
6. Export report (PDF, CSV, HTML, XML)
Credentialed vs. Uncredentialed Scans
| Type | What It Finds |
|---|---|
| Uncredentialed | Network-visible services, open ports, banners |
| Credentialed (SSH/WMI) | Patch levels, local configs, installed software, user accounts |
Credentialed scans are significantly more thorough and produce far fewer false positives.
Severity Ratings
Nessus uses the CVSS scoring system:
- Critical (CVSS 9.0–10.0)
- High (7.0–8.9)
- Medium (4.0–6.9)
- Low (0.1–3.9)
- Informational (0.0)
OPSEC Notes
Nessus is loud — it generates significant traffic and will trigger IDS/IPS. Always get written authorization before scanning. Credentialed scans require storing credentials in Nessus — secure the Nessus host itself.
Related Tools
- Nmap — Port/service discovery often done before or alongside Nessus
- OpenVAS — Open-source alternative with similar capabilities
- Metasploit — Exploit the vulnerabilities Nessus identifies
Tags
#ethical-hacking #scanning #vulnerability-assessment #cve #compliance