Hey Readers! We have received hundreds of requests for a Tutorial on Pen Testing or Penetration Testing. Many readers asked us for a step by step tutorial on Website Vulnerability Testing or Website Penetration Testing and this article is going to do exactly the same. In this article of Learn Hacking we are using Nessus for Pentesting which is an Open Source Software.
Read the rest of the information below.
Review Nessus PenTesting Software (Vulnerability Scanner)
Nessus is a PenTesting Software , Vulnerability Scanner Provided by Tenable Network Security.
About Tenable Network Security:
Tenable Network Security provides enterprise-class solutions for continuous monitoring and visibility of vulnerabilities, configurations, user activity and system events that impact security and compliance.
Tenable’s award-winning products are used by many Global 2000 organizations for PCI auditing, federally mandated compliance testing, log collection and risk management. Tenable is the creator and manufacturer of the Nessus vulnerability scanner.
Well this article mainly aims to provide the readers complete information about the Nessus software like its origin , use , advantages , disadvantages, cost and the features it should have. This article is written keeping both newbie’s and experts in mind so it doesn’t matter if you are new to this tool or have been using it since long back, in any case you are going to love this article.
Nessus is one of the best FREE penetration testing softwares available online. Best both in terms of features and costing (as its free) unlike other PenTesting software that cost hundreds of dollars for tools having the same functionality or probably less.
Nessus can be downloaded free from its official site ie.. http://www.tenable.com/products/nessus .
It is available for both the platforms ie.. Windows and Linux.
It is free for personal use but for professional use, we have to buy a subscription.
The subscription comes under two categories:-
- Nessus Professional Feed Subscription
- Nessus Perimeter Service and scan from cloud
Nessus Professional Feed Subscription
Tenable Network Security offers this subscription in 3 categories:-
- 1 year – $1200
- 2 Year – $2400
- 3 Year – $3600
Don’t forget that you have to subscribe to this feed only for professional use, for personal use its absolutely free.
Benefits of Nessus Feed Subscription
Tenable Network Security performs vulnerability research 24×7. When a new vulnerability is discovered, Tenable writes a Nessus® plugin, tests it and then makes it available for download such that your Nessus scanner can perform the most recent checks. The ProfessionalFeed from Tenable is used to keep each of your Nessus scanners up to date with the latest network and host-based security checks.
Nessus ProfessionalFeed subscribers also can use content developed by Tenable to perform UNIX, Windows and SQL Database configuration audits against custom policies, extracted configurations from live systems and policies based upon:
- PCI Scanning and auditing
- Center for Internet Security
- NIST SCAP and FDCC Policies
- Vendor guidelines from Microsoft and RedHat
- DISA STIG Guides
- CERT guidelines
- … and more.
The Nessus ProfessionalFeed also includes the ability to search desktop systems for sensitive content and to perform audits against SCADA Control systems.
Tenable Network Security also provides email support for any customer who has purchased the ProfessionalFeed and is using Nessus 4 or a more recent release. ProfessionalFeed users can log into a customer portal and track the status of their submitted tickets.
Nessus Perimeter Service
Nessus Perimeter Service comes under two subscription options:-
- 1 month (30 days) :- $995
- 1 year :- $3600
What is Nessus Perimeter Service ?
Nessus Perimeter Service is an online Nessus scanner offering an unlimited number of scans against an unlimited number of IP addresses for a flat rate.
Nessus Perimeter Service allows you to scan any number of Internet facing sites you are authorized to scan from your desktop computer, mobile laptop, iPhone, customer network or wherever is convenient, as often as you want, all for a flat fee. And best of all – if you are a Nessus user, you already know how to use our service. Subscribers of the Nessus Perimeter Service are logged into the Nessus scanners hosted in Tenable’s secure datacenter.
•Rapid and Accurate Discovery of Systems and Vulnerabilities
•Vulnerability Scan Scheduling
•Support for the Nessus iPhone App
•Preparing for PCI-DSS Vulnerability Audits
•In-depth Web Application Scanning
•Highlighting vulnerabilities which have public exploits
•Patch and Configuration Auditing for web servers and many other devices
•Executive, Detailed and Differential reports
•Sharing results with Tenable’s SecurityCenter and 3rd party SIEM and GRC solutions
Well this was just the intro part. Now lets come to its usage. Lets see what can we do with it.
Based on a client/server architecture, Nessus lets users run the administrative console, which executes vulnerability scans and holds databases on a machine other than the server. Client front ends are available for Java, Win32, and X11, making Nessus a true cross-platform tool that can scan Linux, Windows, and Unix hosts.
Nessus provides an astonishing quantity of customized tests called plug-ins. These include interesting scans that look for vulnerabilities in routers from Cisco and other companies, CGI scripts, buffer overruns, remote-access connections, back doors, RPC, and SNMP.
To configure scanning, you can either use the defaults or customize your scans, though the latter will take the average administrator quite some time, depending on the diversity of the network. You can also set port scanning to various levels, taking firewalls and intrusion detection systems into consideration.
Using nessus can seem to be a tricky task at the first sight. Its not that difficult, but beginners can have a little trouble getting things done, but once you get it, you get it.
As soon as you install Nessus, you can see two files, the Nessus Server Manager and the Nessus Client File.
The server manager server the purpose for:-
- Managing users
- Updating plugins
- Starting / Stopping Nessus
This is how it the Nessus Server Manager looks like:-
Now the next step after starting the server would be launching the client . Just open the Nessus client and Nessus will open in your default browser.
This is how it looks like:-
Note:- You may get a security caution in your browser. Just click on “Proceed anyway” and Nessus opens. The default port number for Nessus is 8834
Just login with the username and password you chose in the Nessus Server Manager.
As you login, a screen with a huge list of features appears.
In the home screen after login, four options are visible ie.. Reports, Scans , Policies and Users.
We are just going to discuss the use of all these features:-
Users:-It is simply used to manage users ie … Add/ Delete Users
Scans:- The Scans section is to add/start a new scan. The process is very simple. Just add the required details and you are done.
The screenshot below shows a clear picture of the topic.
Reports:- The reports sections has all the saved reports ie.. a log of all the previous scans (if you don’t delete them). This is a very good and important feature as its very important to save the PenTesting report of a site to make its report.
The scan results are formatted based on domains, hosts, and associated vulnerabilities. Reported weaknesses come with a multitude of suggestions, explaining the nature of the problem and listing fixes. Links to the Common Vulnerabilities and Exposures (CVE) dictionary (www.cve.mitre.org), which lists known vulnerabilities, and Microsoft TechNet (www.microsoft.com/technet), an online security resource for IT administrators, are also provided, offering administrators further access to information resources and existing patches.
Policies:- This is probably the most important and complex part of this scanner. This contains all the settings and plugins used for scanning. They can be used to filter out the scans and make the scanning process faster and better.
By default, there are four defined policies. They are nothing but settings for scanning.
For eg:- the web app scan will contain the policies only for Scanning web apps . This saves a lot of time and money for many people.
We can also add/define our custom policies according to our requirements and this is one of the most powerful features of Nessus.
You even have the privilege to import the policies defined by others on any other machine.
This is how they look like:-
Now if we goto edit policy, we are in the most powerful part of this scanner. Using these plugins in the right way is very important. Not only it saves a lot of time but money.
Here we are in the edit WebApp Tests option and this is how it looks like:-
There are a lot of options to choose from, All the options can’t be discussed in this article.
There are about 45165 plugins in Nessus, We should define our custom policy depending upon the network we are scanning and putting its information in the preferences section.
This was just a small overview on Nessus so that you can be among the few thousands to actually know how to use it.
The versatility and importance of Nessus in the field of PenTesting can be judged by the fact that Tenable offers 4 different certifications just in using Nessus.
1) TCNA – Tenable Certified Nessus Auditor
Candidates who successfully complete the requirements of this certification track have distinguished themselves as having in-depth knowledge of the Nessus vulnerability scanner and the underlying technical concepts
2) TCSA – Tenable Certified Security Analyst
Candidates who successfully complete the requirements of this certification have demonstrated in-depth knowledge of Tenable’s Enterprise products as applied to vulnerability and compliance analysis, passive network monitoring, event management and correlation and network behavioral anomaly detection.
3) TCSM – Tenable Certified Security Manager
Candidates who successfully complete the requirements of this certification have demonstrated understanding of the management capabilities with regard to policy control, data access, oversight and delegation of duties within Tenable’s Unified Security Monitoring solution.
Price:- On Demand
4) TCPA – Tenable Certified Product Administrator
Candidates who successfully complete the requirements of this certification have demonstrated the ability to install, configure and maintain Tenable’s Unified Security Monitoring suite including Tenable SecurityCenter, the Tenable Passive Vulnerability Scanner (PVS), the Tenable Log Correlation Engine (LCE) and Tenable Nessus.
Price:- On Demand.
- Powerful scanning
- Thousands of plugins
- Very effective results
- Test Reports can be saved , compared and downloaded
- Results not grouped on the basis of Severity or Vulnerabilities
- Not for newbies ( because of the huge number of plugins)
Overall this is a must have/ use scanner for everyone in this field on PenTesting.
Or you may also follow Learn Hacking on Twitter by clicking over here and our Facebook Fanpage by click over here to learn how to hack.