Kali Linux, a Linux distribution designed specifically for penetration testing, comes prepackaged with many pen test tools. Nessus® provides a penetration tester with a wealth of capabilities that will assist in the engagement, such as:
- Identifying local and remote vulnerabilities
- Configuration and compliance audits
- Checking for default credentials
- Web application scanning
Nessus isn’t installed on Kali Linux by default, but this post will show you how to install Nessus and provide some suggestions for using it in a penetration testing engagement to gain a more complete understanding of your organization’s security posture.
Installing and configuring Nessus
sudo apt-get update -y && sudo apt-get upgrade -y
Get some coffee, this might take a few moments.
Prior to downloading Nessus, ensure that your Kali Linux installation is up to date:
Step 1: Purchase Nessus and obtain an Activation Code
Nessus can be purchased directly from Tenable or through an authorized reseller.
After purchasing Nessus, an Activation Code will be available on the Tenable Support Portal.
Nessus
Jump to :Release
Need an Activation Code?
In order to complete your Nessus installation, you need an activation code if you don’t have one already.
Get Activation CodeNessus - 10.1.2
Step 2: Download Nessus
Navigate to the Tenable Nessus downloads page and select the appropriate version for your installation of Kali Linux, either the 32-bit or 64-bit Debian package.
You can download Nessus from the Tenable Downloads site.
When you download Nessus, ensure the package selected is specific to your operating system and processor.
There is a single Nessus package per operating system and processor. Nessus Manager and Nessus Professional do not have different packages; your activation code determines which Nessus product is installed.
Example Nessus package file names and descriptions
| Nessus Packages | Package Descriptions |
|---|---|
| Nessus-<version number>-Win32.msi | Nessus <version number> for Windows 7, 8, and 10 – i386 |
| Nessus-<version number>-x64.msi | Nessus <version number> for Windows Server 2008, Server 2008 R2*, Server 2012, Server 2012 R2, 7, 8, and 10 – x86-64 |
| Nessus-<version number>-debian6_amd64.deb | Nessus <version number> for Debian 6 and 7 / Kali Linux – AMD64 |
| Nessus-<version number>.dmg | Nessus <version number> for Mac OS X 10.8, 10.9, and 10.10 – x86-64 |
| Nessus-<version number>-es6.i386.rpm | Nessus <version number> for Red Hat ES 6 / CentOS 6 / Oracle Linux 6 (including Unbreakable Enterprise Kernel) – i386 |
| Nessus-<version number>-fc20.x86_64.rpm | Nessus <version number> for Fedora 20 and 21 – x86_64 |
| Nessus-<version number>-suse10.x86_64.rpm | Nessus <version number> for SUSE 10.0 Enterprise – x86_64 |
| Nessus-<version number>-ubuntu1110_amd64.deb | Nessus <version number> for Ubuntu 11.10, 12.04, 12.10, 13.04, 13.10, and 14.04 – AMD64 |
Example Nessus Agent package file names and descriptions
| Nessus Agent Packages | Nessus Agent Package Descriptions |
|---|---|
| NessusAgent-<version number>-x64.msi | Nessus Agent <version number> for Windows Server 2008, Server 2008 R2*, Server 2012, Server 2012 R2, 7, 8, and 10 – x86-64 |
| NessusAgent-<version number>-amzn.x86_64.rpm | Nessus Agent <version number> for Amazon Linux 2015.03, 2015.09 – x86-64 |
| NessusAgent-<version number>-debian6_i386.deb | Nessus Agent <version number> for Debian 6 and 7 / Kali Linux – i386 |
| NessusAgent-<version number>.dmg | Nessus Agent <version number> for Mac OS X 10.8, 10.9, and 10.10 – x86-64 |
| NessusAgent-<version number>-es6.x86_64.rpm | Nessus Agent <version number> for Red Hat ES 6 / CentOS 6 / Oracle Linux 6 (including Unbreakable Enterprise Kernel) – x86_64 |
| NessusAgent-<version number>-fc20.x86_64.rpm | Nessus Agent <version number> for Fedora 20 and 21 – x86_64 |
| NessusAgent-<version number>-ubuntu1110_amd64.deb | Nessus Agent <version number> for Ubuntu 11.10, 12.04, 12.10, 13.04, 13.10, and 14.04 – AMD64 |
Step 3: Install Nessus
Using the command line, install the Nessus package. Once the installation completes, start the Nessus service:
/etc/init.d/nessusd startIf you would like Nessus to start when Kali Linux boots, issue the command:
update-rc.d nessusd enableAfter the Nessus service starts, use a web browser to navigate to the Nessus Web Interface at: https://localhost:8834/.
Step 4: Configure and use Nessus
You may see a warning about the SSL certificate not being configured appropriately. You can continue past this warning or consult the Nessus User Guide to properly set this up.
To configure Nessus, follow the installation wizard. Create an administrator user account, activate with your activation code from the Tenable Support Portal and let Nessus fetch and process the plugins.
Refer to the official Nessus documentation for any other questions or issues with installing Nessus.
Using Nessus in a penetration test
Kali Linux tools complement your Nessus installation, with everything in one place for easy maintenance. Nessus reports on host discovery, vulnerability detection, and exploitability. Here are some of the ways Nessus can be used to support penetration testing:
- Remediation prioritization and newsworthy vulnerabilities
- Finding Heartbleed, Shellshock, or other newsworthy vulnerabilities may be important when assessing an organization’s security posture and reporting to the security leadership team.
- Detecting default credentials
- Use credentials harvested from other phases of testing to perform credentialed patch audits, local (client-side) application vulnerability scanning, and discovery of interesting configurations on targets.
- Hunting for web shells
- A web server may already be compromised without the administrator even knowing about it. Nessus can help in the detection of compromised hosts.
- Modify a vulnerability’s severity
- Identify low-severity vulnerabilities and allow an admin-level user to re-cast them as critical vulnerabilities. Modifying the severity of a vulnerability empowers testers to raise the visibility of lower severity findings that often lead to serious exposures.
Conclusion
Nessus is the world’s most widely-deployed vulnerability assessment solution. Nessus quickly and accurately identifies vulnerabilities, configuration issues, and malware in physical, virtual, and cloud environments to help you prioritize what to fix first. Combine Nessus with Kali Linux to build a superior pen-testing toolkit that provides deep insight into your network systems.