Vulnerability Assessment

Performing vulnerability assessment using the Nessus Vulnerability Scanner

Step 1: Download and Install Nessus Vulnerability Scanner

Perform a simple google search to download Nessus Vulnerability Scanner or click on the
following link

https://www.tenable.com/products/nessus/activation-code


Choose Nessus Home edition and click on register now.

We will be redirected to the registration page, complete user registration and click Register.
Note: Provide a valid email address (you will receive Nessus Activation Code).

After registration, click on download.

Select Linux version .deb package (32-bit or 64-bit based on your machine compatibility). Click

Agree to start the download.

 In the terminal, locate the Downloads directory and execute the following command.
dpkg -i Nessus-7.1.2-debian6_amd64.deb

 Step 2: Nessus Configuration

Execute the following command to start Nessus

On browser open https://127.0.0.1:8834/

 Click on Advanced and Add Exceptions to display Nessus login screen. Provide Username and
Password (remember these credentials to Login to Nessus in future).

 Enter Activation Code when prompted. Initialization process starts and takes some time to
complete.

 Once registration is done. We can Login to Nessus (using your credentials as created before).

To perform a vulnerability scan, click on New Scan on the top-right corner of the Nessus

interface.

Select the type of scan that we are intended to perform on the target machine. In this case, let
us choose Basic Network Scan.

Provide the necessary details (Name of your scan, IP address of the target are mandatory) and
save the profile.

 We can see that the scan name is listed under My Scans tab. Click on the play button to start
the scan.

 Click on the scan to view identified vulnerabilities

Click on those vulnerabilities for detailed information regarding the risk.

To document the results, click on the export button located on the top right corner.