# Nessus Vulnerability Scanner Notes ## Installation and Setup ### Initial Installation ```bash # Install Nessus package dpkg -i Nessus-8.15.1-ubuntu910_amd64.deb # Start Nessus service sudo systemctl start nessusd.service ``` ### Access Configuration * Access web interface: `https://localhost:8834` * Get activation code: [Tenable Activation Page](https://www.tenable.com/products/nessus/nessus-essentials) * Complete initial setup: 1. Choose "Nessus Essentials" (free version) 2. Enter activation code 3. Create admin user 4. Wait for plugin compilation ## Scan Configuration ### 1. Basic Scan Setup ```markdown 1. Select "New Scan" 2. Choose scan template: - Basic Network Scan (general vulnerability scanning) - Discovery Scan (host/port enumeration) - Compliance Scan (standards checking) 3. Enter target information: - Single IP: 192.168.1.1 - IP Range: 192.168.1.1-192.168.1.254 - CIDR: 192.168.1.0/24 ``` ### 2. Discovery Settings ```markdown Host Discovery: - Disable "Scan Fragile Devices" for sensitive systems - Port scan range options: - Default - All ports - Custom (e.g., "1-1024,1433,3306,3389") Service Discovery: - Enable "Probe All Ports" for thorough scanning - Enable SSL/TLS Checks for certificate validation ``` ### 3. Assessment Configuration ```markdown Web Application Settings: - Enable web scanning - Configure user agents - Add test URLs Authentication: - SSH (Linux): - Username/Password - Public Key - Kerberos - Windows: - Domain/Username/Password - NTLM hash - Kerberos ``` ## Advanced Configuration ### 1. Custom Scan Policies ```markdown 1. Navigate to "New Policy" 2. Select base template 3. Configure: - Scanner settings - Credentials - Plugins - Compliance checks 4. Save under "User Defined" templates ``` ### 2. Plugin Management ```markdown Plugin Rules: 1. Access "Plugin Rules" in Resources 2. Define: - Plugin ID - Host/IP - Action (Hide/Recast) ``` ### 3. Performance Tuning ```markdown Network Settings: - Max hosts per scan - Max checks per host - Network timeout - Packet rate Scan Timing: - Scan window - Delay between scans - Timeout period ``` ## Scanning Best Practices ### 1. Pre-Scan Checklist ```markdown 1. Verify target scope 2. Check network bandwidth 3. Confirm maintenance windows 4. Test credentials 5. Verify firewall rules ``` ### 2. Network Impact Monitoring ```bash # Install monitoring tool sudo apt install vnstat # Monitor network interface sudo vnstat -l -i eth0 # Expected baseline traffic # rx: ~332 bit/s tx: ~332 bit/s # During scan traffic # rx: ~307.92 kbit/s tx: ~380.41 kbit/s ``` ### 3. Risk Mitigation ```markdown 1. Enable "Safe Checks" 2. Disable DoS plugins 3. Exclude sensitive systems 4. Schedule during off-peak hours 5. Monitor system resources ``` ## Reporting and Analysis ### 1. Export Commands ```bash # Using Nessus Report Downloader ./nessus_downloader.rb # Export format options: - Nessus (.nessus) - PDF - HTML - CSV - DB ``` ### 2. Report Structure ```markdown Executive Summary: - Host inventory - Vulnerability counts - Severity breakdown - CVSS scores Detailed Findings: - Plugin ID - CVE references - CVSS vector - Remediation steps ``` ### 3. Report Analysis ```markdown Priority Matrix: 1. Critical (CVSS 9.0-10.0) - Immediate remediation - Daily tracking 2. High (CVSS 7.0-8.9) - 7-day remediation - Weekly tracking 3. Medium (CVSS 4.0-6.9) - 30-day remediation - Monthly tracking 4. Low (CVSS 0.1-3.9) - 90-day remediation - Quarterly tracking ``` ## Troubleshooting Guide ### 1. Common Issues ```markdown Scan Failures: - Check target availability - Verify credentials - Review firewall rules - Monitor resource usage Authentication Issues: - Verify account permissions - Check credential format - Test network connectivity ``` ### 2. Performance Issues ```markdown Slow Scans: 1. Reduce concurrent checks 2. Adjust network timeout 3. Optimize plugin selection 4. Schedule during off-hours ``` ### 3. Debug Commands ```bash # Check Nessus service status sudo systemctl status nessusd # View Nessus logs tail -f /opt/nessus/var/nessus/logs/nessusd.messages # Test network connectivity nc -vz target_ip port ``` ## Security Considerations ### 1. Scanner Security ```markdown 1. Keep Nessus updated 2. Use strong credentials 3. Restrict scanner access 4. Monitor scanner logs 5. Regular backup of configurations ``` ### 2. Target Protection ```markdown 1. Enable safe checks 2. Test scan configurations 3. Monitor target systems 4. Document exceptions 5. Maintain change control ``` ### 3. Compliance Integration ```markdown 1. Map findings to: - PCI DSS - HIPAA - ISO 27001 - NIST 2. Document: - Scan frequencies - Exception processes - Remediation workflows ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://edu.noirchapeau.com/vulnerability-assessment-notes/nessus-vulnerability-scanner-notes.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.