Nessus Vulnerability Scanner Notes

# Install Nessus package
dpkg -i Nessus-8.15.1-ubuntu910_amd64.deb

# Start Nessus service
sudo systemctl start nessusd.service

1. Select "New Scan"
2. Choose scan template:
   - Basic Network Scan (general vulnerability scanning)
   - Discovery Scan (host/port enumeration)
   - Compliance Scan (standards checking)
3. Enter target information:
   - Single IP: 192.168.1.1
   - IP Range: 192.168.1.1-192.168.1.254
   - CIDR: 192.168.1.0/24

Host Discovery:
- Disable "Scan Fragile Devices" for sensitive systems
- Port scan range options:
  - Default
  - All ports
  - Custom (e.g., "1-1024,1433,3306,3389")

Service Discovery:
- Enable "Probe All Ports" for thorough scanning
- Enable SSL/TLS Checks for certificate validation

Web Application Settings:
- Enable web scanning
- Configure user agents
- Add test URLs

Authentication:
- SSH (Linux):
  - Username/Password
  - Public Key
  - Kerberos
- Windows:
  - Domain/Username/Password
  - NTLM hash
  - Kerberos

1. Navigate to "New Policy"
2. Select base template
3. Configure:
   - Scanner settings
   - Credentials
   - Plugins
   - Compliance checks
4. Save under "User Defined" templates

Plugin Rules:
1. Access "Plugin Rules" in Resources
2. Define:
   - Plugin ID
   - Host/IP
   - Action (Hide/Recast)

Network Settings:
- Max hosts per scan
- Max checks per host
- Network timeout
- Packet rate

Scan Timing:
- Scan window
- Delay between scans
- Timeout period

1. Verify target scope
2. Check network bandwidth
3. Confirm maintenance windows
4. Test credentials
5. Verify firewall rules

# Install monitoring tool
sudo apt install vnstat

# Monitor network interface
sudo vnstat -l -i eth0

# Expected baseline traffic
# rx: ~332 bit/s    tx: ~332 bit/s

# During scan traffic
# rx: ~307.92 kbit/s    tx: ~380.41 kbit/s

1. Enable "Safe Checks"
2. Disable DoS plugins
3. Exclude sensitive systems
4. Schedule during off-peak hours
5. Monitor system resources

# Using Nessus Report Downloader
./nessus_downloader.rb

# Export format options:
- Nessus (.nessus)
- PDF
- HTML
- CSV
- DB

Executive Summary:
- Host inventory
- Vulnerability counts
- Severity breakdown
- CVSS scores

Detailed Findings:
- Plugin ID
- CVE references
- CVSS vector
- Remediation steps

Priority Matrix:
1. Critical (CVSS 9.0-10.0)
   - Immediate remediation
   - Daily tracking

2. High (CVSS 7.0-8.9)
   - 7-day remediation
   - Weekly tracking

3. Medium (CVSS 4.0-6.9)
   - 30-day remediation
   - Monthly tracking

4. Low (CVSS 0.1-3.9)
   - 90-day remediation
   - Quarterly tracking

Scan Failures:
- Check target availability
- Verify credentials
- Review firewall rules
- Monitor resource usage

Authentication Issues:
- Verify account permissions
- Check credential format
- Test network connectivity

Slow Scans:
1. Reduce concurrent checks
2. Adjust network timeout
3. Optimize plugin selection
4. Schedule during off-hours

# Check Nessus service status
sudo systemctl status nessusd

# View Nessus logs
tail -f /opt/nessus/var/nessus/logs/nessusd.messages

# Test network connectivity
nc -vz target_ip port

1. Keep Nessus updated
2. Use strong credentials
3. Restrict scanner access
4. Monitor scanner logs
5. Regular backup of configurations

1. Enable safe checks
2. Test scan configurations
3. Monitor target systems
4. Document exceptions
5. Maintain change control

1. Map findings to:
   - PCI DSS
   - HIPAA
   - ISO 27001
   - NIST

2. Document:
   - Scan frequencies
   - Exception processes
   - Remediation workflows