Friday, 20 May 2011

Easy Nessus scan for a beginner with Backtrack 5

I have got to say that the inclusion of Nessus in Backtrack 5 is great. This makes performing a basic vulnerability scan easy.





UPDATE: - In Backtrack 5 R1 you will need to additionally download and install Nessus, which I have briefly described in the following post

http://insidetrust.blogspot.com/2011/08/setting-up-nessus-in-backtrack-5-r1.html


The rest of the setup


1) Get a free home-use key on the Tenable/Nessus website


2) Enter the key as follows


/opt/nessus/bin/nessus-fetch --register xxxx-xxxx-xxxx-xxxx


3) Create a user and password (and hit enter to skip the rules)

/opt/nessus/sbin/nessus-adduser


4) Start the service

/etc/init.d/nessusd start


5) Start the scan, and view the report

https://localhost:8834/


The Nessus user-interface is so straight-forward that don't think there is any point in me describing where to click or what to put in. Just play with it for a minute or two and you should see how it works.

Using Nessus to scan a set of machines really is a no-brainer. Here is a sample report (This XP systems needs patching ;o)


Whilst this is no substitute for a Penetration test, a basic vulnerability scan can certainly help identify computers that are missing patches, or have poor configurations.

1 comment:

  1. This comment has been removed by a blog administrator.

    ReplyDelete