Friday, 20 May 2011

Easy Nessus scan for a beginner with Backtrack 5

I have got to say that the inclusion of Nessus in Backtrack 5 is great. This makes performing a basic vulnerability scan easy.

UPDATE: - In Backtrack 5 R1 you will need to additionally download and install Nessus, which I have briefly described in the following post

The rest of the setup

1) Get a free home-use key on the Tenable/Nessus website

2) Enter the key as follows

/opt/nessus/bin/nessus-fetch --register xxxx-xxxx-xxxx-xxxx

3) Create a user and password (and hit enter to skip the rules)


4) Start the service

/etc/init.d/nessusd start

5) Start the scan, and view the report


The Nessus user-interface is so straight-forward that don't think there is any point in me describing where to click or what to put in. Just play with it for a minute or two and you should see how it works.

Using Nessus to scan a set of machines really is a no-brainer. Here is a sample report (This XP systems needs patching ;o)

Whilst this is no substitute for a Penetration test, a basic vulnerability scan can certainly help identify computers that are missing patches, or have poor configurations.

1 comment:

  1. This comment has been removed by a blog administrator.