Nessus is a well known and popular vulnerability scanner that is free
for personal, non-commercial use that was first released in 1998 by
Renaurd Deraison and currently published by Tenable Network Security.
Nessus Configuration :
After you have downloaded and installed Nessus, open your web browser
and navigate to https://<youripaddress>:8834
Creating a Nessus Scan Policy :
Before beginning a scan, you first need to create a Nessus scan policy.
On the Policies tab, click the green Add button to open the policy
configuration window.
Running a Nessus Scan :
After you have created a scan policy, you are ready to configure a scan.
Begin by selecting the Scans tab, and then click the Add button to
open the scan configuration window.
Nessus Reports :
After the scan is complete, it will no longer appear under Scans, and
you should find a new entry under the Reports tab listing the name of
the scan.
Importing Results into the Metasploit Framework :
Now let’s import our results into the Framework.
Click the Download Report button on the Reports tab to save the results
to your hard drive.
Load msfconsole, create a new database with db_connect, and import the
Nessus results file by entering db_import followed by the report
filename.
msf > db_connect postgres:toor@127.0.0.1/msf3
msf > db_import /tmp/nessus_report_Host_195.nessus
[*] Importing 'Nessus XML (v2)' data
[*] Importing host 192.168.1.195
For a complete listing of the vulnerability data that was imported into
Metasploit, enter db_vulns without any switches.
for personal, non-commercial use that was first released in 1998 by
Renaurd Deraison and currently published by Tenable Network Security.
Nessus Configuration :
After you have downloaded and installed Nessus, open your web browser
and navigate to https://<youripaddress>:8834
Creating a Nessus Scan Policy :
Before beginning a scan, you first need to create a Nessus scan policy.
On the Policies tab, click the green Add button to open the policy
configuration window.
Running a Nessus Scan :
After you have created a scan policy, you are ready to configure a scan.
Begin by selecting the Scans tab, and then click the Add button to
open the scan configuration window.
Nessus Reports :
After the scan is complete, it will no longer appear under Scans, and
you should find a new entry under the Reports tab listing the name of
the scan.
Importing Results into the Metasploit Framework :
Now let’s import our results into the Framework.
Click the Download Report button on the Reports tab to save the results
to your hard drive.
Load msfconsole, create a new database with db_connect, and import the
Nessus results file by entering db_import followed by the report
filename.
msf > db_connect postgres:toor@127.0.0.1/msf3
msf > db_import /tmp/nessus_report_Host_195.nessus
[*] Importing 'Nessus XML (v2)' data
[*] Importing host 192.168.1.195
For a complete listing of the vulnerability data that was imported into
Metasploit, enter db_vulns without any switches.
No comments:
Post a Comment