How to Install and Use Nessus Vulnerability Scanner on Kali Linux
Nessus is one of the most comprehensive network security and vulnerability scanners by Tenable Network Security. It is one of the most popular client-server framework tools used by hackers and widely deployed by information and computer security experts to scan for vulnerabilities in a target host. In this article, we will learn how to install and use Nessus vulnerability scanner on Kali Linux.
This free vulnerability scanner is available as a software package that you can install on your computer or as a pre-configured VM. The wide variety of plugins that Tenable has is that makes Nessus such a great tool that can interface with almost any networked device to scan for vulnerabilities in a target host.
Features of Nessus Vulnerability Scanner
Nessus has many vulnerability scanning tools that support penetration testing activities that you will need, especially if you pursue hacking beyond the basics. They include:
- It scans for and identifies vulnerabilities that allow you to access a computer system’s information.
- It checks the system for any known but unpatched vulnerabilities in computer software.
- It tries logging into hosts, services, and accounts using common and defaults passwords.
- Carries out configuration audits, vulnerability analyses, and mobile device audits, and reports them in customized formats.
Downloading Nessus on Kali Linux
On your Kali Linux browser, go to the Tenable website and download Nessus. Select the right operating system (Debian 6, 7, 8 / Kali Linux 1 AMD64) then agree to the terms of service for the download to begin. The file is about 36 megabytes.
When the download is complete, the next step is to install it from the shell. Initialize the terminal then change the working directory to the location of the downloaded .deb package. Use the following command to install the package:
dpkg -i Nessus-6.9.3-debian6_amd64.deb
If the file you downloaded has a different name or version, be sure to rectify it on the command line. The installation process should begin.
Once the installation is complete, you should see a message that all plugins have been loaded and tips on how to start Nessus as well as where to configure your scanner. Note these two details because they are important.
Initializing Nessus Vulnerability Scanner
The first thing we will do is get a Nessus license, an activation code that we will use down the line. On your browser, go to the Tenable website and register for a Free Nessus Home activation code.
Enter the following command on your Kali shell to start the back-end Nessus server:
# /etc/init.d/nessusd start
You will need to use this command every time you start Nessus on Kali Linux. You should see a message: “Starting Nessus:”
The next step is to set up Nessus. On your browser, go to:
You should get a message that the connection is not safe or the certificate invalid. Just accept the self-signed cert and proceed to the Nessus page where you will see a welcome message. Click continue to create a login ID to use the scanner.
Note the username and password you choose because you will need it later to log into the front-end of Nessus scanner.
In the next screen, you will be prompted to enter the activation code. Choose to register Nessus (Home, Professional or Manager) and enter the activation code that was emailed to you then click continue. If the secret activation code is valid, Nessus should then automatically connect and begin downloading updates as well as the latest plugins. Note that it might take a while.
Using Nessus Vulnerability Scanner
You will be prompted to enter the login details you created earlier when the download is complete. Load the web interface, and the page will automatically take you to the Scan Queue. Because Nessus is a straightforward tool, scanning for vulnerabilities is easy. You will find almost everything you need right on the top menu of the application.
On the Scan Queue, on the sub-menu to the right of the page, click New Scan to open a New Scan Template page. This is where you will set up your scan target. Give the new scan an appropriate name then select Run Now and under policy select Internal Network Scan.
Under the Scan Target, you will enter the IP address of the host you want to scan or enter multiple IPs separated by commas. Nessus also allows you to scan an address range such as 192.168.0.1-100 or an entire subnet such as 192.168.0.1/24. When done filling the template details, click Run Scan at the bottom of the page and Nessus will do its thing.
You will automatically be taken back to the Scan Queue page when the scan begins. On this page, you can keep track of the progress of the scan and any other scans in progress. If you want to see more details about the scan, you can click on the scan in progress to view the progress on the Summary page. Note that the information on the summary page may not be automatically refreshed.
When the scan is complete, the Summary page will contain the details of the scan including the individual summaries of all the hosts you entered in the Scan Target field of the Scan Template. This information will be saved such that you can access it later by simply clicking on the Results tab on top of the page.
The scan summary will contain information about the scanned targets including all the vulnerabilities discovered in the host scanned. When you click on the host, you will be able to see an even more specific listing of the vulnerabilities discovered along with brief explanations of the information gathered during the scan.
When you click on vulnerability information, it will take you to a page with even greater details about the vulnerability including descriptions and Security Bulletin Numbers. Nessus often lists Windows-specific vulnerabilities by this number that corresponds with known vulnerabilities within Metasploit. This will make it easy for a hacker to easily find out how such a vulnerability analysis can be turned into an exploit.
Installing and Using Nessus on Kali Linux – Video Tutorial
Below is a video tutorial on how to install Nessus on Kali Linux. It is pretty well explained and easy to follow.
Although Nessus is one of the most powerful vulnerability scanners, particularly for UNIX-based systems, there are few other alternatives you can try. Some of my favorites are:
OpenVAS is an excellent open source vulnerability scanner that was forked from the last freeware version of Nessus. Its plugins are still written in the Nessus language (NASL). The project was down for awhile, but it’s on the right track again.
Although Shodan is not a vulnerability scanner tool, it’s an excellent search engine for finding specific computers (servers, routers, etc.) using an array of filters. Some have also described it as a search engine of banners with public port scan directory.
Metasploit Community Edition
Acunetix web vulnerability scanner audits your and web applications and website security for SQL injection, XSS, and other vulnerabilities.
Core Impact is not cheap (it costs at least $30.000), but it’s widely considered to be the most capable vulnerability scanner and exploitation tool available. It has a large database of professional exploits that is regularly updated.
Other Vulnerability Scanners
You have had a first-hand experience using Nessus Vulnerability Scanner to scan for vulnerabilities on a target host. You should understand now why Nessus is the most trusted and preferred scanner on the market. It is simple to use, accurate, and reliable. The results are very detailed and exploiting found vulnerabilities is easier with Security Bulletin numbers when you scan a Windows host.
In the future, when you want to extend your vulnerability scanning, you can upgrade to the Nessus Manager or Nessus Cloud tools to have even more potent tools at your fingertips. Tenable also has several other great tools that you should discover including the Security Center Continuous View and the Passive Vulnerability Scanner which are used by IT organizations to put in place continuous monitoring solutions and to gather operational and vulnerability data through scanning, logging, and sniffing.
Did you find this tutorial useful? What are your favorite vulnerability scanner tools? Share your thoughts in the comments below.