Vulnerability Scanning with Nessus

Overview of Nessus

Nessus is a powerful vulnerability scanning tool widely used by security professionals to identify and assess vulnerabilities in various systems, including operating systems, network devices, and applications. It operates on a client-server model, where the client interface allows users to configure scans and view results, while the server performs the actual scanning.

Vulnerability Scanning Process with Nessus

Nessus follows a systematic process for vulnerability scanning, which includes:

Port Scanning:
This initial step identifies which hosts are alive and which ports are open on those hosts. For example, if you scan a web server at IP address 192.168.1.10, Nessus may discover that ports 80 (HTTP) and 443 (HTTPS) are open.
Service Detection:
After identifying open ports, Nessus detects the services running on those ports, including their names and versions. Continuing with the previous example, if port 80 is open, Nessus might identify it as running "Apache HTTP Server 2.4.41".
Vulnerability Identification:
Nessus compares the discovered services and versions against a database of known vulnerabilities (such as CVEs) to identify potential issues. If the identified Apache version has a known vulnerability (e.g., CVE-2020-9490), Nessus will flag it.
Probing:
This step involves further investigation of potential vulnerabilities to confirm their existence and eliminate false positives. For example, if Nessus identifies a potential SQL injection vulnerability in a web application, it may attempt to exploit it in a controlled manner to verify its presence.

Basic Nessus Commands and Examples

Launching a New Scan:
- Step-by-Step:Log in to the Nessus web interface.
- Example: A company wants to scan its entire internal network for vulnerabilities. By launching this scan, Nessus will check all devices from 192.168.1.1 to 192.168.1.254.
Viewing Scan Results:
- Step-by-Step:After the scan completes, navigate to the "My Scans" section.
- Example: You find that 192.168.1.15 is listed with critical vulnerabilities related to outdated software.
Filtering Vulnerability Results:
- Step-by-Step:In the "Vulnerabilities" tab of your scan results, locate the filter option.
- Example: After applying this filter, you see that 192.168.1.15 has a critical vulnerability related to an unpatched version of OpenSSL.
Prioritizing Vulnerabilities with VPR:
- Step-by-Step:Navigate to the "VPR Top Threats" tab within your scan results.
- Example: You notice that a vulnerability with a VPR score of 9 (high risk) is associated with an exposed management interface on 192.168.1.20. This prioritization helps focus remediation efforts.
Generating Reports:
- Step-by-Step:Click on the "Reports" tab in the main menu.
- Example: After generating an HTML report titled "Critical Vulnerabilities Report," you can share it with your IT team for immediate remediation actions.

Conclusion

By mastering these basic commands and understanding how Nessus operates, security professionals can effectively use this tool to identify and prioritize vulnerabilities in their IT environments. Regular scanning not only helps in maintaining compliance but also strengthens overall security posture against potential threats.

Books

Podcasts

AI Software: Security Scanner

Trending

Cyber Gossip from π: In December, Data Leak / Data Breach from EU, USA, Singapore, Turkey

Dangerous Pursuit CVE-2022-2107

Merry Christmas / Happy New Year (Story: A Hidden Danger at the North Pole)

CVE-2024-56334: A Critical Vulnerability in Node.js systeminformation Library

CVE-2024-10044: SSRF Vulnerability in lm-sys/fastchat API

Vulnerability in Bitcoin : CVE-2024-38365

THJCC CTF 2024 winter -Sat, 14 Dec. 2024

Vulnerability Scanning with Nessus