ComputerSecurityStudent (CSS) [Login] [Join Now]




|SECURITY TOOLS >> NESSUS >> Current Page |Views: 3152

(NESSUS: Lesson 4)

{ Install Nessus on Kali Rolling Edition }


Section 0. Background Information
  1. What is NESSUS?
    • Tenable Network Security provides enterprise-class solutions for continuous monitoring and visibility of vulnerabilities, configurations, user activity and system events that impact security and compliance.

    • Nessus features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture

  2. Pre-Requisite
  3. Lab Notes
    • In this lab we will do the following:
      1. Install Nessus.
      2. Start the Nessus service
      3. Configure Nessus certificate
      4. Login Nessus

  4. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2013 No content replication of any kind is allowed without express written permission.

 

Section 1: Login to Kali
  1. Start Up VMWare Player
    • Instructions:
      1. Click the Start Button
      2. Type Vmplayer in the search box
      3. Click on Vmplayer

     

  2. Edit the kali2 VM
    • Instructions:
      1. Select kali2 VM
      2. Click Edit virtual machine settings

     

  3. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Network Adapter
      2. Click on the Bridged Radio button
      3. Click on the OK Button

     

  4. Play the kali2 VM
    • Instructions:
      1. Click on the kali2 VM
      2. Click on Play virtual machine

     

  5. Supply Username and Password
    • Instructions:
      1. Provide username 
      2. Provide password
      3. Click the Log In Button
     
Section 2: Bring up a console terminal
  1. Open a Terminal Emulator
    • Instructions:
      1. Click the Kali Icon in the upper left corner
      2. Search for the string root terminal
      3. Click on the Root Terminal Emulator Icon

     

  2. Authentication
    • Instructions:
      1. Supply Password
      2. Click the Authenticate Button

     

  3. Obtain the IP Address
    • Instructions:
      1. ifconfig -a
      2. Record your IP Address
    • Note(FYI):
      • My IP address 192.168.1.94.
      • In your case, it will probably be different.
      • Run "dhclient -v" if you do not have an IP address.

 

Section 3: Download Nessus
  1. Download Nessus
    • Instructions:
      1. cd /var/tmp
      2. wget www.computersecuritystudent.com/SECURITY_TOOLS/NESSUS/lesson4/Nessus-10.7.0-ubuntu1404_amd64.deb
      3. ls -l Nessus*
    • Note(FYI):
      1. "/var/tmp" is a common place to download files.
      2. That latest version of Nessus can be retrieved from the Tenable website. 
        • http://www.tenable.com/products/nessus/select-your-operating-system
      3. Use "ls" with the "-l" option to long list or provide details (e.g., permissions, ownerships, byte size, date, filename) of the Nessus deb (i.e., Debian Package) file you just downloaded.
     
Section 4: Install Nessus
  1. Install Nessus
    • Instructions
      1. cd /var/tmp
      2. ls -l Nessus*
      3. dpkg -i Nessus*
    • Notes
      • #1, Change Directory (cd) into the (/var/tmp) directory.
      • #2, Use (ls -l) to long list the details of the Nessus package.
      • #3, Use (dpkg -i) to install the Nessus package. 
      • For steps #2 and #3 I am using a the wildcard(*) just encase the version changes.

     

  2. Start Nessus
    • Instructions
      1. /bin/systemctl start nessusd.service
      2. ps -eaf | grep -v grep | grep nessusd
      3. netstat -naop | grep -i ":8834"
    • Notes
      1. #1, The script (/bin/systemctl start nessusd.service) provides the ability to start, stop and restart the Nessus Application.
      2. #2, Use the process (ps) command to display all (-eaf) running processes.  Use (grep -v grep) to ignore (-v) any lines that contain the actual grep process.  Use (grep nessusd) to display only lines that contain the (nessusd) process.
      3. #3, Use (netstat) to display all (-a) numeric (-n) network connections and list timers (-o) and process IDs (-p).

 

Section 5: Configure Firefox Downloads
  1. Start Firefox Instance
    • Instructions:
      1. Click the Kali Icon
      2. Search for firefox
      3. Click the FireFox ESR Icon

     

  2. Enable Menu Bar
    • Instructions:
      1. Left Click by the Home Icon
      2. Select the Menu Bar

     

  3. Enter Setting
    • Instructions:
      1. Select Edit
      2. Select Settings

     

  4. Configure Downloads
    • Instructions:
      1. Search for downloads
      2. Select Always ask you where to save files

 

Section 6: Obtain Nessus Activation Code
  1. Obtain Registration Code
    • Instructions:
      1. Place the following URL into Firefox
        • http://www.tenable.com/products/nessus-home
      2. Supply First Name
      3. Supply Last Name
      4. Supply Email
      5. Click the Register Button

     

  2. Thank You For Registering
    • Note(FYI):
      1. You will receive an email from Nessus containing your registration Key.

 

Section 7: Registered Nessus
  1. Invalid Certificate Warning
    • Instructions:
      1. Navigate to https://127.0.0.1:8834/
      2. Click the Advanced button
      3. Click the Accept the Risk and Continue button

     

  2. Initialization
    • Notes(FYI):
      1. This will take 3 to 5 minutes

     

  3. Get an activation code
    • Instructions:
      1. Skip the First Name, Last Name, and Email inputs.
      2. Click the Skip Button
    • Notes(FYI):
      1. Per (Section 6, Step 2) you should have received an email with an activation code.

     

  4. Register Nessus
    • Instructions:
      1. Activation Code: Paste Activation Code
      2. Click the Continue Button
    • Note(FYI):
      • Per (Section 6, Step 2) the Activation Code should have been sent to your email address that you supplied earlier.

     

  5. License Information
    • Instructions:
      1. Your activation code will be displayed
      2. Click the Continue button

     

  6. Nessus Account Setup
    • Instructions:
      1. Username: student
      2. Password: Supply Password
      3. Click the Continue Button

     

  7. Nessus Plugin Download
    • Notes(FYI):
      1. The download will take between 1 to 5 hours.

     

  8. Nessus Expert Trial
    • Instructions:
      1. Notice Plugins are updating
      2. Close the Nessus Export Trial message

     

  9. Updating Nessus Plugins (Part 1)
    • Notes(FYI):
      1. The pinwheel indicates that plugins are being downloaded.
      2. This process will take between 1 to 5 hours.
      3. Scanning will not be available until complete.

     

  10. Updating Nessus Plugins (Part 2)
    • Notes(FYI):
      1. The pinwheel indicates that plugins are being downloaded.
      2. This process will take between 1 to 5 hours.
      3. Scanning will not be available until complete.

     

Section 8: Login to Nessus
  1. Login To Nessus
    • Instructions:
      1. Login: student
      2. Password: Supply Password
      3. Click the Sign In Button

     

  2. Finished Compiling
    • Note(FYI):
      1. Nessus will display a message that the "Plugins are done compiling"
      2. Notice the "Create a new scan" like is clickable an no longer grayed out.

 

Section 9: Proof of Lab
  1. Open a Terminal Emulator
    • Instructions:
      1. Click the Kali Icon in the upper left corner
      2. Search for the string root terminal
      3. Click on the Root Terminal Emulator Icon

     

  2. Authentication
    • Instructions:
      1. Supply Password
      2. Click the Authenticate Button

     

  3. Proof of Lab
    • Instructions
      1. dpkg --get-selections nessus
      2. netstat -nao | grep 8834 | grep -v grep
      3. date
      4. echo "Your Name"
        • Put in your actual name in place of "Your Name"
        • e.g., echo "John Gray"
      5. date
    • Proof Of Lab Instructions:
      1. Press the PrtScn key
      2. Paste into a word document
      3. Upload to Moodle

 

Section 10: Log Out of Nessus
  1. Logout of Nessus
    • Instructions:
      1. Click on the student user icon
      2. Click Sign Out

 



Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth