Tuesday, 13 December 2011

### Nessus ###



 1. Vulnerability Scanner
 2. Port Scanner
 3. Host | Device detection
 4. Can be used to scan NETBIOS (Windows|Samba) servers
 5. Profiles (Scan Policies) for target scans, with specific exploits to query
 6. Reporting
 7. Client/Server enabled; multiple clients may use the central Nessus server
 8. Client support for Windows, Linux, etc.
 9. Runs as a service, awaiting inbound PenTest requests
10. Penetration testing tool
11. Nessus can be automated
12. Supports plug-ins for vulnerability signatures
13. Supports parallel scanning of targets

Tasks:
 1. Download Nessus from nessus.org and install
 2. Register nessus using 'nessus-fetch', with provided code
  a. /opt/nessus/bin/nessus-fetch --register A65E-5116-4D76-FCD5-FF2A
 3. Install Nessus Client and Explore the interface
  a. rpm -Uvh NessusClient*

 4. Perform a PenTest of the localhost
 5. Perform a PenTest of the local network
 6. Evaluate results

Note: Nessus will auto-update its plug-ins after registration, every 12-hours

No comments:

Post a Comment