1. Vulnerability Scanner
2. Port Scanner
3. Host | Device detection
4. Can be used to scan NETBIOS (Windows|Samba) servers
5. Profiles (Scan Policies) for target scans, with specific exploits to query
6. Reporting
7. Client/Server enabled; multiple clients may use the central Nessus server
8. Client support for Windows, Linux, etc.
9. Runs as a service, awaiting inbound PenTest requests
10. Penetration testing tool
11. Nessus can be automated
12. Supports plug-ins for vulnerability signatures
13. Supports parallel scanning of targets
Tasks:
1. Download Nessus from nessus.org and install
2. Register nessus using 'nessus-fetch', with provided code
a. /opt/nessus/bin/nessus-fetch --register A65E-5116-4D76-FCD5-FF2A
3. Install Nessus Client and Explore the interface
a. rpm -Uvh NessusClient*
4. Perform a PenTest of the localhost
5. Perform a PenTest of the local network
6. Evaluate results
Note: Nessus will auto-update its plug-ins after registration, every 12-hours
No comments:
Post a Comment