Nessus 8.5 0

 admin



Nessus is a vulnerability scanner from Tenable. In this tutorial I will show how you can install Nessus on AWS (Debian), how you connect your local browser and perform a simple network scan. You need only a AWS account (eq Free Tier), SSH and a web browser.

  1. Nessus 8.5.2
  2. Nessus 8.5 0 3
  3. Nessus 8.5.0
  4. Nessus 8.5 0 X
  5. Nessus 8.5 0 +

Select options for processing events. Some options may not be available for your data source. Parsing - if you want to parse events. Enabling parsing is recommended. McAfee Enterprise Log Manager (ELM) - if you want to log the events on a ELM. McAfee Enterprise Log Search (ELS) - if you want to search event log on a ELS. SNMP Trap - if your environment requires it (this is rare). Python-nessus is under active development, and contributions are more than welcome! Check for open issues or open a fresh issue to start a discussion around a bug. Fork the repository on GitHub and start making your changes to a new branch. Write a test which shows that the bug was fixed. Send a pull request and bug the maintainer until it gets. Current Description. Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Nessus is a complete and very useful network vulnerability scanner which includes high-speed checks for thousands of the most commonly updated vulnerabilities, a wide variety of scanning options, an easy-to-use interface, and effective reporting.

Note: Please have a look on that page about pentesting on AWS first.

Nessus 8.5.1

Create new EC2 instance

Login into your AWS console (or use AWSCLI), create a new SecurityGroup with SSH port 22 only (inbound) and launch a new instance. Search for “Debian”…

Press button “Select” and finish all needed following steps (save your keys). After your EC2 instance is ready check for IP or DNS and connect.

Install Nessus

Open download page and select latest version for Debian (as I wrote this tutorial it was Nessus-8.5.1-debian6_amd64.deb). Confirm and download. Via SCP, in new terminal, you can upload the file to your EC2 instance.

Back to instance terminal … Now install and start Nessus.

Use Nessus

To make our life easier, we will create a simple SSH port-forward.

Now you can open your favourite browser with URL: https://localhost:8834.

When the initialization has been completed successfully, login and create a new scan. Select “Basic Network Scan” and add URL: http://scanme.nmap.org. Select “Basic Network Scan” and “Port scan (common ports)” for scan settings. Save and start your created scan. Please be patient, the scan will take a while.

Nessus 8.5.2

8.5.0

Nessus 8.5 0 3

8.5

Nessus 8.5.0

Create a scan report

Nessus 8.5 0 X

Nessus

Nessus 8.5 0 +

After a while, the scan is complete. Now you can create a “Custom” report. BTW … feature is only available for completed scans. So select “Export” – “Custom” and generate the report.