1 Introduction
Nessus It is currently the most used system vulnerability scanning and analysis software in the world. In total, more than 75,000 organizations use Nessus as software to scan their organization's computer systems. Nessus claims to be the world's most popular vulnerability scanner, typically including thousands of the latest vulnerabilities, a variety of scanning options, an easy-to-use graphical interface and effective reporting.
2. Download
Official website download address
https://www.tenable.com/downloads/nessus?loginAttempted=true
Open the link in the Kali system browser
3. Installation and configuration
Create a new folder nessus and move the downloaded deb package to the folder
┌──(root㉿kali)-[~]
└─# mkdir nessus
┌──(root㉿kali)-[~]
└─# mv /root/Downloads/Nessus-10.6.1-ubuntu1404_amd64.deb /root/nessus
┌──(root㉿kali)-[~]
└─# ls /root/nessus
Nessus-10.6.1-ubuntu1404_amd64.deb
Execute installation command
┌──(root㉿kali)-[~]
└─# dpkg -i /root/nessus/Nessus-10.6.1-ubuntu1404_amd64.deb
……
……
……
- You can start Nessus Scanner by typing /bin/systemctl start nessusd.service
- Then go to https://kali:8834/ to configure your scanner
After the installation is complete, we need to start the Nessus service
┌──(root㉿kali)-[~]
└─# systemctl start nessusd.service
┌──(root㉿kali)-[~]
└─#
Open a browser to access the web interface
https://kali:8834/ or the ip+8834 port of the kali system
Set user name and password
Initializing
Initialization completion interface
Visit the official website to register an account to obtain the registration code. The registration code will be sent to the email address you submitted.
This is the nessus Essentials version for students (limited to 16 IPs scanned)
https://www.tenable.com/products/nessus/nessus-essentials
Open your mailbox to check the email and copy the activation code
Enter the command to get the Challenge code and copy the xxx part
┌──(root㉿kali)-[~]
└─# /opt/opt/nessus/sbin/nessuscli fetch --challenge
Challenge code: xxx
You can copy the challenge code above and paste it alongside your
Activation Code at:
https://plugins.nessus.org/v2/offline.php
┌──(root㉿kali)-[~]
└─#
Then visit the browser: https://plugins.nessus.org/v2/offline.php and enter the Challenge code and the activation code in your email to activate.
After submission, the official will give you the download address and activation certificate of the plug-in. Copy the download address of the plug-in to a new window to download. If you download it directly in this window, the activation certificate will become invalid after the page jumps.
Scroll down to download the certificate
Move the certificate and plug-in package to the nessus folder
┌──(root㉿kali)-[~]
└─# mv /root/Downloads/all-2.0.tar.gz /root/nessus
┌──(root㉿kali)-[~]
└─# mv /root/Downloads/nessus.license /root/nessus
┌──(root㉿kali)-[~]
└─# ls /root/nessus
Nessus-10.6.1-ubuntu1404_amd64.deb all-2.0.tar.gz nessus.license
Install the certificate first
┌──(root㉿kali)-[~]
└─# /opt/nessus/sbin/nessuscli fetch --register-offline /root/nessus/nessus.license
Your Activation Code has been registered properly - thank you.
┌──(root㉿kali)-[~]
└─#
To install the plug-in again, you need to run it and wait for a while.
┌──(root㉿kali)-[~]
└─# /opt/nessus/sbin/nessuscli update /root/nessus/all-2.0.tar.gz
[info] Copying templates version 202310022231 to /opt/nessus/var/nessus/templates/tmp
[info] Finished copying templates.
[info] Moved new templates with version 202310022231 from plugins dir.
[info] Moved new pendo client with version 21691 from plugins dir.
* Update successful. The changes will be automatically processed by Nessus.
┌──(root㉿kali)-[~]
└─#
Restart Nessus service
┌──(root㉿kali)-[~]
└─# systemctl restart nessusd.service
┌──(root㉿kali)-[~]
└─#
Access the web interface and wait for the update to complete
Enter the user name and password you just set and log in
The plug-in is still being compiled and the wait will take a long time, which varies depending on the hardware performance.
After the plug-in is compiled, just refresh the web interface and the Nessus installation is complete.