With this simple tutorial I will explain how to install Nessus client (nessus) and Nessus Daemon (nessusd) and properly register it, so you don’t end up with the limitations of a non-registered version of the vulnerability scanner.
I personally use apt-, however, you may choose any other package manager.
apt-get install nessus nessusd -y
This will install the nessus client and server, and the -y is used to answer YES to the confirmation of apt-get.
We have now installed both the client and the server. Let’s proceed to the addition of a user:
gouki@8104:~$ sudo nessus-adduser
Using /var/tmp as a temporary file holder
Add a new nessusd user
Login : darknet
Authentication (pass/cert) [pass] :
Login password :
Login password (again) :
nessusd has a rules system which allows you to restrict the hosts
that darknet has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser(8) man page for the rules syntax
Enter the rules for this user, and hit ctrl-D once you are done :
(the user can have an empty rules set)
Login : darknet
Password : ***********
Is that ok ? (y/n) [y] y
About this display:
When asked about Authentication (pass/cert) [pass] : just press enter, as we will not use any.
When asked about rules for the specific user, press CTRL+D, as we will not enter any rules for the user.
Starting the Daemon:
By default, nessusd has not started. To manully force him to, you will need to do the following:
sudo /etc/init.d/nessusd start
Nessus will work without being registered, however, it will have limitations. Unnecessary limitations, since it is easily registered.
Nessus Registration page - Go here and start the proccess.
After you have entered your e-mail address, the instructions on how to register will not work on Debian-based OSs.
On the eMail from the Nessus team, you will be instructed to this path:
/opt/nessus/bin/nessus-fetch, however, the path should be replaced by
/usr/bin, making the complete registration command:
sudo /usr/bin/nessus-fetch --register XXXX-XXXX-XXXX-XXXX-XXXX
You should now have a complete and working installation of Nessus. Enjoy and remember, automatic scanners are not 1337! =)
TIP: Before starting to use Nessus, update the plugins by doing the following:
- Fitbit Vulnerability Means Your Tracker Could Spread Malware
- OWASP WebGoat – Deliberately Insecure Web Application
- WinRAR Vulnerability Is Complete Bullshit
- Some Guidelines on How to Secure your Ubuntu Installation
- Weaknet Linux – Penetration Testing & Forensic Analysis Linux Distribution
- Parrot Security OS – Debian Based Security Oriented Operating System
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 232,320 views
- AJAX: Is your application secure enough? - 119,737 views
- eEye Launches 0-Day Exploit Tracker - 85,316 views