Saturday, January 2, 2010



1. Vulnerability Scanner

2. Port Scanner

3. Host | Device detection

4. Can be used to scan NETBIOS (Windows|Samba) servers

5. Profiles (Scan Policies) for target scans, with specific exploits to query

6. Reporting

7. Client/Server enabled; multiple clients may use the central Nessus server

8. Client support for Windows, Linux, etc.

9. Runs as a service, awaiting inbound PenTest requests

10. Penetration testing tool

11. Nessus can be automated

12. Supports plug-ins for vulnerability signatures

13. Supports parallel scanning of targets


1. Download Nessus from and install

2. Register nessus using 'nessus-fetch', with provided code
•/opt/nessus/bin/nessus-fetch --register A65E-5116-4D76-FCD5-FF2A

3. Install Nessus Client and Explore the interface
•rpm -Uvh NessusClient*

4. Perform a PenTest of the localhost

5. Perform a PenTest of the local network

6. Evaluate results

Note: Nessus will auto-update its plug-ins after registration, every 12-hours

No comments:

Post a Comment