Vulnerability scanning software Nessus Use tutorial

Nessus is a powerful and easy-to-use remote security scanner that is not only free but also very fast to update. The function of the security scanner is to conduct a security check on the specified network to find out if there are any vulnerabilities in the network that are causing the opponent to attack. The system is designed as a client/sever mode, the server side is responsible for security checks, the client is used to configure the Management Server side. The server also employs a plug-in system that allows users to join plug-ins that perform specific functions, which allow for faster and more complex security checks. In Nessus, a shared information interface, known as the Knowledge Base, is used to save the results of previous checks. The results of the check can be saved in several formats, such as HTML, plain text, LaTeX (a text file format), and so on.

See Nessus released the latest version: 4.2.0, and my laptop installed or 4.0.2, so downloaded a, installed in the virtual machine to see.

On the Nessus Ranger will not say, as the planet's most well-known network hidden trouble scanning system (and can be used for free), Nessus incredibly no Chinese version ... This point ... The following I simply say Nessus 4.2.0 installation, use.

I downloaded the version of Nessus 4.2.0 for Windows, widely used in Windows XP, 2003, Vista, 2008 & 7, with the bit and the bit can be used to download according to their own needs, I downloaded the bit.

Installation does not say, I believe that look at the city, if not--suggest looking for a basic look at Windows:)

After loading, select in the menu:

Of course, you need to get a "activation Code", which is OK after clicking on the "main interface" in the image above.

Next, need "Update Plugins", simply is to upgrade plug-ins, that is, the vulnerability of the library upgrade. Need a long cycle, need to wait, calm waiting ... Can be in the Forum irrigation, can sneak on the farm dishes! In short time longer, need to calm down!

After the upgrade, click "Manage Users" on the map to add a account that belongs to you. Add an interface to the following figure:

Nessus 4.2.0 and previous version 4.0.2 the biggest difference is from C/s mode to B/s mode, that is, you can access the system directly through the browser, and no need to install an executable file, remote computer can also be accessed. After the above account is added, open the browser, enter your installation Nessus host address, mainly HTTPS rather than HTTP access, port is 8834, such as my access address is: https://192.168.1.121:8834/, Enter the account number and password just added to OK.

The main interface has 4 buttons, namely: Reports (Report), Scans (scan), Policies (strategy), User (users), in fact, is also very simple, at a glance can see what role. In user we can manage users, add, modify, delete accounts, such as: User→add will be prompted:

Enter the relevant information, of course, you can choose whether this account is Administrator (Admin).

To conduct a security assessment, you first need to develop a scan policy, and then add a scan range before you can scan, and the scan is complete to view the report. Is the use of several buttons mentioned above. Here we add the scanning strategy: Policies→add

Basically, just write "Name" and if you choose visibility as shared, others can use your strategy to scan. Fill in the "next" to see the following interface:

I want to scan the Windows host now, then select "Windows Credentials" on the top, and the following can be empty. Then "Next"

Select "Families" can be what you want to scan the device, in fact, if only to scan the Windows host running Web services, select the following four. After the selection of "next", the next step can set the database information, do not write, direct "Submit" on the completion.

After adding a policy, add a scan task, Scans→add

Enter the name of the scan task, select the policy we have just established, enter the scanning target (IP or domain name) after the point "Launch Scan", the scanning task began! Honey, we're scanning now! Beginner excited? Hey

After a while scan, scanning process can be in the "Scans" and "Reports" view status, after scanning can be seen under Reports under the status of "Completed."

When you double-click WEB Server-Youxia, you can view the report.

The "Download report" on the left can be used to download evaluation reports, and show Filters can set up filters, such as displaying only high-level alerts, which can be accurately filtered according to threat levels.

Double-click "Host" to list detailed vulnerability assessment reports. If there is a threat to which port, what is the level? You can still be here. Double-click a port to display details. I'm here to choose 1433. Double-click to List 3 high-level alarms.

Double-click one to display the details.

Summary, description, program, CVSS, CVE number, of course, you can choose "Download" to export your generated log to the local save, so more convenient analysis.

All right, everybody, Nessus 4.2.0 here, mainly compared with the previous version, the evaluation personnel console from C/s into B/s, more suitable for large projects and more collaborative evaluation, interface is more friendly. Are you tempted?