How to Use Nessus for Vulnerability Scanning on Ubuntu 22.04

Nessus is one of the most popular and widely used vulnerability scanners worldwide. Developed by Tenable, Inc., Nessus provides a comprehensive solution for identifying vulnerabilities, allowing organizations and individuals to detect and address potential security threats in their network infrastructure. With Nessus, you can conduct in-depth security analysis, covering a range of tasks from simple vulnerability detection to complex compliance checks.

Versions of Nessus: Essentials, Professional, and Expert

• Nessus Essentials. A free version intended for home users and those new to the security field. This version provides basic scanning and vulnerability detection features.

• Nessus Professional. A paid version designed for security professionals and large organizations. It offers advanced features like large network scanning, integration with other security systems, and additional analysis and reporting tools.

• Nessus Expert. A premium version that includes all Professional features, along with additional tools and capabilities such as cloud scanning support, integration with security incident management systems, and further customization options.

Nessus Vulnerability Scanning Features

• Vulnerability Detection. Nessus detects vulnerabilities across different systems and applications based on its extensive vulnerability database.

• Compliance Checks. Nessus performs checks to ensure compliance with various security standards and regulations.

• Integration with Other Systems. It can integrate with incident management systems, log management systems, and other security tools.

• Cloud Server Scanning. Nessus Expert offers scanning capabilities for cloud environments such as AWS, Azure, and Google Cloud.

• Data Visualization. Nessus includes dashboards and reports for visualizing scan results.

• Regular Updates. Nessus continuously updates its vulnerability database to keep up with emerging threats.

• Flexible Configuration. It provides customization options to tailor the scanning process to specific environments.

Installing Nessus

You can install Nessus on Ubuntu in two ways: as a Docker container or as a .deb package. Here’s a step-by-step guide for both methods.

Installing Nessus on Ubuntu via Docker

1. Preparation

First, ensure that Docker is installed on your system. If Docker isn’t installed, follow this guide to install Docker on Ubuntu 22.04.

2. Download the Nessus Image

Download the latest Nessus image from Docker Hub by running:

docker pull tenable/nessus:latest-ubuntu

The download process may take around 10 minutes.

3. Create and Start the Container

Once the image is downloaded, create and start the container with:

docker run --name "nessus_hostman" -d -p 8834:8834 tenable/nessus:latest-ubuntu

Here:

• --name "nessus_hostman" sets the container's name.

• -d runs the container in detached mode (background).

• -p 8834:8834 maps port 8834 of the container to port 8834 on the host, making Nessus accessible at localhost:8834.

If you need to restart the container after stopping it, use:

docker start nessus_hostman

Installing Nessus on Ubuntu as a .deb Package

1. Download the Installation Package

Start by downloading the installer for Ubuntu with:

curl --request GET \
  --url 'https://www.tenable.com/downloads/api/v2/pages/nessus/files/Nessus-10.6.1-ubuntu1404_amd64.deb' \
  --output 'Nessus-10.6.1-ubuntu1404_amd64.deb'

2. Install Nessus

With the installation file downloaded to your current directory, use dpkg to install Nessus:

sudo dpkg -i ./Nessus-10.6.1-ubuntu1404_amd64.deb

3. Start the Nessus Service

After installing, start the nessusd service:

sudo systemctl start nessusd.service

4. Verify the Nessus Service

Check if nessusd is active and running without errors:

sudo systemctl status nessusd

You should see the status: Active: active (running).

5. Accessing Nessus in a Browser

Now, access Nessus by opening a browser and navigating to:

https://localhost:8834/

Port 8834 is the default port for Nessus. Most browsers will show a security warning when accessing Nessus, but it’s safe to proceed by clicking Advanced and continuing to the site.

Initial Setup of Nessus

1. Navigate to the Setup Page. After starting the container, open your browser and go to https://localhost:8834. You’ll see a loading screen as necessary components are downloaded.

2. Register on the Tenable Website. While Nessus is downloading components, register on the Tenable website to obtain an activation code. The code will be sent to the email address you provide.

3. Use the Setup Wizard

• Once components are downloaded, the setup wizard will launch. Click Continue.

• • Select Nessus Essentials.

• • Enter the activation code sent to your email.

• • Create a user account by entering a username and password.

4. Completing the Installation. Wait for the setup to finish and for all plugins to load. Once everything is complete, you’ll see the status updates on https://localhost:8834/#/settings/about/events. After this, the Nessus installation is fully set up and ready to use.

Setting Up the beeBox Server

In this guide, we’ll use the beeBox virtual machine to demonstrate Nessus’s capabilities. If you’re scanning your own server, skip this step.

After successfully installing and configuring Nessus, it’s time to test it in action. To do this, we need a target system to scan for vulnerabilities. We’ll use a virtual machine called beeBox, which is based on bWAPP (a "buggy" web application). Designed with known vulnerabilities, beeBox is perfect for security professionals, developers, and students to practice identifying and mitigating security threats.

beeBox includes the following vulnerabilities:

• Injection (HTML, SQL, LDAP, SMTP, etc.)
• Broken Authentication & Session Management
• Cross-Site Scripting (XSS)
• Insecure Direct Object References
• Security Misconfiguration
• Sensitive Data Exposure
• Missing Function Level Access Control
• Cross-Site Request Forgery (CSRF)
• Using Components with Known Vulnerabilities
• Unvalidated Redirects & Forwards
• XML External Entity (XXE) Attack
• sServer-Side Request Forgery (SSRF)

These make beeBox ideal for showcasing Nessus’s scanning capabilities.

Installing beeBox on VirtualBox

We’ll go through the installation process using VirtualBox 7.0. Steps may vary slightly for other VirtualBox versions.

1. Download the beeBox Image. Download the beeBox virtual machine image (the bee-box_v1.6.7z file) and extract it.

2. Create a New Virtual Machine. Open VirtualBox, click New, and in the Name and Operating System section:

• Enter a name for the virtual machine.

• Set the OS type to Linux.

• Choose Oracle Linux (64-bit) as the version.

3. Configure Hardware. Allocate 1024 MB of RAM and 1 CPU to the virtual machine.

4. Select a Hard Disk. In the Hard Disk section:

• Choose Use an Existing Virtual Hard Disk File.

• Click Add and select the path to the bee-box.vmdk file you extracted earlier.

5. Configure Network Settings. Before starting the VM:

• Go to Settings > Network.

• Change Attached to from NAT to Bridged Adapter to ensure the VM is on the same network as your primary machine.

6. Start the Virtual Machine. Click Start to launch beeBox.

7. Set Keyboard Layout. Once the desktop loads:

• Click on USA in the top menu.

• Select Keyboard Preferences, go to the Layouts tab, and set Keyboard model to IBM Rapid Access II.

7. Retrieve IP Address. Open a terminal in beeBox and run ip a to find the virtual machine’s IP address. You can then access the beeBox application from your main machine using this IP, confirming its accessibility.

Scanning with Nessus

Nessus General Settings

Before using Nessus to scan for vulnerabilities, it's essential to understand its interface and configuration options. The main screen is divided into two primary tabs: Scans and Settings. First, let’s take a closer look at the Settings tab.

1. About:

• Overview: Provides general information about your Nessus installation, including the version, license details, and other key information.

• License Utilization: Displays all IP addresses that have been scanned. In the free version, up to 16 hosts can be scanned. Hosts not scanned in the last 90 days will be automatically released from the license.

• Software Update: Allows you to set up automatic updates or initiate updates manually.

• Encryption Password: Lets you set a password for encrypting Nessus data. This password is crucial for data recovery if set, as data will be inaccessible without it.

• Events: Enables you to view the update history and other important events.

2. Advanced Settings:

• Contains additional configurations for Nessus. Though we won’t cover each option in detail here, you can find specifics about each setting on the official website.

3. Proxy Server:

• If your network requires a proxy server for internet access or to reach target servers, you can configure the proxy settings here.

4. SMTP Server:

• This allows you to configure an SMTP server so that Nessus can send scan result notifications and other alerts via email.

Running a Basic Scan

Now let’s move to the Scans tab. It’s essential to accurately set up the scan parameters for optimal efficiency and accuracy in detecting vulnerabilities.

1. Initiate a New Scan. On the main screen, click New Scan to open the scan creation wizard.

2. Select Scan Type. For this example, we’ll choose Basic Network Scan.

3. General Settings:

   • General: Enter a name and description for the scan, choose a folder for the results, and specify the target IP address (e.g., the IP of the beeBox virtual machine).

1. • Schedule: Set up scan frequency if desired (optional).

   • Notifications: Add email addresses to receive notifications about scan results. For this to work, configure the SMTP server in the settings.

4. Detailed Settings:

   • Discovery: Here, you can select the type of port scan—common ports (4,700 commonly used ports), all ports, or Custom for detailed port scan settings. For this example, we’ll select common ports.

• • Assessment: Choose the vulnerability detection method. We’ll use Scan for all web vulnerabilities to speed up the scan. Custom options are also available, and details for each setting are provided in the documentation.

• • Report: Set report generation parameters if needed (we’ll leave this unchanged for the example).

  • Advanced: Configure scan speed settings. You can enable or disable debugging for plugins in manual settings mode. For this example, we’ll set Default. You can find more information in the docs.

5. Additional Settings

Above the primary settings, you’ll see two tabs: Credentials and Plugins.

• Credentials: Allows you to provide credentials for accessing services on the target host (useful for finding vulnerabilities that require non-privileged access).

• Plugins: Displays the list of plugins that will be used during the scan. When using other types of scans, such as advanced scans, you can enable or disable specific plugins.

Click Save to save your scan setup, then return to the main screen. Click Launch to start the scan.

The scan is now underway, and you can monitor its progress by clicking on the scan in the Scans tab.

Viewing Scan Results in Nessus

After completing a scan, you can analyze the results by navigating to the specific scan.

The main section of the results page contains a table with detailed information on detected vulnerabilities:

• Severity: Reflects the threat level based on the CVSS (Common Vulnerability Scoring System) metric.

• CVSS: Shows the CVSSv2 metric score, indicating the risk level of the vulnerability.

• VPR: An alternative risk metric by Tenable, providing an additional risk assessment.

• Name: The name of the detected vulnerability.

• Family: The category or group the vulnerability belongs to.

• Count: The number of instances of this vulnerability.

It’s worth noting that some vulnerabilities may be grouped as Mixed.To change this grouping, go to Settings > Advanced and set Use Mixed Vulnerability Groups to No.

On the left side of the table, you’ll find information about the target host, along with a chart displaying vulnerabilities' distribution by severity level.

To explore a specific vulnerability in detail, click on its name. For example, let’s look at the Drupal Database Abstraction API SQLi vulnerability.

• Vulnerability Description: A brief description of the issue and the software version in which it was patched.

• Detection Details: Reports on vulnerability detection and recommended mitigation methods.

• Technical Details: An SQL query that was used to identify the vulnerability.

In the left panel, you can find:

• Plugin Information: Description of the plugin that detected the vulnerability.

• VPR and CVSS Ratings: Displays the severity ratings of the vulnerability according to different metrics.

• Exploitation Data: Information about the potential for exploiting the vulnerability.

• References: Useful links to resources like exploit-db, nist.gov, and others, where you can learn more about the vulnerability.

Conclusion

This guide covered Nessus's installation, configuration, and use for vulnerability scanning. Nessus is a powerful automated tool, but its effectiveness relies on accurate configuration. Remember that network and system security require a comprehensive approach; automated tools are best used alongside ongoing security education and layered defense strategies for reliable protection.