What is Nessus
When doing CTF (Capture the Flag) Challenges, enumeration is the key. We typically use tools like nmap to start our enumeration and once we identify open port and then we pick the best tool to enumerate the open port. But there is a whole range of tools out there that can do it all in one shot. “Nessus” is a proprietary vulnerability Scanner developed by Tenable. The tool is free for non-enterprise use with some limitation. It utilizes plug-ins to handle different vulnerability scans. Because of these plugins it makes it easier to add new functionality to Nessus.
Nessus allows Administrators to scan their networks looking for Vulnerabilities that Hackers, Malware and virus could use for and exploit. It does this by applying 1000s checks against given environments and helps to prevent serious Data leaks. Nessus is very extendable by utilizing its plugins and scripting. So it can be used to scan Servers, Desktops, Network devices and Phones to ensure environmental security from exploits.
Lets Install Nessus with Docker
Why use Nessus in Docker
The main advantage of docker is it’s micro-services. So you can run Nessus independent of the running operating system and you can reinstall it time and time again without leaving any foot print on your running OS. This means you can even run multiple versions of Nessus container on your system.
Using Nessus in Docker has it’s own problems. For example I find the keys expire quite quickly and you need to spin it up again with the new key. I will cover adding a new key below.
Also, I have an extremely fast internet connection yet Nessus is slow to install the plug-ins. Painfully slow.
Limitations of the Free Version
The Free Version of Nessus is called Nessus Essentials is free for up to 16 IPs that you can scan with any of the tools. However, if any of the IP’s have not been scanned then for a period of time then its released and you can add a new IP to the list of 16.
Nessus usage is controlled by use of an Activation Key. As part of my testing I have received multiple keys for a single IP and I haven’t hit any limitations. However in order to first run and activate Nessus, Internet access is required.
Get Activation Key
For this write-up I will use my BlackArch Linux install that I created in an earlier post. However, BlackArch is not needed for this. Just any recent flavor of Linux with Docker installed. Nessus can be resource heavy, especially with CPU so don’t skimp on the number of cores you assign if you are using it on a VM.
Also you can review my previous post on some basic Docker set ups.
Pre install Nessus
Before we install Nessus we need to prepare a few things.
- Docker Nessus Image.
- Nessus Key.
By default Docker will pull the Nessus image and install it into /var/. So make sure you have plenty of space. At least 20Gb for some wiggle room.
Next lets pull down the latest docker image of Nessus locally.
docker pull tenbleoffical/nessus
The command to install Nessus is
docker run \ --name "nessus" \ -d \ -p 8834:8834 \ -e ACTIVATION_CODE=<activation code> \ -e USERNAME=admin \ -e PASSWORD=letmein \ tenableofficial/nessus
|docker run||Run the docker Command.|
|-d||Run docker in the background, demonize it.|
|-p 8834:8834||Forward the docker port to the local server port.|
|-e ACTIVATION_CODE||Code which we need from Nessus.|
|-e USERNAME=||Username to log in with.|
|-e PASSWORD=||Password to login with.|
|-it||Allow interactive sessions with the Docker container.|
|tenableofficial/nessus||Offical Nessus Docker Image|
After installation you can check that its running
And check that all is well inside the container.
docker logs nessus -f
Nessus Bad Activation Code
If you use a bad activation code you will see the following errors in the docker logs.
Failed to activate Nessus using code
Updating Nessus Activation Key
When using docker I found the activation code expires. Instead of spinning up a new docker image and going though the configuration which takes an age the Key can be updated inside the docker container.
Get another key using the methon above.
Presuming you created the container to be called nessus like in the example above the bellow commands will reregister nessus with a new key.
docker exec -it nessus /bin/bash /opt/nessus/sbin/nessuscli fetch --register <new activation code>
All going well, you can open firefox at “https://127.0.0.1/8834” you should see the below.
The Initialization can take some time run so go grab a coffee or two.
After some time you should get to the login page.
Login with the username and password you provided with the docker command.
That’s it for this write-up. At this stage you should have a fully working Nessus install that can be used to scan your environment. As you can see it is easy to spin up Nessus inside Docker and have such a powerful tool available. Join me in my next write up where I will do a few simple scans to get started.