In my previous post on “Install Nessus with Docker” you learned how to install Nessus. Now its time to do our Nessus First Scan. The free version of Nessus only allows us to scan up to 16 IPs. Once these 16 have been identified you cannot change it until 180 days after Nessus does the last scan of a IP.
Nessus allows Administrators to scan their networks looking for Vulnerabilities that Hackers, Malware and viruses could use and exploit. It does this by applying 1000s checks against given environments and helps to prevent serious Data leaks and exploits. Nessus is very extendable by utilizing plugs and scripting. So it can be used to scan Servers, Desktops, Network devices and Phones to ensure environmental security from exploits.
My Nessus install is based on the Docker version that I previously installed in BlackArch Linux.
First step is to open up the Nessus page and login.
Login with the username and password you provided with the docker command.
Lets run a simple network scan. After you login navigate to the My Scans folder on the right hand side of the home page. Then Select “New Scan”
Select “Basic Network Scan”
In the Settings page under basic put in the “Name” and “Target”. Make sure the “Target” matches your own network. Then Save it.
If you go back to the My Scans page you will see the new Scan job available. You can select it and Launch it.
It will take a while to run it so grab some coffee!
So 21 hosts found. There is no limit to the amount of hosts we can scan in the Basic network scan. However if deeper enumeration is needed then there is a limit of 16 hosts due to licencing constraints with the Nessus Essentials version.
So back “My Scans -> New Scan” and we will run a scan on a single host.
This time I am going to run a full scan on a docker system I set up. This docker system has a 5 containers running and I know some are vulnerable. Even the docker configuration is vulnerable.
Click on Basic Network Scan and into the General tab of the New Scan configuration screen.
In then go into the “Discovery” Section
And in the credentials sections I put in ssh username and password for the root user. You can leave out the root user part but it limits the scan. You can also use SSH keys.
So lets run it and see the results.
The results were that Nessus found 74 Vulnerabilities in total, on my docker system and 5 of those were critical ones. Critical Vulnerabilities usually mean they are exploitable remotely from the network.
I added one deliberately around Docker running as a service with no authentication and Nessus had no issues with finding it.
Nessus allows you to export the reports in many formats, pdf, csv, and HTML. This makes reporting a breeze.
Nessus Essentials is a very powerful tool in the right hands and if you have a network with less than 15 devices then it’s a very useful tool for keeping a watch on your environment. Although I liked playing with it, I will stick with nmap for Capture the flag challenges. However for pen testing, you can’t go far wrong.