To install Nessus in Kali Linux, open a browser and navigate to the Nessus evaluation page at https://www.tenable.com/try. The evaluation version comes with all the features of the full version, except for a 16-IP limitation scan.

You will be required to register with Tenable so that an evaluation code can be sent to your email.

Once you have received the email with your evaluation code, you can then download the appropriate version of Nessus in Kali Linux, as shown here:

Select the version of Nessus to install, click on Accept to agree with the Nessus usage terms, and then save the Nessus download by clicking on the Save File option when prompted. This will save the file to your Downloads folder in Kali Linux. For this instance, I've selected the 64-bit version of Nessus (Nessus-7.1.3-debian6_amd64.deb).

Once the download has completed, open a new Terminal and change to the Downloads directory by typing cd Downloads. Type ls to view the contents of the Downloads directory. Doing this will also be useful as we can copy the name of the Nessus download file and paste it in the following command. We then install Nessus by typing dpkg –i Nessus-7.1.3-debian6_amd64.deb, as follows:

While still within the Downloads folder, start the Nessus service by typing service nessusd start. Enter your password for Kali Linux when prompted, as follows:

To use Nessus, open your browser and type the https://localhost:8834 URL in the address bar and press Enter. When the insecure warning banner is displayed, click on the Advanced button, then click on Add Exception, then lastly click on Confirm Security Exception, as shown here:

Follow steps 1-3 as prompted by first creating an account, specifying a username and account, and then clicking on Continue.

In step 2, leave the default Scanner Type option set to Home, Professional, or Manager, and paste the activation code you received via email into the Activation Code field. Click on Continue to proceed. If all is well, Nessus will begin initializing by downloading and compiling the required plugins, as shown here:

Once all updates have been completed, the Nessus interface will be loaded. Click on the New Scan button in the top-right corner to view all scan types available, as seen in the following screenshot:

There are a variety of scan templates to choose from, apart from a few that are only available with a paid subscription. In addition to performing host discovery and advanced scans, Nessus can perform many types of advanced vulnerability scans, including the following:

• Cloud infrastructure scanning
• Local and remote bad shell detection scanning
• Internal PCI network scanning
• Linux and Windows malware scanning
• Spectre and Meltdown scanning
• Wannacry ransomware scanning
• Web vulnerability scanning

Some of these are shown in the following screenshot:

For this assessment, I'll be using a vulnerable Linux web server for the purpose of demonstrating vulnerability disclosure. As mentioned in Chapter 2, Setting Up Your Test Lab, you can choose to set up Metasploitable 2, Metasploitable 3, Damn Vulnerable Linux, or even BadStore.

Click on the Advanced Scan template in the scanner window and populate the fields in the BASIC section. In the Targets field, specify the host or range of hosts to be scanned using the Advanced Scan template, as shown here:

Explore the other sections of the left-hand column, as there are a number of different settings. Each of these allows you to customize the scan to fit your specific requirements:

• Discovery: Nessus utilizes a number of different methods for discovering live hosts. Here you can set specific parameters for host discovery.
• Assessment: This allows you to set the type and depth of scan.
• Reporting: When it is time to prepare a penetration testing report, having detailed information about the vulnerability scan is important. This feature allows you to set the reporting parameters.
• Advanced: The advanced settings allow you to change the number of hosts scanned at once, and other timing parameters.

Once you have configured your scan, you may either select Save or Launch. You will now see your scan listed under My Scans.

Click on the Play icon to the right of your given scan name. This will run the scan. If you click on the scan name while it is running, you will see the hosts and general vulnerability information, as follows:

Clicking on the host brings you to a more detailed list of vulnerabilities discovered. The vulnerabilities are color-coded as follows:

• Red – critical
• Orange – high
• Yellow – medium
• Green – low
• Blue – informational

As seen in the following screenshot, the scan results show a total of 70 vulnerabilities discovered, of which 6 are critical and 17 are high, meaning that this machine is highly vulnerable:

Clicking on the colored vulnerability categories displays the vulnerabilities in order of most vulnerable (that is, critical), to least vulnerable (informational):

Clicking on a vulnerability gives the tester more detailed information about the vulnerability, as shown here:

This information includes not only information about the vulnerability, but also information on whether there is an exploit available. This allows the penetration tester the ability to craft additional attacks against these vulnerabilities:

Nessus is a powerful tool to use in any penetration testing engagement. It provides a great deal of information and functionality that could not be addressed in this section. It is recommended that you spend some time getting to understand the features available and how to use them. In addition, Tenable has made the home version free of charge for you to test. In the event that you have external IPs, or are using Nessus for a client, you will have to use the paid version.