Vulnerability Scanning with Nessus
Enumeration
Overview
Using Nessus Professional for comprehensive vulnerability scanning and assessment.
0
Exercises
0
Flashcards
1
Mind Maps
Cheatsheet
Start Nessus
sudo systemctl start nessusd # Start Nessus service # Browse to https://localhost:8834 # Access web interface
Scan Types
- Basic Network Scan: General purpose
- Advanced Scan: Customizable
- Web Application: Web-focused
- Credentialed Scan: With creds for deeper checks
Key Settings
- Discovery: Ping, ARP, TCP/UDP
- Assessment: Accuracy vs speed
- Credentials: SSH, SMB, WinRM
Export
Export as .nessus, CSV, or HTML # Export report formats
Command Examples
Common Pitfalls
- Running without credentials misses many vulns
- Not validating scanner findings manually
- Overwhelming network with aggressive scans
Exam Survival Tips
- Use for initial recon, not as sole source
- Credentialed scans find more issues
- Cross-reference CVEs with searchsploit