Wednesday, January 25, 2012

Installing Nessus

Nessus is a powerfull Vulnerability Scanner. Unfortunatelly, since version 3, Nessus is no longer an Open Source software. Now the stable version available is 4.4.1

Ok, Lets get started. 
Download the installation packet from the official page at www.nessus.org
Download the package for the Ubuntu 10.04 (32 bit)
After that, just install the package like usual .deb file.
# dpkg -i Nessus-4.4.1-ubuntu910_i386.deb
At the installation this text will appear
- Please run /opt/nessus/sbin/nessus-adduser to add user
- Register your Nessus scanner at http://www.nessus.org/register/ to obtain all the newest plugins
- You can start nessusd by typing /etc/init.d/nessusd start
Lets run /opt/nessus/sbin/nessus-adduser to add user for the Nessus.
# /opt/nessus/sbin/nessus-adduser
There is a question about the user that you will created. It will ask you if the user account should have administrator privileges or not. I would reccommed that you answer yes, so you can use the user account to use the Nessus Web Interface to create other accounts.
Just fill out all the required data.


After that, lets register to the www.nessus.org/register/ to obtain the activation code. 
Go to the site
Because I won't use the paid version one (dont have money :P ) I choose Nessus for Home. Its important to know that the Home version is limited to only 16 IP addresses per scan. While the Professional allows you to scan unlimited IP addresses.
Subscripton Agreement will apear. Click "Agree"
Fill out the data required.
After that, the web will tell us that the activation code is sent to our email. Open your email and see the code.
After get the activation code, perform this command
# /opt/nessus/bin/nessus-fetch --register <your code>
After entering it, wait until it finished fetching the newest plugins. It will take some time.
After that lets start the nessus service.
# /etc/init.d/nessusd start
Open your browser and enter https://localhost:8834/
Wait until nessus initialization finished.
After the initialization finished, the login screen will appear. Login with your account that you created earlier.
And there you go, Nessus ready to put on some action.(turn on javascript and flash function on the browser).