search

Installing and Starting Nessus

Let's see how we can download and set up Nessus for its first use so that we can start learning its various features. Feel free to follow along and set up a Nessus instance on your own VM. For the interactive portions of this module, we provide a lab instance of Nessus and another with OpenVAS installed.

hashtag
Downloading Nessus

To download Nessus, we can navigate to its Download Pagearrow-up-right to download the correct Nessus binary for our system. We will be downloading the Debian package for Ubuntu for this walkthrough. Nessus download page showing Nessus-8.15.1-ubuntu910_amd64.deb for Ubuntu 9.10/10.04, 46.3 MB, dated Aug 10, 2021.

hashtag
Requesting Free License

Next, we can visit the Activation Code Pagearrow-up-right to request a Nessus Activation Code, which is necessary to get the free license

Nessus Professional offers free trial and purchase options for security pros. Nessus Essentials is a free vulnerability scanner for educators and students, allowing scanning of 16 IPs.

Nessus activation code prompt: 'Need an Activation Code? Get Activation Code button to complete installation.

hashtag
Installing Package

With both the binary and activation code in hand, we can now install the Nessus package:

Getting Started with Nessus

hashtag
Starting Nessus

Once we have Nessus installed, we can start the Nessus Service:

Getting Started with Nessus

hashtag
Accessing Nessus

To access Nessus, we can navigate to https://localhost:8834. Once we arrive at the setup page, we should select Nessus Essentials for the free version, and then we can enter our activation code: Nessus welcome screen with options to select product: Nessus Essentials, Nessus Professional, Nessus Manager, Managed Scanner. Nessus Essentials is selected.

Once we enter our activation code, we can set up a user with a secure password for our Nessus account. Then, the plugins will begin to compile once this step is completed: Nessus initializing screen: 'Please wait while Nessus prepares files to scan your assets. Downloading plugins...'

Note: The VM provided at the Nessus Skills Assessment section has Nessus pre-installed and the targets running. You can go to that section and start the VM and use Nessus throughout the module, which can be accessed at https:// < IP >:8834. The Nessus credentials are: htb-student:HTB_@cademy_student!. You may also use these credentials to SSH into the target VM to configure Nessus.

Finally, once the setup is complete, we can start creating scans, scan policies, plugin rules, and customizing settings. The Settings page has a wealth of options such as setting up a Proxy Server or SMTP server, standard account management options, and advanced settings to customize the user interface, scanning, logging, performance, and security options.

Nessus Advanced Settings page showing tabs for User Interface, Scanning, Logging, Performance, Security, and Miscellaneous. Settings include Allow Post-Scan Editing set to Yes, Disable API set to No.
PreviousNessusNextNessus Scan Types

Last updated