Nessus Scan Types

Here we have options for a basic Host Discovery scan to identify live hosts/open ports or a variety of scan types such as the Basic Network Scan, Advanced Scan, Malware Scan, Web Application Tests, as well as scans targeted at specific CVEs and audit & compliance standards. A description of each scan type can be found here.

Basic Network Scan

1. Give it a Name, Description, Folder, and then the target

Discovery

In the Discovery section, under Host Discovery, we're presented with the option to enable scanning for fragile devices. Scanning devices such as network printers often result in them printing out reams of paper with garbage text, leaving the devices unusable. We can leave this setting disabled:

Assessment

Under the Assessment category,

1. Web application scanning can also be enabled if required,

2. Custom user agent and various other web application scanning options can be specified (e.g., a URL for Remote File Inclusion (RFI) testing):

If desired, Nessus can attempt to authenticate against discovered applications and services using provided credentials (if running a credentialed scan), or else can perform a brute-force attack with the provided username and password lists:

User enumeration can also be performed using various techniques, such as RID Brute Forcing:

If we opt to perform RID Brute Forcing, we can set the starting and ending UIDs for both domain and local user accounts:

Advanced

On the Advanced tab, safe checks are enabled by default.

• This prevents Nessus from running checks that may negatively impact the target device or network.

• We can also choose to slow or throttle the scan if Nessus detects any network congestion, stop attempting to scan any hosts that become unresponsive, and even choose to have Nessus scan our target IP list in random order: