Activate Nessus License Command Line

0 views
Skip to first unread message

Glynis Waughtal

unread,
Aug 5, 2024, 3:44:47 AM8/5/24
to cuiswanardon
Tellthe server to only listen to connections on the address that is an IP, not a machine name. This option is useful if you are running nessusd on a gateway and if you do not want people on the outside to connect to your nessusd.

Updates Tenable Nessus plugins by using a TAR file instead of getting the updates from the plugin feed. You obtain the TAR file when you Manage Tenable Nessus Offline - Download and Copy Plugins steps.


stable: Does not automatically update to the latest Tenable Nessus version. Remains on an earlier version of Tenable Nessus set by Tenable, usually one release older than the current generally available version, but no earlier than 8.10.0. When Tenable Nessus releases a new version, your Tenable Nessus instance updates software versions, but stays on a version prior to the latest release.


Note: You cannot link a scanner via the CLI if you have already registered the scanner. You can either link via the user interface, or reset the scanner to unregister it (however, you lose all scanner data).


Copyright 2024 Tenable, Inc. All rights reserved. Tenable, Tenable Nessus, Tenable Lumin, Assure, and the Tenable logo are registered trademarks of Tenable, Inc. or its affiliates. All other products or services are trademarks of their respective owners.


Tenable One Exposure Management Platform enables you to gain visibility across your attack surface, focus efforts to prevent likely attacks, and accurately communicate cyber risk to support optimal business performance.


Kali Linux, a Linux distribution designed specifically for penetration testing, comes prepackaged with many pen test tools. Nessus provides a penetration tester with a wealth of capabilities that will assist in the engagement, such as:


To configure Nessus, follow the installation wizard. Create an administrator user account, activate with your activation code from the Tenable Support Portal and let Nessus fetch and process the plugins.


Kali Linux tools complement your Nessus installation, with everything in one place for easy maintenance. Nessus reports on host discovery, vulnerability detection and exploitability. Here are some of the ways Nessus can be used to support penetration testing:


Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.


Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.


I'm using ansible expect to create a user for my nessus (by using the nessuscli). the expect should answer few question as below (I added the numbers 1-5). My expect get stuck at number 5. the last letters of number 5 is the "(the user can have an empty rules set)" and then the next line (carriage return). This makes the issue as I dont know how to tell expect that there is a phrase that is followed by a next line. I tried \r \n and none of them worked! any healp is appreciated.


Nessus is a Vulnerability Scanning Tool developed by Tenable Incorporation. It is an open-source, subscription-based software that scans all ports on a computer/server for known vulnerabilities and exploits and presents reports in various manners.


Nessus uses a constantly updating database of exploits and vulnerabilities to scan for possible exploits. Furthermore, it is a beginner-friendly tool as it does not require advanced knowledge of operating systems or command line tools. As a result, it is one of the finest tools used for the Reconnaissance/Enumeration stage of a Security Penetration Test.


The Nessus Essentials is the free version of the Nessus tool, and it contains all the necessary tools for regular vulnerability scans. The Nessus Professional is the next best version available, providing more functionalities than the free version. It is suitable for Professional Penetration Testers and security practitioners. The last one, Nessus Expert, is the complete set of functionalities provided by Nessus and is ideal for IT departments of small enterprises, etc.


Once you have reached the Welcome screen, click on Nessus Essentials to continue with the free tier of Nessus. If you have a subscription for the Professionalor Expert tier, you can continue with that option. The installation process will be similar to this one.


Use any username of your choice and create a strong password. For example, in this tutorial, the username is Sammy. Once you proceed after this, Nessus will start installing the necessary plug-ins. Depending on your internet connection and processor capabilities, this process takes some time. Once you get the notification that plug-ins have been installed and complied successfully, you can proceed to the next step.


Click on the Basic Network Scan option, and you will be landed on the Settings page of the scan. There, under Settings, you will see different options. The following table gives a brief explanation of each setting option.


Here, you have to decide the scope of your scan. As there are 65535 ports on any network, it is only sometimes feasible to scan them all as most need to be operational. However, this is a required setting that varies from scan to scan.


To perform a Basic Network Scan, you do not have to select all ports later in this tutorial as that process will be time-consuming; therefore, we shall keep the Discovery scope to standard ports.


In this section, you must choose the vulnerabilities to assess. These are required settings, arguably the most important section of Scan settings, as it defines which kind of vulnerabilities will be scanned for the target system(the second Ubuntu machine in this tutorial). Nessus provides various options in this section as well:


We shall keep the Assessment settings to Default to complete a Basic Network Scan with minimal customization. When default is selected, Nessus will choose the best methods of stealth and enumeration available.


This section customizes the report. For example, you can select which sections to include in your scan results and choose the verbosity of your scans, depending on your disk space and other requirements.


This section provides more advanced options, such as slowing the scan requests when congestion is detected on the network. This is useful when you scan on an active network that could crash under over congestion.


The Scan low bandwidth limits options reduce the number of hosts scanned; however, they increase the timeout for each host to 15 seconds, thus, giving more time to get a response from the target machine.


These settings must be taken care of when performing scans more professionally and actively. However, for our Basic Network Scan, we shall set these settings to Default only as we are not dealing with advanced options.


Now, move to the machine with Nessus, start a new Basic Network Scan as shown in the previous section, and type in a name for the scan. Add some description if you wish. Leave the folder to My Scans, and in the Targets section, type the IP address of your target machine.


Once the scan is completed, click on it, and you will be taken to the results section of the scan. You can generate an HTML report of the scan results by clicking the Report button in the top right corner. A dialog box will open; there, choose HTML and continue. Then, the report will be downloaded to your downloads folder. On opening it in your browser, you will get a page like this.


This article provided a step-by-step guide for installing Nessus on Ubuntu 22.04 and used the same to scan another Ubuntu 22.04 target machine. We also explained the results provided by a Basic Network Scan and exported the same as an HTML report.


Anyone looking to extend their knowledge of Nessus can always refer to the Nessus Documentation. Also, to better grasp the tools of Nessus, it is necessary to have a decent understanding of Computer Networking. This could be the next step for anyone trying to get into Cyber Security.


Nessusd has a rules system which allows you to restrict the hosts that admin has the right to test. For instance, you may want him to be able to scan his own host only. Please see the nessus-adduser manual for the rules syntax.


We can see that we created a new user with username admin and password admin (which cannot be seen, because it's not shown on the screen for security purposes), and we specified the user to be administrator.


The error message says that there is no nessus-fetch.rc file present. This file is automatically created when we activate our Nessus installation with an activation code. To obtain an activation code, we must visit Nessus Activation Code and choose "Using Nessus at Home", which is shown in the picture below:


We need to click on the "Select" button and agree to the Subscription Agreement, after which we'll need to provide our first name, last name and email address. We need to enter the right information as shown in the picture below:


We can see that we've successfully registered and obtained an activation code, which is 0249-114E-2A4C-7D9D-4088. To register the Nessus installation and download all the latest plugins, we need to run the command below:


The nessusd init.d script essentially runs the nessusd or nessus-service command manually, so I guess the second option is best if something goes wrong, because it allows us to see what's happening when Nessus is starting.

3a8082e126
Reply all
Reply to author
Forward
0 new messages