Download Nessus Linux Command Line
Alexina Jurs
Contains the Tenable Nessus Network Monitor plugins delivered via Tenable Security Center, Tenable Vulnerability Management, the Tenable Nessus Network Monitor Feed, or updated via the command line or web interface if Tenable Nessus Network Monitor is running in Offline mode.
Now that we have outlined the basics of the command line Nmap scan (remember that when it comes to security tools the GUI is for chumps) I will now go on and build on that knowledge with some Nessus command line ninja moves.
Now that you have Nessus server installed, we want to start some scans, but instead of using the Gui client, we are going to go a step further and use the command line Nessus as our client. Actually, the Nessus gui is quite a good little tool and I have used it many times. The command line tool is appropriate for running scans from remote Linux servers that you and for scripting the scans (just like does!). ?
For novice users without developer experience, Tenable provides a command-line interface tool called navi to easily interact with the API and automate common tasks in Cyber Exposure or Vulnerability Management. With over 100 commands, navi can be used to automate and enrich VM and Asset data to provide more accurate reporting or help support more advanced use-cases.
In this guide, you will install Nessus on an Ubuntu 22.04 server. You will also learn how to set up the Nessus command line 'nessuscli' which allows you to manage Nessus from the command-line terminal. You can create and manage scans via the terminal after you have installed the 'nessuscli'.
Type command ./nessuscli chpasswd evilsaint. The system will prompt you to enter the new password. Enter the password two times as shown below. You have successfully reset your Nessus password. Now login with the new password.
I thought I would share a couple of useful shortcuts I came across recently in searchsploit, the command line search tool for Exploit-DB . This might help someone out as well as a useful reminder to myself. For a long time now when using searchsploit in Kali Linux I have always searched for what I wanted then either manually copied the path to the script to my working directory. Likewise to review the script or text file I would type the path out with either less, more or cat etc. Until now.
For anyone who uses Tenable cloud for vulnerability monitoring, this may be a huge help to you. Sometimes, the Nessus agents on remote machines will stop communicating with the Tenable cloud. What I have found in each instance is that the database has become corrupt. To verify this is the issue, you can run 'nessusd -R' from c:\Program Files\tenable\nessus agent\ on the affected machine. This command shows the version number and forces it to update as well. If it is experiencing the issue as noted above, it will say so in the command prompt. If you have a lot of remote agents, you probably do not want to log into each one to fix it, and simply reinstalling does not do the trick. To fix, follow the steps below:
While it is popularly known as a network mapping and port scanning tool, it comes with the Nmap Scripting Engine (NSE) that can help in the detection of misconfiguration issues and security vulnerabilities. It comes in a command-line interface (CLI) as well as a graphical user interface (GUI).
There are certain products like vulnerability scanners that log into Linux hosts as a specified user and end up "polluting" the bash history of the account in question. Here is an example of a command-line created by Tenable's Nessus scanner:
I have experimented with the HISTIGNORE variable but it's not expressive enough to capture this, even with extglob enabled. Also I believe these commands are executed non-interactively from a script that uses set -o history. Therefore I don't think I can use a function in $PROMPT_COMMAND. Maybe the only option is to scan .bash_history upon interactive login, elide these types of lines, write the history back out, and reload it?
The Tenable Nessus Agent will be displayed as a right-click menu option for the restart of the Nessus service. When it comes to Kali Linux, not all of its features are pre-loaded, such as support for Adobe Photoshop CS5 graphics cards. Passive Scanner vulnerabilities can be easily configured to meet the needs of clients. Nessus Pro scans cannot be launched from the command line because it is unable to do so. You can collect data by using Nessus Agents. Hackers will find weaknesses in your device that they can exploit if they are identified using the platform. Computers are scanned for viruses that have been linked to a network.
Open a terminal on your computer and type: Nessus can be accessed from your desktop.
Please check that you have a complete working sudo nessus package. By pressing Enter, you can run the Nessus vulnerability scanner.
To access Nessus from a remote location, use the following command.
Please navigate to and then to the SSH root directory.
Starting the Nessus Service
To start the Nessus service in Linux, enter the following command:
/etc/init.d/nessusd start
This will start the Nessus service and enable it to start automatically at boot time.
To start the Nessus Agent in Linux, you will need to open a terminal and type in the following command: /etc/init.d/nessusd start. You should then see a message that says the Nessus Agent is starting.
You can use the command line to download and install the Nessus Agent for your operating system. Because all other nessusd processes are terminated during the installation process, running Nessus Agents, Managers, or scanner is unnecessary on any system with an existing Nessus agent, manager, or scanner installed. When you install a Nessus Agent, you must first run the service via the command /sbin/service nessusagent. A recent set of plugins has been released from the Nessus Agents download page. If the information you provide does not meet the requirements, you may receive a Failed to link agent error.
Nessus is a remotely accessible security scanner that is available for various operating systems, including Linux. The Nessus scanner can be run from the command line on Linux systems. The scanner can be used to scan for vulnerable services, open ports, and missing patches. The Nessus scanner can also be used to perform a variety of other security tasks.
The Nessus agent service is used to manage and monitor agents that have been deployed to systems in your environment. The service provides a web-based interface for agent management, as well as a command-line interface for agent deployment and configuration. The Nessus agent service is free to use and is available for download from the Nessus website.
Setting Up the Penetration Testing Lab The penetration testing lab will consist of a number of virtual machines (VMs) running inside of Oracle VirtualBox. You installed VirtualBox. You will connect the new VMs using a host-only adapter network in VirtualBox so that your testing environment is isolated from other devices on any real network you are connected to. You will use the following virtual machines: Axigen mail server: Use the Axigen mail server installed Kali Linux Oracle Virtual Appliance (OVA). You may have been using a different Kali Linux installation for previous activities in this book (such as a Kali Live USB boot), but you use the current Kali OVA in the testing lab. Kali-Linux-2021.2 is the version used in this module. When you are doing these labs, download and install the most current version. Metasploitable2 OVA. Metasploitable2 is a VM that has been purposefully constructed to be vulnerable to attack. Metasploitable2 was created to provide penetration testers (pen-testers) with a target containing security flaws that can be used to practice penetration testing (pen-testing). Performing the Penetration Testing With the penetration testing lab up and running, and your penetration testing report framework in place, you are ready to begin testing for vulnerabilities and capturing your findings. The next sections guide you through a series of penetration activities. Objective: Use Nmap to discover targets and open ports in the pen-test lab environment. Description: The first step in pen-testing your lab environment is to run a nmap scan to discover all targets and any open ports. You will take the results from the nmap scan and add it to your report. 1 Start all virtual machines in your lab environment. Make sure they are connected to the same network. 2 Log on to the Kali Linux VM. 3 Open a terminal session and use the nmap command to scan all the VMs in your testing lab (including the Kali Linux VM). All your lab VMs should be on the same network subnet (perhaps 192.168.56.0), so you can use nmap to scan all the VMs at once by using the network address. You can also scan each VM individually by specifying its IP address in the nmap command. By logging on to each VM, you can determine its IP address by reading the information on the login screen or using the ifconfig command. 4 Capture your nmap output. Use a screen capture tool such as the Windows Snipping Tool or Snip & Sketch to capture the image. Objective: Use the nc command and HTTP methods to extract information from web servers in the pen-test lab environment. Description: At least two of the VMs in your lab environment are web servers. Nessus is installed on your host computer along with a web server. The Metasploitable VM is a vulnerable web server. You will use the netcat (nc) command and HTTP methods to scan each VM to see what kind of web server information you can discover. You will add the results to your report. 1 Start all virtual machines in your lab environment. Make sure they are connected to the same internal network. 2 Log on to the Kali Linux VM. 3 Start a terminal session. 4 Use the nc command and HTTP methods on each of the VMs in your lab environment (including the Kali Linux VM) and on your host computer. You will need the IP address of each VM and your host computer to accomplish this task. Once connected to a target with the nc command, use HTTP methods such as GET and OPTIONS to gather information on each VM. Be sure to try the nc command and HTTP methods on every VM and the computer hosting Nessus. 5 Capture the results of the tests and copy them. Use a screen capture tool and crop the image to show the command executed and the results. Objective: Use wget to attempt to download files from VM targets in the pen-test lab environment. Description: You can use the wget command to download files from a web server, such as the index.html file, which is often the main page of a website. Your nmap activities revealed what ports are open on each lab VM. Any VMs with port 80 or port 443 open are most likely web servers you should target using the wget command. Add the results you gathered to your report. 1 Start all virtual machines in your lab environment. Make sure they are connected to the same network. 2 Log on to the Kali Linux VM. 3 Start a terminal session. 4 Start all virtual machines in your lab environment. Make sure they are connected to the same network. 5 Use the wget command on each VM in your lab environment and on your host computer. You need the IP address of each VM and your host computer to accomplish this task. Be sure to use wget on every VM and on the computer hosting Nessus. 6 Examine the files captured with the wget command and place any useful information from the files. Objective: Use the enum4linux command to enumerate targets in the pen-test lab environment. Description: The enum4linux command is useful for gathering intelligence from Linux-based machines. Your nmap activity may have revealed the operating system of your targets if you included that option in your nmap scans. Start by targeting suspected Linux-based VMs and then use the enum4linux command on all of the VMs and your host computer. Add the results from the enum4linux scans. 1 Start all virtual machines in your lab environment. Make sure they are connected to the same network. 2 Log on to the Kali Linux VM. 3 Start a terminal session. 4 Use the enux4linux command on each VM in your lab environment and on your host computer. You need the IP address of each VM and your host computer to accomplish this task. Be sure to use enum4linux on every VM and on the computer hosting Nessus. 5 Examine the results of the enum4linux command and place any useful information. Objective: Use Nessus to scan targets for vulnerabilities. Description: Nessus is a powerful tool for automatically discovering vulnerabilities in computing devices. You use Nessus to scan all the VMs in your pen-test lab environment and add the results. 1 Start all the virtual machines in your lab environment. Make sure they are connected to the same internal network. 2 Log on to Nessus Essentials on your host computer. 3 Perform a Host Discovery scan on your host-only adapter network and see if it detects all the virtual machines in your pen-test lab environment. Target the host-only adapter network (perhaps 192.168.56.0/24) and not your real network. How do the results compare to your command-line nmap footprinting? 4 Do and execute a Basic Network scan for each VM in your pen-test lab environment. 5 Do and execute a Web App Test scan for each VM in your pen-test lab environment. 6 Extract information from your scans by capturing screens or using the Snipping tool to copy images of tables and charts displayed in Nessus. Include the scan results in your report. You can also use the Report feature in Nessus to make a PDF or HTML report and include all or portions of it in your penetration testing report. 7 Scan your host computer for vulnerabilities, but for your own security, don't include that information.
760c119bf3