Obtain Nessus Activation Code

[Quinton Hebenstreit]

Tellthe server to only listen to connections on the address that is an IP, not a machine name. This option is useful if you are running nessusd on a gateway and if you do not want people on the outside to connect to your nessusd.

Updates Tenable Nessus plugins by using a TAR file instead of getting the updates from the plugin feed. You obtain the TAR file when you Manage Tenable Nessus Offline - Download and Copy Plugins steps.

stable: Does not automatically update to the latest Tenable Nessus version. Remains on an earlier version of Tenable Nessus set by Tenable, usually one release older than the current generally available version, but no earlier than 8.10.0. When Tenable Nessus releases a new version, your Tenable Nessus instance updates software versions, but stays on a version prior to the latest release.

Note: You cannot link a scanner via the CLI if you have already registered the scanner. You can either link via the user interface, or reset the scanner to unregister it (however, you lose all scanner data).

Copyright 2024 Tenable, Inc. All rights reserved. Tenable, Tenable Nessus, Tenable Lumin, Assure, and the Tenable logo are registered trademarks of Tenable, Inc. or its affiliates. All other products or services are trademarks of their respective owners.

The latest Nessus plugins must be downloaded and applied to Nessus before running scans to ensure the scan results are relevant and up to date. The Nessus plugins must be obtained from Tenable directly by using the Nessus plugin URL obtained from the Nessus offline activation page.

(Optional) If an HTML report is also required, instead choose Report Format HTML and whichever Report Template seems reasonable. The recommended report template is "Detailed Vulnerabilities By Plugin with Compliance/Remediation".

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

About 2 months ago I was chatting with some of the members of one of the QA Teams at work and they where telling me about their workflows for automating the testing of code and hosts added to the lab. One showed me some of the scripts they use and then it came to me why not automate Nessus from with in PowerShell. I would say that in 2 days in my spare time using Brandon Perry Nessus-Sharp library for Nessus-XMLRPC written in C# -sharp I forked the library and started modifying it to the needs I had I came up with a basic usable module. Sadly I got distracted with several projects and helping a bit to organize BSides PR I had not updated and cleaned the code until recently. Now that I have more time I would like to share the function I created and merge in to Posh-SecMod PowerShell module since I believe they could be useful to someone as they have to me. Installing the Module Posh-SecMod can be found at -SecMod and installing it is very simple. The module is a PowerShell v3 module only at the moment so it will only run on: Windows 7 Windows 2008 Windows 2008R2 Windows 8 Windows 2012 For installing PowerShell on versions of Windows bellow you will need to install .Net 4.0 and then download and install the Windows Management Framework 3.0. Believe me it is all worth it just for the ISEv3. WMF 3.0 - -us/download/details.aspx?id=34595 .Net Framework 4.0 - -us/download/details.aspx?id=17851 We start by running PowerShell with elevated privileges and make sure that you have set the ExecutionPolicy to RemoteSigned since none of the scripts, binaries and modules are signed with authenticode. Set-ExecutionPolicy RemoteSigned

As you create connections to Nessus servers the connections a re stored in to the global variable $Global:nessusconn as you can see information about the server is included with each session object. Each session is referenced by the Index value. In fact each session has a type of Nessus.Server.Session we can have several connection and to one one we just do the same as we did before, the session is added automatically.

We can get feed and version information for each session using the Get-NessusServerFeedInfo function, we can pipe the the sessions from Get-NessusSession objects in to it or specify the session or sessions thru the index parameter:

We can see if we have a proxy configured to pull Nessus Feed, this is known in the Nessus GUI as the General Settings, the functions to get the configuration we use the Get-NessusServerGeneralSettings :

If I wan to see how many users, scans and just the general load on the server I can use the Get-NessusServerLoad to get this information, this can come useful if we see a server running slowly or we want to script to always use the server with the least load to launch our scans:

We can list and work with users in the Nessus Server, we can find all the Nessus Server user manipulation functions by searching for *nessususer* in the name of the functions in the module:

Nessusd has a rules system which allows you to restrict the hosts that admin has the right to test. For instance, you may want him to be able to scan his own host only. Please see the nessus-adduser manual for the rules syntax.

We can see that we created a new user with username admin and password admin (which cannot be seen, because it's not shown on the screen for security purposes), and we specified the user to be administrator.

The error message says that there is no nessus-fetch.rc file present. This file is automatically created when we activate our Nessus installation with an activation code. To obtain an activation code, we must visit Nessus Activation Code and choose "Using Nessus at Home", which is shown in the picture below:

We need to click on the "Select" button and agree to the Subscription Agreement, after which we'll need to provide our first name, last name and email address. We need to enter the right information as shown in the picture below:

We can see that we've successfully registered and obtained an activation code, which is 0249-114E-2A4C-7D9D-4088. To register the Nessus installation and download all the latest plugins, we need to run the command below:

The nessusd init.d script essentially runs the nessusd or nessus-service command manually, so I guess the second option is best if something goes wrong, because it allows us to see what's happening when Nessus is starting.

After Nessus has been started, we can choose between two ways to connect to the Nessus server. The first one is by using the Nessus web interface and the second one by using the Nessus client from the command line.

The port 8834 is in LISTENing mode, as it should be. We access the Nessus web interface by connecting to an address :8834/ in a web browser. When opening Nessus in a web browser, it will take some time to initialize, so we'll have to wait a little bit. After initialization, the Nessus login screen will pop-up, where we can login with our admin username we previously created. The Nessus login screen will look like the picture below:

We can also communicate with Nessus using the command line tool nessus and connecting to the Nessus NTP port 1241 and not its XMLRPC port 8834. First we must verify that the correct port is opened and LISTENing for incoming connections:

Then we can use the nessus command line tool to connect to Nessus server and run the scan. Before actually running the scan we must define a filename, which specified the targets we would like to scan. To scan the target Google we can save the appropriate hostname into the filename results.txt:

We used a bunch of options with the nessus command line tool. The -q option tells Nessus to operate in batch mode. What follows is the Nessus server's hostname, port number, username and password. At the end is our existing filename targets.txt that specifies the targets we would like to scan and the filename results.txt where the results will be saved after the scan is complete.

Here we can create a new scan by defining the hostname of the target website and the policy the scan will use. This can be seen in the picture below, where the target website is and the scan policy is one of the defaults ones, the "Web App Tests" policy.

When the scan is started, it will be added to a list of all scans already done or currently pending still in the Scans tab. There are various actions we can take with each of the scans: stop it, pause it, delete it, etc.

Nessus policies specify what Nessus will do when the scan is being run. Default Nessus policies are External network scan, Internal network scan, PCI-DSS audits, and Web application scan, as we can see in the picture below.

The Port Scanners specify the scan methods used to detect if the port is opened or not. Available options are: TCP scanner, UDP scanner, SYN scanner, SNMP scan that guesses the right SNMP name, netstat ssh scan that issues the netstat command over the SSH connection, netstat wmi scan that issues the netstat command over the WMI connection, and ping scan that pings the target machine.

Next, there are Port Scan Options where we can specify the ports the Nessus will scan. We can input the ports manually as a comma-separated list of values. Alternatively we can choose between two already defined options: default and all. The default option scans around 5000 standard ports, whereas all scan all available ports.

We can use credentials to login into several services automatically by Nessus, which should determine if security patches are applied and if the latest version of software is being used. In the drop-down menu we have the option to choose one of the following options: Windows credentials, SSH settings, Kerberos configuration or Cleartext protocol settings. All of these allow us to input the credentials for the following services: SMB, SSH, Kerberos, telnet, rsh and rexec.

3a8082e126