Activate Nessus

[Tisham Candella]

InTenable Nessus Professional and Tenable Nessus Expert, you can use an activation code on multiple systems. This allows you to transfer a Tenable Nessus license from one system to another easily and without resetting your activation code each time.

When you transfer the activation code to a system, it becomes the active instance of Nessus for that license. Only the most recently activated system can receive plugin updates. All previous instances of Nessus with that activation code still function, but cannot receive plugin updates. On inactive instances, the following error message appears: Access to the feed has been denied, likely due to an invalid or transferred license code.

Copyright 2024 Tenable, Inc. All rights reserved. Tenable, Tenable Nessus, Tenable Lumin, Assure, and the Tenable logo are registered trademarks of Tenable, Inc. or its affiliates. All other products or services are trademarks of their respective owners.

This module has some tests in place, but not many yet. Additionally, it is not possible to completely test the activation portion of nessus, since each activation is unique, and you would need a new activation code from nessus every time you try to activate.

The Nessus vulnerability scanner, is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks. Nessus can also be used for ad-hoc scanning, daily scans, and quick-response audits.

We need to add atleast one Admin user for Nessus. To add an Admin user run the following command. Here select the Authentication method as Pass for password and enter the password twice and press CTRL+D to proceed without adding any rules at the start as below ( I create an admin user called nessusadmin):

A great peice of software for a regular vulnerability scan on your own systems or you are an organisation who can afford to buy the license for professional feed then you can use it commercially as well.

I had some trouble setting up openvas on my system fedora system, but I did find a site that offered free openvas vulnerability scans. I was able to scan my vps to check for security holes over at HackerTarget.com.

Nessusd has a rules system which allows you to restrict the hosts that admin has the right to test. For instance, you may want him to be able to scan his own host only. Please see the nessus-adduser manual for the rules syntax.

We can see that we created a new user with username admin and password admin (which cannot be seen, because it's not shown on the screen for security purposes), and we specified the user to be administrator.

The error message says that there is no nessus-fetch.rc file present. This file is automatically created when we activate our Nessus installation with an activation code. To obtain an activation code, we must visit Nessus Activation Code and choose "Using Nessus at Home", which is shown in the picture below:

We need to click on the "Select" button and agree to the Subscription Agreement, after which we'll need to provide our first name, last name and email address. We need to enter the right information as shown in the picture below:

We can see that we've successfully registered and obtained an activation code, which is 0249-114E-2A4C-7D9D-4088. To register the Nessus installation and download all the latest plugins, we need to run the command below:

The nessusd init.d script essentially runs the nessusd or nessus-service command manually, so I guess the second option is best if something goes wrong, because it allows us to see what's happening when Nessus is starting.

After Nessus has been started, we can choose between two ways to connect to the Nessus server. The first one is by using the Nessus web interface and the second one by using the Nessus client from the command line.

The port 8834 is in LISTENing mode, as it should be. We access the Nessus web interface by connecting to an address :8834/ in a web browser. When opening Nessus in a web browser, it will take some time to initialize, so we'll have to wait a little bit. After initialization, the Nessus login screen will pop-up, where we can login with our admin username we previously created. The Nessus login screen will look like the picture below:

We can also communicate with Nessus using the command line tool nessus and connecting to the Nessus NTP port 1241 and not its XMLRPC port 8834. First we must verify that the correct port is opened and LISTENing for incoming connections:

Then we can use the nessus command line tool to connect to Nessus server and run the scan. Before actually running the scan we must define a filename, which specified the targets we would like to scan. To scan the target Google we can save the appropriate hostname into the filename results.txt:

We used a bunch of options with the nessus command line tool. The -q option tells Nessus to operate in batch mode. What follows is the Nessus server's hostname, port number, username and password. At the end is our existing filename targets.txt that specifies the targets we would like to scan and the filename results.txt where the results will be saved after the scan is complete.

Here we can create a new scan by defining the hostname of the target website and the policy the scan will use. This can be seen in the picture below, where the target website is and the scan policy is one of the defaults ones, the "Web App Tests" policy.

When the scan is started, it will be added to a list of all scans already done or currently pending still in the Scans tab. There are various actions we can take with each of the scans: stop it, pause it, delete it, etc.

Nessus policies specify what Nessus will do when the scan is being run. Default Nessus policies are External network scan, Internal network scan, PCI-DSS audits, and Web application scan, as we can see in the picture below.

The Port Scanners specify the scan methods used to detect if the port is opened or not. Available options are: TCP scanner, UDP scanner, SYN scanner, SNMP scan that guesses the right SNMP name, netstat ssh scan that issues the netstat command over the SSH connection, netstat wmi scan that issues the netstat command over the WMI connection, and ping scan that pings the target machine.

Next, there are Port Scan Options where we can specify the ports the Nessus will scan. We can input the ports manually as a comma-separated list of values. Alternatively we can choose between two already defined options: default and all. The default option scans around 5000 standard ports, whereas all scan all available ports.

We can use credentials to login into several services automatically by Nessus, which should determine if security patches are applied and if the latest version of software is being used. In the drop-down menu we have the option to choose one of the following options: Windows credentials, SSH settings, Kerberos configuration or Cleartext protocol settings. All of these allow us to input the credentials for the following services: SMB, SSH, Kerberos, telnet, rsh and rexec.

Allows us to choose a specific security checks to be performed against the target website. On the picture below we can see the enabled category FTP that will try to detect an anomaly in the FTP server; it will do that by checking the existing FTP server against all the defined plugins on the right that represent all currently known vulnerabilities in FTP servers:

The Preferences tab allows us to further set our scanning options. We can input as much information as we know about the target system. This enables the Nessus scanner to perform the scans more accurately and quickly. We can specify the type of database being used, its username and password, how the report should be generated, what user agent the requests should impersonate, the client certificate to use against the target website and much more.

We've seen the functionality the Nessus scanner provides. It's up to us whether we want to choose Nessus or some other security scanner to scan our network for vulnerabilities. But we shouldn't rely only on the network scanner itself; we should contact a penetration testing company to do an actual penetration test on our website or whole network. Only then can we feel pretty safe. Of course only after we resolved all the detected vulnerabilities.

Dejan Lukan is a security researcher for InfoSec Institute and penetration tester from Slovenia. He is very interested in finding new bugs in real world software products with source code analysis, fuzzing and reverse engineering. He also has a great passion for developing his own simple scripts for security related problems and learning about new hacking techniques. He knows a great deal about programming languages, as he can write in couple of dozen of them. His passion is also Antivirus bypassing techniques, malware research and operating systems, mainly Linux, Windows and BSD. He also has his own blog available here:

I'm using ansible expect to create a user for my nessus (by using the nessuscli). the expect should answer few question as below (I added the numbers 1-5). My expect get stuck at number 5. the last letters of number 5 is the "(the user can have an empty rules set)" and then the next line (carriage return). This makes the issue as I dont know how to tell expect that there is a phrase that is followed by a next line. I tried \r \n and none of them worked! any healp is appreciated.

Nessus Agents are lightweight client programs that are installed locally on a host. Agents collectvulnerability, compliance, and system data and report that information back to a Tenable SecurityCenter.

Agents run under the local SYSTEM account in Windows or root on Linux-based operating systems,and do require sufficient privileges to install software under that account on setup. Nessus Agents arepackaged for installation on their respective platforms, and after installation, a scriptable command canbe used to register the agent with an instance of Nessus Cloud or Tenable Security Center.

3a8082e126