cd ~/Downloads
kali@kali:~/Downloads$
echo
"4987776fef98bb2a72515abc0529e90572778b1d7aeeb1939179ff1f4de1440d Nessus-10.5.0-
debian10_amd64.deb" > sha256sum_nessus
kali@kali:~/Downloads$
sha256sum -c sha256sum_nessus
Nessus-10.5.0-debian10_amd64.deb: OK
Listing 91 - Verifying the checksum
The output shows that the checksums match, which means we can install the package. If there is
an updated version of Nessus, the checksum from the previous listing will be different and needs
to be adapted.
To install the Nessus package, we’ll use apt
306
with the install option.
kali@kali:~/Downloads$
sudo apt install ./Nessus-10.5.0-debian10_amd64.deb
...
Preparing to unpack .../Nessus-10.5.0-debian10_amd64.deb ...
Unpacking nessus (10.5.0) ...
Setting up nessus (10.5.0) ...
...
Unpacking Nessus Scanner Core Components...
-
You can start Nessus Scanner by typing /bin/systemctl start nessusd.service
-
Then go to https://kali:8834/ to configure your scanner
Listing 92 - Nessus installation
After the installation is complete, we can start the
nessusd
service via systemctl.
307
kali@kali:~/Downloads$
sudo systemctl start nessusd.service
Listing 93 - Starting Nessus
Once Nessus is running, we can launch a browser and navigate to https://127.0.0.1:8834. We will
be presented with a warning indicating an unknown certificate issuer, which is expected due to
the use of a self-signed certificate. To accept and trust the self-signed certificate, we can click on
Advanced…
and then
Accept the Risk and Continue
.
305
(Man7, 2020), https://man7.org/linux/man-pages/man1/sha256sum.1.html
306
(Wikipedia, 2022), https://en.wikipedia.org/wiki/APT_(software)
307
(Wikipedia, 2022), https://en.wikipedia.org/wiki/Systemd
Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved.
170
Figure 35: Nessus Presenting a Certificate Warning
After the page loads, we are prompted to configure pre-installation settings. Let’s click on
Continue
to start the installation with the default settings.
Figure 36: Configuring Pre-Installation Settings
Now, we can select a Nessus product. For the purpose of this Learning Unit, we’ll choose
Register
for Nessus Essentials
and click
Continue
.
Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved.
171
Figure 37: Selecting Nessus Essentials
Next, we are prompted to request an activation code for Nessus Essentials. We’ll provide the
required information and click
Register
.
Figure 38: Requesting an Activation Code
Once we have registered, the activation code is shown in the next window.
Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved.
172
Figure 39: Activating Nessus
Next, we’ll create a local Nessus user account. We’ll choose the username
admin
with a strong
password to protect our vulnerability scan results. We’ll use these credentials to log in to the
Nessus application.
Figure 40: Creating a Local Nessus Account
Finally, Nessus downloads and compiles all plugins. This can take a significant amount of time to
complete.
Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved.
173
Yüklə Dostları ilə paylaş: |