Penetration Testing with Kali Linux OffSec
|
|
dynamic plugin filter
313 instead. Nessus Plugins are programs written in the Nessus Attack Scripting Language (NASL) 314 that contain the information and the algorithm to detect vulnerabilities. Each plugin is assigned to a plugin family , 315 which covers different use cases. We will work with the Advanced Dynamic Scan template and plugins in the last section of this Learning Unit. 311 (MSRC, 2021), https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 312 (MSRC, 2021), https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1472 313 (Tenable Documentation, 2022), https://docs.tenable.com/nessus/Content/DynamicPlugins.htm 314 (Wikipedia, 2022), https://en.wikipedia.org/wiki/Nessus_Attack_Scripting_Language 315 (Tenable, 2022), https://www.tenable.com/plugins/families/about Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 175 7.2.3 Performing a Vulnerability Scan In this section we will perform our first vulnerability scan. To begin, let’s click on the New Scan button on the dashboard in the Scans tab. Figure 44: Creating a Scan Nessus provides a list of the different templates. For this section, we will use the Basic Network Scan , which we can launch by clicking on it. Figure 45: Selecting a Basic Network Scan This will present the scan configuration settings screen containing the BASIC , DISCOVERY , ASSESSMENT , REPORT , and ADVANCED settings. 316 316 (Tenable Docs, 2022), https://docs.tenable.com/nessus/Content/TemplateSettings.htm Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 176 Figure 46: Different Settings in Scan Configuration The default screen is the General settings page with the two required arguments: a name for our scan and a list of targets. Nessus supports multiple target specifications, 317 including a single IP address, an IP range, and a comma-delimited Fully-Qualified Domain Name (FQDN), or an IP address list. For this example, we will scan the following machines: POULTRY, JENKINS, WK01, and SAMBA. We will enter “Basic Vulnerability Scan” into the Name field and the IP addresses of the machines into the Targets field. 317 (Tenable Docs, 2022), https://docs.tenable.com/nessus/Content/ScanTargets.htm Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 177 Figure 47: Configuring Scan Name and Target List Since we chose the Basic Network Scan template, Nessus has already configured most of the settings for us. However, the default configuration might not be exactly what we need. Depending on the scanning type, the environment, time constraints, and the targets, we may need to adapt the settings to fit our needs. In the default settings of this template, Nessus scans a list of common ports. For this demonstration, we only want to scan ports 80 and 443. To do this, let’s click on the Discovery settings and select Custom in the dropdown menu. Figure 48: Selecting Custom Discovery Settings The dropdown menu shown in Figure 48 provides us with a number of predefined options. To scan specific ports, we’ll need to select Yüklə Dostları ilə paylaş:
|