Before attempting this lab, please complete the steps below:
- Register for a personal Nessus activation code by visiting https://www.tenable.com/tenable-for-educationLinks to an external site.
- Download a copy of Nessus from https://www.tenable.com/downloads/nessusLinks to an external site. ( do this from the firefox browser in kali)
Once you have the registration code and the Nessus install file has been downloaded, please proceed to the next steps
-
Change directory to wherever the Nessus install file is located (Default is usually /home/kali/Downloads)
-
Type "dpkd -i ./ /Nessus-10.1.1-debian6_amd64.deb" (Note the version number may be different than what is here)
-
Once the install is complete start the nessus service by typing the following command:
sudo systemctl start nessusd -
Access Nessus via Firefox by going to https://localhost:8834 Links to an external site.
-
Accept the self-signed certificate warning
-
Select a username, password and enter activation code (please make sure you have chosen the correct product version as well)
-
Wait while Nessus compiles all the plugins (This may take a long time to complete, and it is normal)
-
Login with the user account you previously created
-
Go to Scans -> New Scan
-
On the Scan Templates page under Vulnerabilities, choose the "Advanced Scan" type
- Provide a name for your scan configuration (e.g. "External Scan")
- Provide the target IP address (in this case, the IP address of the Metasploitable2 VM)
- Save the scan template
-
Press the "Play" button on the My Scans page to launch the scan you just created
Once the scanning is complete, please export the report in PDF format and submit it. To export the list of vulnerabilities, go to Report/Complete List Of Vulnerabilities by Host.