Vulnerability scanning with Nessus: How to run a system scan

In our previous tip in this series on using Nessus in the enterprise, we detailed the process of downloading and installing Nessus on the platform of your choice. Now that you've got it up and running, we'll

    Requires Free Membership to View

examine how to use this powerful open source vulnerability scanner to monitor systems for security issues.

We'll assume that you're using the Unix Nessus GUI, but the commands are quite similar for those using NessusWX (for Windows). First, start the Nessus client by issuing the "nessus" command. You'll be presented with the window shown below:

The top portion of this window allows you to specify the Nessus server that you'd like to use to originate the scan. If you're running the client and server on the same host, keep the default settings. Otherwise, you'll need to enter the appropriate hostname and port. The lower portion of the window requires that you enter the appropriate Nessus credentials to begin the scan. It's important to remember that these are separate and distinct from system login credentials and must be created using the nessus-adduser command.

After entering this information, click the "Log in" button to authenticate to the Nessus server. Next, we'll take a look at the Scan Options tab, shown below:

This tab contains several important options. First, the "Port range" textbox allows you to enter the specific ports that you'd like to scan. If you leave this set to "default," it will scan all of the destination ports contained within the nessus-services file. Otherwise, you may specify ports using ranges (e.g. "1-1024") and/or comma-delimited lists (e.g. "80, 443, 8080").

The other important option contained on this tab is the "Safe checks" box. Checking this box ensures that Nessus only runs plug-ins designated by their developers as "non-dangerous." If you're running a scan against a production system, it's critical that you check this box, as the unsafe plug-ins could cause an unintentional denial of service on the target system. (On the other hand, if you can do it, so can the bad guys!)

Next, let's move on to the Target tab, shown below:

You may use this tab to select either a single system or a comma-delimited list. Alternatively, you may read a list of hosts from a text file using the "Read file" button or attempt to perform a DNS zone transfer to obtain all of the hostnames in a domain by checking the "Perform a DNS zone transfer" box.

Once you've set the appropriate options for your scan, click the "Start the scan" button at the bottom of any tab, and you'll be off and running. The system will display the dialog box shown below:

It's important to note that scanning a single system could take several minutes or longer, depending upon the specified scope. When the scan completes, you'll see a full scan report, such as the one shown below:

You may navigate through this report to view the various alerts shown for each system grouped by host, port and severity.

That's all there is to it! You now have the basic information you need to conduct vulnerability scans with Nessus.


  How to get started
  How to run a system scan
  How to build an enterprise scanning program
  How to manage Nessus reports
  How to simplify security scans
  How to use Nessus with the SANS Top 20

Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide and Information Security Illuminated.

This was first published in January 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.