Nessus is a well-known tool for Vulnerability Assessments created by Tenable Inc. Unfortunately, it is not open source but it offers a free license called Essentials for educators, students, and individuals (not companies) starting their careers.

Nessus Essentials is a powerful scanner that collects fingerprints, misconfiguration, and default passwords from the targets and automatically crosschecks with the known vulnerability database to expose low-hanging fruits and potential investigation threads. Its reports should not be taken as absolute truth but as a starting point.

This free version contains limitations but the most evident is the number of scanned targets, up to 16 IPs.

The purpose of this post is to guide you on the process of deploying a Linux Appliance virtual machine that already contains the Nessus application right out of the box.

Tenable Core + Nessus is available for download on VMware and Hyper-V formats or as an ISO image to boot and installed in a bare-metal machine or hypervisor of choice [Link].

Tenable Core is a CentOS7 operating system highly customized to run all the Tenable products. It has a web interface that can be accessed at https://IP:8000/ with the default credentials wizard:admin. Through this interface, one can easily monitor the instance resources, health, utilization, etc.

After successfully deploying the new instance, navigate to https://IP:8834/ and finish the configuration and licensing process for Nessus. The license can be obtained for free [Link] and will be sent to your email address.

Because of the nature of this application, it was developed to allow accept command line directives to perform its duties, which allows automation and integrate into many other applications:

Syntax

  • /opt/nessus/sbin/nessuscli <cmd> <arg1> <arg2>
  • /opt/nessus/sbin/nessuscli help
  • /opt/nessus/sbin/nessuscli <cmd> help

Running as a service

  • /sbin/service nessusd start
  • /sbin/service nessusd stop

Basic commands

  • nessuscli update
  • nessuscli update –all
  • nessuscli update –plugins-only
  • nessuscli fetch –register <activation code>
  • nessuscli fetch –security-center
  • nessuscli fix –show
  • nessuscli fix –list
  • nessuscli fix –list-interfaces
  • nessuscli fix –get max_hosts
  • nessuscli fix –set max_hosts=200
  • nessuscli fix –delete max_hosts
  • nessuscli fix –secure –list
  • nessuscli mkcert
  • nessuscli mkcert-client
  • nessuscli lsuser
  • nessuscli adduser
  • nessuscli chpasswd <username>
  • nessuscli rmuser
  • nessuscli bug-report-generator
  • nessuscli bug-report-generator [–quiet] [–scrub] [–full]
  • nessuscli agent status