00:03
>> Alright, I'm going ahead and clear my screen.
00:03
I'm going to going to double-check to see
00:03
if my Nessus service.
00:03
I do I serve a nessusd status.
00:03
I can see that it is running, so that's good.
00:03
What I could do is to also try to
00:03
connect to it from my web browser.
00:03
Now I have installed
00:03
Nessus by downloading it from Tenable.
00:03
You do have to register with them,
00:03
we'll go to the website really quick.
00:03
Spelled it wrong, sorry about that.
00:03
If we go to our product section,
00:03
we can see there's a download link for Nessus.
00:03
What I've downloaded is the home version.
00:03
This one is free, it doesn't expire.
00:03
You can certainly pay for
00:03
the features that come with
00:03
more the enterprise solution or
00:03
even a cloud-based solution.
00:03
You simply click that "Download" button.
00:03
Then for Kali Linux,
00:03
you want to pick the AMD 64 distribution,
00:03
and it comes in a .deb file.
00:03
The instructions for installation are pretty simple.
00:03
I think you just do a D package command
00:03
in order to install Nessus.
00:03
D package-I. I've already
00:03
gotten Nessus installed from previously to
00:03
my downloads directory and so I can run a D
00:03
package-I and begin the process
00:03
with this file here.
00:03
I've already installed it,
00:03
so I'm not going to repeat that,
00:03
but that's how you get to that point.
00:03
Once it's installed, Nessus will now run as a service.
00:03
One of those things you can do as a
00:03
>> service-status-all and we can just do
00:03
>> a grep for Nessus. There it is nessusd.
00:03
The plus sign means that it's running.
00:03
There's various ways to determine
00:03
if your Nessus environment is ready to go.
00:03
We have two options we can try to connect to
00:03
Nessus from the Metasploit framework.
00:03
I was trying that earlier
00:03
and I had a little bit of trouble with it.
00:03
We'll give it another shot.
00:03
But if that doesn't work, we know we still
00:03
have the web-based option.
00:03
Let's go back to our Metasploit Framework [NOISE].
00:03
Let's have a look at a banner,
00:03
that a nice banner today.
00:03
First I'm going to load
00:03
Nessus and then I've got nessus_help,
00:03
to give me an idea of what my possibilities are.
00:03
First thing I'm going to try to do is connect to
00:03
my Nessus server. See if that works.
00:03
If it doesn't, then we'll just go
00:03
to Nessus as the web version.
00:03
But at least wanted to show this part of it.
00:03
We can log into a Nessus server
00:03
over if you've got a different username and password,
00:03
you can do things like give
00:03
a list of of the folders on the Nessus installation.
00:03
I can do a scan from
00:03
all the IP addresses that are in my hosts table.
00:03
I can run reports on the host,
00:03
I can run reports on vulnerabilities.
00:03
All of this within the framework once you
00:03
get the connectivity established.
00:03
I could also get a list of my scans.
00:03
Pause a scan, stop a scan, resume a scan.
00:03
I'm going to list all of my plugins.
00:03
I can show my Nessus users once I'm connected.
00:03
All right, let's see if we can
00:03
get the connection to work.
00:03
[NOISE] Nessus_connect -h. It's
00:03
saying I have to use
00:03
username: password and host name: port.
00:03
Then I either specify SSL verify or SSL ignore.
00:03
You'll notice that we are connecting with SSL.
00:03
I'm going to try the SSL option first.
00:03
We'll see if this works,
00:03
[NOISE] what I'm using is
00:03
the [NOISE] credentials that I created when I
00:03
built [NOISE] this instance
00:03
or when I installed this instance of Nessus.
00:03
I'm going to my host.
00:03
It's on Kali, so it's 131 port 8834,
00:03
then I want to do SSL verifying.
00:03
Now, that didn't work, certificate verify failed.
00:03
Let me see if I can do it
00:03
>> while ignoring the certificate.
00:03
>> No, what's interesting though is it's trying
00:03
to connect to CK Nessus.
00:03
but it's still giving me a little prefix
00:03
on the address that it makes you wonder
00:03
if there's something else.
00:03
[NOISE] I'm going to leave the port off,
00:03
maybe the port is the problem.
00:03
No, same thing. Okay, well,
00:03
for the sake of moving along with the course,
00:03
we're going to just leave this as is.
00:03
There's probably something that
00:03
needs to be done that's not in place.
00:03
This connectivity is built here
00:03
for being able to do your scans from
00:03
within the framework and
00:03
not having to break out to use a separate tool.
00:03
why don't we get logged into
00:03
Nessus and have a look around.
Learn more about Tenable on their Cybrary channel. Click below to follow for all the latest updates: 
