00:05
>> One of the things we can do is we can actually
00:05
interact with Nessus from their framework.
00:05
I'll show you the basics of
00:05
getting connected but then after that,
00:05
we're going to use their web-based interface,
00:05
which has a lot more functionality
00:05
and it's a little bit easier to deal
00:05
with for some of the things that we're looking at.
00:05
We'll also run a scan and then import
00:05
the results into their framework.
00:05
The first thing we need to do after you login to
00:05
your Nessus scanner on port 834,
00:05
go to your Settings area, go to Accounts.
00:05
What I've done is created another account
00:05
>> made it a system administrator,
00:05
it's very straightforward.
00:05
Now I can use that information
00:05
to connect from the framework.
00:05
This is a self-signed certificate,
00:05
aware of that and we're trying
00:05
>> to do the initial connect.
00:05
>> First we'll load the Nessus module,
00:05
and I can run Nessus_help to see all of
00:05
my commands available to me
00:05
>> from the framework to Nessus.
00:05
>> I can connect to my server,
00:05
I can log out, it can log in as different credentials.
00:05
I can determine if someone's an admin or not.
00:05
I can create scans from IP addresses in
00:05
the host's folder or a table rather.
00:05
I can do things like list my policies, delete a policy,
00:05
you can't really create a policy from
00:05
this interface as far as I can tell,
00:05
so it's another reason why we're going to use the GUI.
00:05
But regardless, let's go ahead
00:05
>> and try to get connected.
00:05
>> So Nessus_connect-H.
00:05
I need my username, colon,
00:05
password, at hostname colon port,
00:05
and then we'll use the SSL ignore option
00:05
because this has a self-signed cert.
00:05
So Nessus_connect username, Nessus password.
00:05
Obviously this is not something you want to do on
00:05
an untrusted environment because
00:05
you're putting the password right on the command line,
00:05
so you better make sure your
00:05
well-protected when you're using
00:05
these connection strings because
00:05
the passwords right there in the clear.
00:05
Granted, it's only a scanner,
00:05
but it's just a good best practices
00:05
for for IT security in general.
00:05
Port 834, we're going to also put in SSL ignore,
00:05
and I've gotten connected.
00:05
Now I can do things like Nessus user list,
00:05
I should see admin, I see Nessus there.
00:05
Am I an administrator?
00:05
Yes, I am. But let's go back to the
00:05
>> to the GUI and we'll
00:05
>> do the scan from here and then we'll see
00:05
what results we can look at from
00:05
the framework as well as being able
00:05
to export and import from Nessus itself.
00:05
Going back to the Scans button,
00:05
I want to create a new scan.
00:05
I've got several options here,
00:05
Advanced Scan where you have to set
00:05
all the individual settings or
00:05
something like Shell-shocked Detection Host Discovery,
00:05
some of these other ones require an upgrade.
00:05
I can do a Windows malware scan
00:05
that's included with the free version.
00:05
But what I really want is the basic network scan,
00:05
so that's our good starting point..
00:05
We're going to call this Metasploitable.
00:05
As far as the folder,
00:05
I can pick different folders,
00:05
I'll just leave it in My Scans,
00:05
and then I'll put in my target here.
00:05
a file with targets in it f I had a lot of them.
00:05
This is just a single address,
00:05
I can also do things like CIDR blocks,
00:05
CIDR notation if you wanted,
00:05
but it's a single IP.
00:05
The scan has now been created, it's an on-demand,
00:05
there's no schedule for this,
00:05
and I simply click the Launch button to get it started.
00:05
Once it begins, then I can click the scan itself,
00:05
once I see that it's running,
00:05
and I can get some more detail here.
00:05
I can see in the host's tab,
00:05
I've got one host being detected,
00:05
it's already picking up some vulnerabilities.
00:05
I can click the Vulnerabilities tab,
00:05
and watch this start to populate.
00:05
Also, we can see that there's
00:05
a color-coded graphic here
00:05
showing what kinds of
00:05
vulnerabilities have been discovered.
00:05
So far, it's a lot of informational items.
00:05
A couple of medium severity items have shown up,
00:05
and if we go back to our hosts area,
00:05
we can see our percentage.
00:05
We're not even at zero percent yet,
00:05
so we've already got a 45 informational pieces,
00:05
two medium warnings,
00:05
and this is going to take a while.
00:05
What I'm going to do is go
00:05
back to the Vulnerabilities screen here,
00:05
and then I'm going to go ahead and
00:05
pause and we'll come back when it's
00:05
completed and take a look to see what was found.
Learn more about Tenable on their Cybrary channel. Click below to follow for all the latest updates: 
