Saturday, 25 June 2011

Registering and using Nessus in Backtrack 5

Unlike previous Backtrack versions Nessus now comes installed by default on Backtrack 5.

This is very cool because all that is left for you is to activate Nessus!

If that was not enough, when you upgrade Backtrack the instructions to register are just shown to you:
....
root@bt:~# apt-get upgrade
...
- Please run /opt/nessus/sbin/nessus-adduser to add a user
- Register your Nessus scanner at http://www.nessus.org/register/ to obtain
all the newest plugins
- You can start nessusd by typing /etc/init.d/nessusd start
....
Just open Firefox, navigate to http://www.nessus.org/register/, select your feed (home or professional), enter your details and that's it!
....
Then you will get an email like this:

Thank you for registering with us!

Your activation code for the Nessus HomeFeed is xxxx-xxxx-xxxx-xxxx-xxxx

Remember that the HomeFeed subscription is for home use
only. If you use Nessus at work, you need to obtain a ProfessionalFeed.

.....

Linux and Solaris Users :
--------------------------

To activate your account, simply execute the following command :

/opt/nessus/bin/nessus-fetch --register xxxx-xxxx-xxxx-xxxx-xxxx
.....

So, you only need to copy-paste the Linux instruction registration line in Backtrack and you are all set!:

root@bt:~# /opt/nessus/bin/nessus-fetch --register xxxx-xxxx-xxxx-xxxx-xxxx
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
Your Nessus installation is now up-to-date.
If auto_update is set to 'yes' in nessusd.conf, Nessus will
update the plugins by itself.

You can double-check that the nessusd.conf auto_update setting is set to yes like this:

root@bt:~# locate nessusd.conf
/opt/nessus/etc/nessus/nessusd.conf
root@bt:~# vi /opt/nessus/etc/nessus/nessusd.conf

After that you just need to create a new Nessus user, you can use the command line option like this:

/opt/nessus/sbin/nessus-adduser

or alternatively you can also indulge in laziness and use the GUI:



whatever you do (command line or GUI), just answer the on-screen options:



Now you can start the nessus server, either from the GUI (beside option above) or using the command line:

/etc/init.d/nessusd start

The final step to use Nessus is to connect to https://127.0.0.1:8834/ (or whatever other IP or hostname you have set up for this in your network), you will first probably get an invalid certificate warning:



After accepting that you get the login screen:



Then it is important to read this warning if you are using the home feed:



If your ethics are not enough to stop you from trying to be too smart and using the home feed for corporate stuff consider this: When you update your plugins the nessus server is communicating with Tenable Security and they are smart enough to prosecute you (i.e. they will be able to tell if your IP address is a dude at home or a corporation, and they could also get more sophisticated than this). I would not try to outsmart them :).

Past that warning you can see the beautiful Nessus interface which was very responsive during my tests, you can modify existing policies (not recommended) or copy existing policies into new custom policies (recommended):



Once you are happy with your scanning policy just run the scan specifying that policy and you are ready to rock and roll:



When you launch the scan you will see something like this:



As the scan is in progress it is very cool that you can start looking at the partial report, you do not need to wait for the scan to finish.

Nessus then has several reporting options but all that is very self-evident so I will not waste your time (and my time) on that ;).

There is another tutorial by Carlos Perez (who works for Tenable at the moment) here. The process he describes is very similar but it is always worth to have a look at whatever Carlos writes :).

Thanks for Carlos for his many tutorials (nessus, metasploit, etc) and the Bactrack guys for having Nessus built-in this time.