Getting Started with Nessus

Let's see how we can download and set up Nessus for its first use so that we can start learning its various features. Feel free to follow along and set up a Nessus instance on your own VM. For the interactive portions of this module, we provide a lab instance of Nessus and another with OpenVAS installed.

Downloading Nessus

To download Nessus, we can navigate to its Download Page to download the correct Nessus binary for our system. We will be downloading the Debian package for Ubuntu for this walkthrough.

Requesting Free License

Next, we can visit the Activation Code Page to request a Nessus Activation Code, which is necessary to get the free version of Nessus:

Installing Package

With both the binary and activation code in hand, we can now install the Nessus package:

$ dpkg -i Nessus-8.15.1-ubuntu910_amd64.deb  

Selecting previously unselected package nessus. (Reading database ... 132030 files and directories currently installed.) Preparing to unpack Nessus-8.15.1-ubuntu910_amd64.deb ... Unpacking nessus (8.15.1) ... Setting up nessus (8.15.1) ... Unpacking Nessus Scanner Core Components... Created symlink /etc/systemd/system/nessusd.service → /lib/systemd/system/nessusd.service. Created symlink /etc/systemd/system/multi-user.target.wants/nessusd.service → /lib/systemd/system/nessusd.service.

Starting Nessus

Once we have Nessus installed, we can start the Nessus Service:

$ sudo systemctl start nessusd.service

Accessing Nessus

To access Nessus, we can navigate to https://localhost:8834. Once we arrive at the setup page, we should select Nessus Essentials for the free version, and then we can enter our activation code:

Once we enter our activation code, we can set up a user with a secure password for our Nessus account. Then, the plugins will begin to compile once this step is completed:

Finally, once the setup is complete, we can start creating scans, scan policies, plugin rules, and customizing settings. The Settings page has a wealth of options such as setting up a Proxy Server or SMTP server, standard account management options, and advanced settings to customize the user interface, scanning, logging, performance, and security options.