Scribd
Upload
18 views13 pages

Intro Cyber Proj

Uploaded by

hackingstudent6
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views13 pages

Intro Cyber Proj

Uploaded by

hackingstudent6
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

Intro To Cybersecurity Lab

Semester Project

Project Name: Nessus

Team Members: Submitted To: Mohsin Sarfraz


Syed Izaz Ali Shah Section: B
Mehboob Ur Rahman
Zia Ullah Khan
Hassan Ahsan
What Is Nessus?
Nessus is a prevalent tool utilised for scanning and evaluating vulnerabilities. Its purpose is to
detect and evaluate weaknesses in computer systems, networks, and applications. Nessus,
created by Tenable Network Security, is widely utilised by security experts, system
administrators, and network administrators to proactively detect and resolve security
vulnerabilities before they can be maliciously exploited.

Notable characteristics of Nessus comprise:


Vulnerability scanning involves the use of Nessus to conduct scans on target systems and
networks in order to detect vulnerabilities, misconfigurations, and potential security risks.

Nessus employs a plugin-based design, enabling users to personalise and enhance its
capabilities through the addition of additional plugins. Nessus possesses the capability to adjust
and respond to developing security risks.

Nessus utilises an extensive vulnerability database that is consistently updated with the most
recent security concerns. This guarantees that the tool can precisely detect a broad spectrum of
vulnerabilities.

Nessus may perform policy compliance checks to evaluate systems' adherence to security rules
and compliance standards, ensuring compliance with specific regulatory requirements in
addition to discovering vulnerabilities.

Nessus produces comprehensive reports that offer specific information on detected


vulnerabilities, including their level of severity, along with recommendations for resolving them.
These reports hold significant value for security teams and system administrators as they aid in
prioritising and resolving security issues.

Nessus has the capacity to scan a wide range of targets, such as individual hosts, networks, and
entire companies, making it very scalable. It is applicable in various settings, ranging from tiny
firms to major organizations.
It is crucial to acknowledge that Nessus, although a potent tool for detecting vulnerabilities, is
merely a single element of a holistic cybersecurity approach. Organizations frequently utilize
Nessus in combination with other security technologies and processes to uphold a strong
security stance.

Downloading and Installing Of Nessus


"I visited the Nessus website and downloaded the amd64 version for Ubuntu. After that, I
opened the terminal in the Downloads directory and entered the command sudo dpkg -i
followed by the downloaded Nessus .deb file's name. I was prompted to resolve dependencies
using sudo apt-get install -f. Once installed, I started the Nessus service and opened my
browser to https://localhost:8834. Following the prompts, I set up my Nessus account and
configured the necessary settings, including obtaining an activation code from the Tenable
website. During the initial setup, I also installed the necessary plugins, and Nessus usually
updates them automatically."

I have downloaded Nessus Expert, which allows scanning for 32 Ips

I will check the IP of a system and identify vulnerabilities in the given system using Nessus

So first of all how to power on Nessus in ubuntu

 I have saved the command and URL in txt form


 First, I will enter the command in terminal
 The command is bin/systemctl start nessusd. Service
 Then I will open my browser and copy the URL given
 The URL is https://sayed-virtual-machine:8834/
 After following these steps Nessus will open
After opening Nessus, it shows me menu like this
Then the main objective of Nessus is to scan vulnerabilities in system, network, machines, SO I
will find vulnerability in my own Ubuntu which I am using
Coming to this later

 There are many options in nessus It gives me the list which I scanned and also show me
the previous history
 The is new scan button in main interface
 When I click on that button so a new page opens
 There is a lot of templates for scanning like basics scan malware scan advanced scan
ransomware scan advanced dynamic scan I showed in screen shots
So will do basic scan for testing purpose so when I click on basic scan a new page opens

In this page the first tab is for settings, credentials and plugins

And then general settings so I will give the name of system on which I am doing scanning then
description and in target I will give the ip
Then I saved these
Now I will run it

Here is showing the name of my virtual pc ubuntu then I am going to click on play button and it
will start scanning
Scan has been started

Now scan is running

The scanning is now completed

It has found 41 vulnerabilities in my ubuntu in 8 minutes


various types of vulnerabilities are shown in
different colors
 So, in my scan there is no critical vulnerability
 4% high
 2% medium
 0% low
 94% info

Here is the complete summary

Now I will open vulnerabilities tab

And here is the complete list of all vulnerabilities


Now I clicked on the first number vulnerability found and it is
mixed means I it has 2 high and 1 info vulnerability

Then I clicked on number 1 in 3 of them and It showed me the


complete description
Now I opened the remediations tab and It shows me the remediation

Conclusion
Nessus scanning helps identify and fix security weaknesses in a system or
network. By regularly using Nessus, organizations can stay ahead of
potential threats, making their overall cybersecurity stronger and more
effective. It's a crucial part of a comprehensive security plan.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy