Install Nessus on Kali Linux

Nessus是什么?

Nessus号称是世界上最流行的漏洞扫描程序,全世界有超过75000个组织在使用它。该工具提供完整的电脑漏洞扫描服务,并随时更新其漏洞数据库。Nessu
s不同于传统的漏洞扫描软件,Nessus可同时在本机或远程操作,进行系统的漏洞分析扫描。

下载并安装

根据不同的OS下载不同的版本,Kali Linux下载debian 6版本的Nessus。

https://www.tenable.com/downloads/nessus

安装命令:

1
2
3
4
5
6
7
8
9
10
11
12
root@kali:~/Documents# dpkg -i Nessus-7.1.0-debian6_amd64.deb
Selecting previously unselected package nessus.
(Reading database ... 335227 files and directories currently installed.)
Preparing to unpack Nessus-7.1.0-debian6_amd64.deb ...
Unpacking nessus (7.1.0) ...
Setting up nessus (7.1.0) ...
Unpacking Nessus Core Components...

- You can start Nessus by typing /etc/init.d/nessusd start
- Then go to https://kali:8834/ to configure your scanner

Processing triggers for systemd (238-4) ...

显示到这里就安装成功了!

启动Nessus

1
/etc/init.d/nessusd start

激活

注册领取免费版本的激活码,领取之后会发送到邮件,注意查看邮箱。

https://www.tenable.com/products/nessus/activation-code

使用激活码激活

1
/opt/nessus/sbin/nessuscli fetch --register 0BB7-F54A-60D7-FCE7-976E

激活过程中会下载安装Plugins,稍作等待。

添加账号

这里都使用默认配置:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
root@kali:~/Documents# /opt/nessus/sbin/nessuscli adduser root
[Mon May 21 06:42:52 2018][2752.1] _qdb_open:/opt/nessus/var/nessus/plugins-desc.db: Invalid table of contents
Login password:
Login password (again):
Do you want this user to be a Nessus 'system administrator' user (can upload plugins, etc.)? (y/n) [n]: y
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that root has the right to test. For instance, you may want
him to be able to scan his own host only.

Please see the Nessus Command Line Reference for the rules syntax

Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)

Login : root
Password : ***********
This user will have 'system administrator' privileges within the Nessus server
Is that ok? (y/n) [n]: y
User added

访问控制界面

重启Nessus服务

1
/etc/init.d/nessusd restart

打开浏览器访问,默认端口是8834。

https://10.98.53.137:8834

References

  1. 《Kali Linux渗透测试技术详解》