Nessus is free and open source vulnerability scanner. With some 16,000 plugins it can scan pretty much anything and come up with useful information. On Unix- like systems, Nessus is based upon the client-server model, consisting of nessusd, the daemon and nessus, the client. This is written for FreeBSD, but should work on other BSD/Linux distros without changing anything but the paths and installation commands.
Installation, Configuring and Updating
cd /usr/ports/security/nessus make install clean make cert
To download the latest plugins (each plugin runs tests against a specific
vulnerability), register at nessus.org. Once you
receive your activation code run
[activation-code]. This will automatically update the plugins. To perform a
manul update, run
/usr/local/bin/nessus-fetch --plugins. This will download
a .tar into your current directory, the plugins need to be extracted into
/usr/local/lib/nessus/plugins. Add a user for Nessus: `
At this point, a target file which specifies which hosts will be scanned
needs to be created.
The syntax is rather flexible, it accepts one IP per line, CIDR notation
(192.168.1.1/24) to scan an whole subnet, from-to (10.1.1.1-10.1.1.25)
notation, and IPs separated by commas. Once finished, start the nessud daemon:
` You should see something like Loading the plugins… 2040 (out of 15651).
Performing a Vulnerability Scan
To perform the scan and generate the results as a .html file use the following syntax: `
nessus -T [format] [host] [port] [user] [password] [targets-file] [result-file]
nessus -T html localhost 1241 nessususer password123 /root/nessus.targets /home/www/nessus.html
` Port 1241 is the default Nessus port. To keep things simple, set the paranoia level to 1 when prompted.
Centos 5 Notes
The rpm package will have to be downloaded and installed manually from the download page on nessus.org.
The default installation path is
The config file location is
To create a user:
/opt/nessus/bin/nessus-fetch –register [activation-code].
service nessusd start.