# Nessus > **World's Most Popular Vulnerability Assessment Platform** ## 📋 Overview Nessus adalah platform vulnerability assessment yang paling populer di dunia, dikembangkan oleh Tenable. Digunakan untuk mengidentifikasi vulnerabilities, misconfigurations, dan security weaknesses dalam sistem, jaringan, dan aplikasi. ## 🎯 Key Features ### 🔍 **Comprehensive Scanning** * **67,000+ CVEs** - Extensive vulnerability database * **Network Discovery** - Automated asset identification * **Web Application Scanning** - Application-layer testing * **Malware Detection** - Malware and backdoor identification * **Configuration Auditing** - CIS benchmarks and compliance ### 🛡️ **Vulnerability Detection** * **Critical & High-Risk** - Priority vulnerability identification * **Zero-Day Detection** - Advanced vulnerability analysis * **Compliance Checking** - PCI DSS, HIPAA, SOX compliance * **Risk Scoring** - CVSS-based risk assessment * **False Positive Reduction** - Intelligent filtering ### 🌐 **Multi-Platform Support** * **Windows**, **Linux**, **macOS** * **Mobile Devices** - iOS, Android vulnerability scanning * **Cloud Platforms** - AWS, Azure, GCP integration * **Containers** - Docker, Kubernetes scanning * **Network Devices** - Routers, switches, firewalls ### 📊 **Reporting & Management** * **Executive Reports** - High-level security summaries * **Technical Details** - Complete vulnerability information * **Remediation Guidance** - Fix recommendations * **Trend Analysis** - Security posture over time * **API Integration** - Automated workflows ## 🚀 Installation ### Windows Installation ```powershell # Download Nessus installer from https://www.tenable.com/products/nessus/nessus-professional # Run Nessus-8.15.2-x64.msi as Administrator # Accept license agreement # Choose installation directory # Create admin account during setup # Access web interface at https://localhost:8834 ``` ### Linux Installation ```bash # Ubuntu/Debian wget https://www.tenable.com/downloads/api/v1/public/pages/nessus/downloads/12331/download?i_agree_to_tenable_license_agreement=true sudo dpkg -i Nessus-8.15.2-debian6_amd64.deb sudo systemctl start nessusd sudo systemctl enable nessusd # CentOS/RHEL/Fedora wget https://www.tenable.com/downloads/api/v1/public/pages/nessus/downloads/12331/download?i_agree_to_tenable_license_agreement=true sudo rpm -Uvh Nessus-8.15.2-es7.x86_64.rpm sudo systemctl start nessusd sudo systemctl enable nessusd # Access web interface https://localhost:8834 ``` ### macOS Installation ```bash # Download Nessus installer from Tenable website # Run Nessus-8.15.2.dmg # Drag Nessus to Applications folder # Launch Nessus from Applications # Create admin account # Access at https://localhost:8834 ``` ### Docker Installation ```bash # Pull Nessus image docker pull tenableofficial/nessus # Run container docker run -d \ --name nessus \ -p 8834:8834 \ -v /data/nessus:/opt/nessus/var/nessus \ tenableofficial/nessus # Initial setup docker exec -it nessus /opt/nessus/sbin/nessuscli update ``` ## 🔧 Initial Configuration ### First-Time Setup 1. **Access Web Interface** - 2. **Create Admin Account** - Username, password, email 3. **Select License Type**: * **Nessus Essentials** - Free for personal use (16 IPs) * **Nessus Professional** - Commercial license * **Nessus Expert** - Advanced features 4. **Download Plugins** - Initial plugin download (can take time) 5. **Create First Scan** - Set up scanning policies ### Plugin Management ```bash # Update plugins (via web interface) Scans → Settings → Software Update → Check for Updates # Manual plugin update (CLI) /opt/nessus/sbin/nessuscli update # Check plugin version /opt/nessus/sbin/nessuscli --version # Schedule automatic updates Settings → Schedule → Configure plugin updates ``` ## 🔍 Scan Types ### Network Scans ```bash # Basic Network Scan - Scan entire networks or subnets - Identify live hosts and open ports - Detect operating systems and services - Find vulnerabilities and misconfigurations # Advanced Network Scan - Custom port ranges - Authentication for in-depth scanning - Credentialed patch detection - Compliance checks ``` ### Web Application Scans ```bash # Web Application Tests - SQL injection detection - Cross-site scripting (XSS) - Directory traversal - Server misconfigurations - SSL/TLS vulnerabilities - Web application firewall bypass ``` ### Compliance Scans ```bash # Compliance Standards - PCI DSS compliance - CIS benchmarks - HIPAA compliance - NIST standards - SOX compliance - Custom compliance policies ``` ### Malware Scans ```bash # Malware Detection - Trojan identification - Backdoor detection - Rootkit scanning - Suspicious file analysis - Memory-based malware detection ``` ## 🎯 Common Use Cases ### 1. **Network Vulnerability Assessment** ``` Setup: 1. Create "Basic Network Scan" policy 2. Define target networks (192.168.1.0/24) 3. Configure authentication (optional) 4. Schedule scan frequency 5. Review results and prioritize remediation ``` ### 2. **Web Application Security Testing** ``` Setup: 1. Create "Web Application Tests" policy 2. Configure target URL (https://app.example.com) 3. Set authentication (form-based, API key) 4. Configure scan scope and exclusions 5. Run scan and analyze findings ``` ### 3. **Compliance Auditing** ``` Setup: 1. Select compliance policy (PCI DSS, CIS) 2. Define target systems 3. Configure credentials for accurate assessment 4. Schedule regular compliance scans 5. Generate compliance reports ``` ### 4. **Cloud Security Assessment** ``` Setup: 1. Configure cloud connector (AWS, Azure, GCP) 2. Set up API credentials 3. Create cloud-specific scan policy 4. Scan cloud resources and configurations 5. Review cloud security posture ``` ## 📊 Scan Configuration ### Basic Scan Settings ```yaml # General Settings Name: Production Network Scan Description: Monthly vulnerability assessment Targets: 192.168.1.0/24 Schedule: Monthly on 1st at 2:00 AM # Discovery Settings Host Discovery: Ping, ARP, NetBIOS Port Scanning: TCP (1-65535), UDP (common ports) Service Detection: Enabled OS Detection: Enabled ``` ### Authentication Configuration ```yaml # Windows Authentication Username: admin Password: password123 Domain: COMPANY # SSH Authentication Username: root Password: sshpassword Private Key: /path/to/key # Database Authentication DB Type: MySQL Username: dbuser Password: dbpass Port: 3306 ``` ### Advanced Settings ```yaml # Performance Max Concurrent Hosts: 50 Max Concurrent Checks Per Host: 10 Scan Speed: Normal Safe Checks: Enabled # Reporting Email Results: admin@company.com Report Formats: HTML, PDF, CSV Critical Only: Yes Include Remediation: Yes ``` ## 📈 Vulnerability Management ### Risk Scoring ``` Critical (9.0-10.0) - Immediate action required High (7.0-8.9) - Priority remediation within 7 days Medium (4.0-6.9) - Remediation within 30 days Low (0.1-3.9) - Remediate when convenient Informational (0.0) - Awareness and documentation ``` ### CVSS Scoring ``` Base Score: Intrinsic vulnerability severity Temporal Score: Current threat landscape Environmental Score: Specific organizational impact Factors: - Attack Vector (AV) - Attack Complexity (AC) - Privileges Required (PR) - User Interaction (UI) - Scope (S) - Confidentiality (C) - Integrity (I) - Availability (A) ``` ### Remediation Workflow ``` 1. Vulnerability Identification - Scan results analysis - Criticality assessment - Asset prioritization 2. Risk Assessment - Business impact analysis - Exploitability assessment - Threat intelligence integration 3. Remediation Planning - Patch management - Configuration changes - Compensating controls 4. Validation - Re-scan after fixes - Verification testing - Documentation updates ``` ## 🔗 Integration and Automation ### API Integration ```python import requests # Nessus API Configuration NESSUS_URL = "https://nessus.example.com:8834" ACCESS_KEY = "your_access_key" SECRET_KEY = "your_secret_key" # Create scan headers = { "X-ApiKeys": f"accessKey={ACCESS_KEY}; secretKey={SECRET_KEY}" } scan_data = { "uuid": "ad629e16-03b6-8c1d-cef6-ef8c9dd3c658", "settings": { "name": "API Network Scan", "text_targets": "192.168.1.0/24", "launch": "ON_DEMAND" } } response = requests.post(f"{NESSUS_URL}/scans", headers=headers, json=scan_data) scan_id = response.json()["scan"]["id"] ``` ### SIEM Integration ```yaml # Splunk Integration - Forward Nessus alerts to Splunk - Create correlation rules - Generate security dashboards - Automate incident response # QRadar Integration - Import Nessus vulnerability data - Create asset profiles - Risk scoring integration - Compliance reporting ``` ### Ticketing System Integration ```yaml # ServiceNow Integration - Auto-create tickets for critical vulnerabilities - Update ticket status based on scan results - Assign tickets to appropriate teams - Track remediation progress # Jira Integration - Create vulnerability tickets - Link to development sprints - Track fix verification - Generate security metrics ``` ## 📊 Reporting and Analytics ### Report Types ``` Executive Reports: - Executive Summary - Risk Trends - Compliance Status - Business Impact Technical Reports: - Vulnerability Details - Remediation Steps - Asset Inventory - Configuration Analysis Compliance Reports: - PCI DSS Attestation - HIPAA Compliance - CIS Benchmarks - Custom Policies ``` ### Custom Report Creation ``` 1. Define Report Template - Select vulnerability filters - Choose asset groups - Configure layout 2. Add Content Sections - Executive summary - Critical findings - Risk trends - Remediation progress 3. Configure Delivery - Email recipients - Report format (PDF, HTML, CSV) - Schedule and frequency - Custom branding ``` ### Dashboard Metrics ``` Key Performance Indicators: - Total vulnerable assets - Critical vulnerabilities count - Average remediation time - Compliance percentage - Risk score trends Asset Metrics: - Asset inventory - Software versions - Configuration compliance - Patch status ``` ## 🔧 Advanced Features ### Custom Scanning Templates ```yaml # Create Custom Policy Name: Custom Web Application Policy Description: Tailored web application scanning Template Settings: - HTTP Methods: GET, POST, PUT, DELETE - Authentication: Form-based, API Key, OAuth - Crawl Limit: 1000 pages - Test Depth: Deep - Scan Speed: Thorough Exclusions: - Admin panels - Test environments - Third-party domains ``` ### Plugin Configuration ```yaml # Enable/Disable Plugins Critical: Enabled High: Enabled Medium: Enabled Low: Disabled Informational: Disabled Custom Plugin Settings: - Adjust timeout values - Configure retry attempts - Set custom user agents - Modify detection thresholds ``` ### Credential Management ```yaml # Credential Types Supported SSH Keys: RSA, DSA, ECDSA Windows: NTLM, Kerberos Database: MySQL, PostgreSQL, Oracle Network: SNMP, Telnet Cloud: AWS, Azure, GCP Security: - Encrypted storage - Role-based access - Audit logging - Rotation policies ``` ## 🎓 Learning Resources ### Official Documentation * [Nessus Documentation](https://docs.tenable.com/nessus/) * [Nessus User Guide](https://www.tenable.com/documentation) * [Tenable Blog](https://www.tenable.com/blog) * [Tenable University](https://www.tenable.com/university) ### Training Resources * [Nessus Professional Training](https://www.tenable.com/training) * [Certified Tenable Professional (CTP)](https://www.tenable.com/ctp) * [Vulnerability Management Best Practices](https://www.tenable.com/resources/whitepapers) ### Community Resources * [Tenable Community](https://community.tenable.com/) * [Reddit r/netsec](https://www.reddit.com/r/netsec/) * [Security Podcasts and Blogs](https://www.tenable.com/podcasts) ## 📈 Comparison with Other Tools | Feature | Nessus Professional | Qualys | Rapid7 InsightVM | OpenVAS | | --------------------------- | ------------------- | -------- | ---------------- | --------- | | **Vulnerability Database** | 67,000+ CVEs | 165,000+ | 200,000+ | 50,000+ | | **Web Application Testing** | ✅ | ✅ | ✅ | Limited | | **Compliance Reporting** | ✅ | ✅ | ✅ | ✅ | | **Cloud Integration** | ✅ | ✅ | ✅ | Limited | | **Pricing** | $3,499/year | Quote | Quote | 🆓 Free | | **Support** | 24/7 | 24/7 | 24/7 | Community | | **Ease of Use** | 📚 Easy | 📚 Easy | 📚 Medium | 📚 Hard | ## 🔧 Troubleshooting ### Common Issues ```bash # Plugin download failures - Check internet connectivity - Verify proxy settings - Restart Nessus service - Manual plugin update # Scan failures - Verify target accessibility - Check firewall rules - Validate credentials - Review scan logs # Performance issues - Reduce concurrent hosts - Optimize scan settings - Check system resources - Review network bandwidth # License issues - Verify license validity - Check activation code - Contact Tenable support - Review license terms ``` ### Performance Optimization ```bash # Hardware Requirements Minimum: 4 CPU cores, 8GB RAM, 50GB storage Recommended: 8 CPU cores, 16GB RAM, 200GB storage # Network Requirements - Stable internet connection for plugin updates - Sufficient bandwidth for scanning - Low latency to target networks # Scan Optimization - Use appropriate scan policies - Schedule scans during off-peak hours - Exclude unnecessary targets - Configure proper timeouts ``` ### Log Analysis ```bash # Nessus Log Locations Linux: /opt/nessus/var/nessus/logs/ Windows: C:\ProgramData\Tenable\Nessus\nessus\logs\ # Important Log Files - nessusd.log - Main daemon log - backend.log - Backend service log - www.log - Web interface log - agent.log - Agent communication log # Common Log Entries - Plugin update status - Scan progress and errors - Authentication failures - System performance metrics ``` ## 🛡️ Security Considerations ### Deployment Security ```bash # Network Segmentation - Place Nessus scanner in dedicated network segment - Use firewall rules to control access - Implement network segmentation for scanning # Access Control - Role-based access control (RBAC) - Multi-factor authentication - Regular account reviews - Principle of least privilege # Data Protection - Encrypt sensitive data - Secure credential storage - Regular data backup - Retention policy compliance ``` ### Legal and Compliance ```bash # Authorization Requirements - Written permission for scanning - Defined scope and boundaries - Incident response procedures - Data handling agreements # Compliance Standards - PCI DSS compliance scanning - HIPAA security assessments - SOX compliance reporting - Industry-specific requirements # Best Practices - Document all scanning activities - Follow responsible disclosure - Maintain audit trails - Regular security assessments ``` ## 💰 Licensing and Pricing ### Nessus Editions ``` Nessus Essentials: - Free for personal use - Scan up to 16 IP addresses - Basic vulnerability scanning - Community support Nessus Professional: - $3,499 per year - Unlimited IP scanning - Advanced features - Phone and email support Nessus Expert: - $5,999 per year - All Professional features - Advanced threat detection - Priority support - Custom integrations ``` ### Deployment Options ``` On-Premises: - Full control over infrastructure - Local data storage - Custom configuration - Requires hardware investment Cloud (Tenable.io): - Managed deployment - Scalable infrastructure - Automatic updates - Subscription pricing Hybrid: - Mix of on-premises and cloud - Flexible deployment - Data locality options - Unified management ``` *** **⚠️ Legal Notice**: Nessus should only be used on systems you own or have explicit permission to scan. Unauthorized vulnerability scanning may violate computer crime laws and network policies. **⚡ Pro Tip**: Start with a limited scope scan to verify network connectivity and permissions before running comprehensive vulnerability assessments. *📅 Last Updated: 2024*