Vulnerability Scanning with Nessus Home

A free video tutorial from Oak Academy
AI, Comptia, Cybersecurity, Android, Development & IT course
329 courses
418,592 students
Lecture description
What is vulnerability scanning with Nessus?
Learn more from the full course
Metasploit Framework: Penetration Testing with Metasploit
Become Hacker: Learn ethical hacking and penetration testing using Metasploit and start your cyber security career
15:20:33 of on-demand video • Updated July 2025
Penetration testing skills make you a more marketable IT tech.
Understanding how to exploit servers, networks, and applications means that you will also be able to better prevent malicious exploitation. From website and net
There are many types of penetration testing. Internal penetration testing tests an enterprise's internal network.
Penetration tests have five different stages. The first stage defines the goals and scope of the test and the testing methods that will be used.
Penetration testing, or pen testing, is the process of attacking an enterprise's network to find any vulnerabilities that could be present to be patched.
Ethical hackers and security experts carry out these tests to find any weak spots in a system’s security before hackers with malicious intent find them and expl
Become an Expert in Using Metasploit
Learn Ethical Hacking from scratch with Metasploit
Importance of Penetration Testing
Types of Penetration Testing
Basics of Penetration Testing
Metasploit Filesystem and Libraries
The Architecture of MSF
Auxiliary Modules
Payload Modules
Exploit Modules
Encoder Modules
Post Modules
Metasploit Community
Metasploit Interfaces
Armitage
MSFconsole
Enumeration
Nmap Integration and Port Scanning
SMB and Samba Enumeration
MySQL Enumeration
FTP Enumeration
SSH Enumeration
HTTP Enumeration
SNMP Enumeration
MTP Enumeration
Using Shodan with MSF
Vulnerability Scanning
Exploitation and Gaining Access
Post-exploitation-Meterpreter
Meterpreter Commands
Pass The Hash with Metasploit
John the Ripper Module
Meterpreter Python/Powershell Extension
Antivirus Evasion and Cleaning
MSFvenom
Using Custom Payload Generators
Deceiving File System Using Timestomp
The very latest up-to-date information and methods
During the course you will learn both the theory and how to step by step setup each method
Ethical hacking involves a hacker agreeing with an organization or individual who authorizes the hacker to levy cyber attacks on a system or network
Ethical hacking is a good career because it is one of the best ways to test a network.
In addition to proficiency in basic computer skills and use of the command line, ethical hackers must also develop technical skills
Many hackers use the Linux operating system (OS) because Linux is a free and open-source OS, meaning that anyone can modify it.
Ethical hacking is legal because the hacker has full, expressed permission to test the vulnerabilities of a system.
The different types of hackers include white hat hackers who are ethical hackers and are authorized to hack systems, black hat hackers who are cybercriminals
Whether you want to get your first job in IT security, become a white hat hacker, or prepare to check the security of your own home network
An ethical hacker is also sometimes referred to as a white hat hacker. Many depend on ethical hackers to identify weaknesses in their networks, endpoints, devic
English [Auto]
So now I'm going to check the Nessus service and start it. Okay, so open your browser now and type https colon slash slash kali colon 8834. And then this will take you to the Nessus login screen. So in the beginning you may see an initialization screen like this one. So just enter your credentials and hit the sign in button. Okay, so now this is the Nessus home page. It has a pretty clear and clean interface. So what I'm going to do is quickly add a folder for my scans and name it, um, wmsf. So create the folder. Now let's go into the folder. Okay. So now you have two options here. You can either create a scan directly or you can create a policy. And then use this policy for a particular scan. Me I always create policies because then I can use them in every penetration test that I do. So I would advise you to do the same. Just follow along. So even now I'm going to show you how to create a policy. So click here to start. Right. So now these are the predefined policies. Now for your purpose you can choose one of them. But also you have the option to start a custom policy. So over here on the upper left corner there's an advanced scan. So click here. All right so let's give it a name and description. And that's going to be your first scan. So this provides you uh an ability to share your policy or scan with other users. So if you want, under the permission tab, select can use as an option. Under the discovery menu, you'll find how to discover hosts and services, and you can also configure how to scan the ports on the target. and there's really nothing to change here. Assessment menu. It provides some extra assessment configuration. Now here under brute force segment I want you to check this box uh to not try after successful login. All right. So you have web applications in our lab. Open it. I won't change anything under windows and malware segment. Now you can specialize your reports, but I think it doesn't allow much more than that. This might be if there is one. A negative side of Nessus and the advanced menu. See, now, I think I've said this before, but being stealthy is important, so you've got to check here to randomly scan targets and also check here to prevent network congestion. And under the credentials tab, Nessus gives you the opportunity to scan targets with custom discovered credentials. Nessus will perform more tests on the targets if valid credentials are given, and you can also add hashes as well as some other service accounts. So earlier we have discovered how to use the vagrant username and password. So that's what I'm going to use. Compliance tab. I'm not going to change anything here. This this could be a good benefit for you when you perform a vulnerability assessment. Now here uh, there are many compliance checklists. You can choose a bunch of them and run a scan. But for now, I don't need that. And here's the plugins tab. So this actually takes its power from plugins. Every plugin performs a particular task and the Nests team divides plugins into families. So for example the denial of service plugins resides under this category. Now you also have to be careful to check the plugins, because every unrelated plugin will create congestion in the network, and that prevents you from being stealthy. And also some plugins could very well crash your system. So right now I am going to quickly uncheck unrelated plugin families. I'm not going to touch plug ins itself, but you can be that specific. So finally save the policy. Okey doke. So now you need to create a scan that's going to use this policy. So go up here to the top menu scans. And here are the predefined scans. But if you want to use your policy like I do, follow me and go to the user defined tab and click your policy. Now this screen comes up. So name your scan and give it a description. And and I'm going to choose the folder p wmsf. And now you can add targets. So of course we're going to use the both the Metasploitable two and three IP addresses. All right so let's save the scan. Now let's check the scan here. And from that menu, just launch it or reconfigure it. I'm going to launch it. Okay. So now you can watch the progress and examine what NASA's finds. Scan is going to take some time. So I'll just let it finish up and I'll get right back to you.