Vulnerability Scanning with Nessus Home

A free video tutorial from Oak Academy
Web & Mobile Development, IOS, Android, Ethical Hacking, IT
Rating: 4.4 out of 5Instructor rating
304 courses
360,798 students
Vulnerability Scanning with Nessus Home

Lecture description

What is vulnerability scanning with Nessus?

Learn more from the full course

Metasploit Framework: Penetration Testing with Metasploit

Become Hacker: Learn ethical hacking and penetration testing using Metasploit and start your cyber security career

07:28:35 of on-demand video • Updated June 2024

Penetration testing skills make you a more marketable IT tech.
Understanding how to exploit servers, networks, and applications means that you will also be able to better prevent malicious exploitation. From website and net
There are many types of penetration testing. Internal penetration testing tests an enterprise's internal network.
Penetration tests have five different stages. The first stage defines the goals and scope of the test and the testing methods that will be used.
Penetration testing, or pen testing, is the process of attacking an enterprise's network to find any vulnerabilities that could be present to be patched.
Ethical hackers and security experts carry out these tests to find any weak spots in a system’s security before hackers with malicious intent find them and expl
Become an Expert in Using Metasploit
Learn Ethical Hacking from scratch with Metasploit
Importance of Penetration Testing
Types of Penetration Testing
Basics of Penetration Testing
Metasploit Filesystem and Libraries
The Architecture of MSF
Auxiliary Modules
Payload Modules
Exploit Modules
Encoder Modules
Post Modules
Metasploit Community
Metasploit Interfaces
Nmap Integration and Port Scanning
SMB and Samba Enumeration
MySQL Enumeration
FTP Enumeration
SSH Enumeration
HTTP Enumeration
SNMP Enumeration
MTP Enumeration
Using Shodan with MSF
Vulnerability Scanning
Exploitation and Gaining Access
Meterpreter Commands
Pass The Hash with Metasploit
John the Ripper Module
Meterpreter Python/Powershell Extension
Antivirus Evasion and Cleaning
Using Custom Payload Generators
Deceiving File System Using Timestomp
The very latest up-to-date information and methods
During the course you will learn both the theory and how to step by step setup each method
Ethical hacking involves a hacker agreeing with an organization or individual who authorizes the hacker to levy cyber attacks on a system or network
Ethical hacking is a good career because it is one of the best ways to test a network.
In addition to proficiency in basic computer skills and use of the command line, ethical hackers must also develop technical skills
Many hackers use the Linux operating system (OS) because Linux is a free and open-source OS, meaning that anyone can modify it.
Ethical hacking is legal because the hacker has full, expressed permission to test the vulnerabilities of a system.
The different types of hackers include white hat hackers who are ethical hackers and are authorized to hack systems, black hat hackers who are cybercriminals
Whether you want to get your first job in IT security, become a white hat hacker, or prepare to check the security of your own home network
An ethical hacker is also sometimes referred to as a white hat hacker. Many depend on ethical hackers to identify weaknesses in their networks, endpoints, devic
English [Auto]
So now I'm going to check the nest service and start it. Okay, so open your browser now and type https colon slash slash. Kali colon 8834. And then this will take you to the Nessus login screen. So in the beginning, you may see an initialization screen like this one. So just enter your credentials and hit the sign in button. Okay, so now this is the Nessus Page. It has a pretty clear and clean interface. So what I'm going to do is quickly add a folder for my scans and name it MSF. So create the folder. Now let's go into the folder. Okay, so now you have two options here. You can either create a scan directly. Or you can create a policy and then use this policy for a particular scan. Me. I always create policies because then I can use them in every penetration test that I do. So I would advise you to do the same. Just follow along. So even now, I'm going to show you how to create a policy. So click here to start. Right. So now these are the predefined policies. And for your purpose, you can choose one of them. But also you have the option to start a custom policy. So over here on the upper left corner, there's an advanced scan. So click here. All right, So let's give it a name and description, and that's going to be your first scan. So NASA provides you an ability to share your policy or scan with other users. So if you want under the permission tab, select can use as an option. Under the Discovery menu. You'll find how to discover hosts and services. And you can also configure how to scan the ports on the target. And there's really nothing to change here. Assessment menu. It provides extra assessment configuration. Now here under brute force segment, I want you to check this box to not try after successful login. All right. So you have web applications in our lab. Open it. I won't change anything under Windows and malware segments. Now you can specialize your reports, but I think it doesn't allow much more than that. This might be, if there is one, a negative side of. And the advanced menu. So, you know. I think I've said this before, but being stealthy is important, so you've got to check here to randomly scan targets. And also check here to prevent network congestion. And under the credentials tab, Nessus gives you the opportunity to scan targets with custom discovered credentials. Nessus will perform more tests on the targets if valid credentials are given. And you can also add hashes as well as some other service accounts. So earlier we have discovered how to use the vagrant username and password. So that's what I'm going to use. Compliance tab. I'm not going to change anything here. This. This could be a good benefit for you when you perform a vulnerability assessment. Now here there are many compliance checklists. You can choose a bunch of them and run a scan. But for now, I don't need that. And here's the plugins tab. So NASA's actually takes its power from plugins. Every plugin performs a particular task and the NASA team divides plugins into families. So, for example, the denial of service plug ins resides under this category. Now, you also have to be careful to check the plugins because every unrelated plugin will create congestion in the network and that prevents you from being stealthy. And also some plug ins could very well crash your system. So right now, I am going to quickly uncheck unrelated plug in families. I'm not going to touch plug ins itself. But you can be that specific. So finally, save the policy. Okey doke. So now you need to create a scan that's going to use this policy. So go up here to the top menu scans. And here are the predefined scans. But if you want to use your policy like I do. Follow me and go to the user defined tab. And click your policy. Now this screen comes up. So name your scan and give it a description. And I'm going to choose the folder p MSF. And now you can add targets. So of course we're going to use the both the Metasploitable two and three IP addresses. All right, So let's save the scan. Now, let's check the scan here. And from that menu, just launch it or reconfigure it. I'm going to launch it. Okay, so now you can watch the progress and examine what Nessus finds. Scans are going to take some time, so. I'll just let it finish up and I'll get right back to you.