Vulnerability Scanning with Nessus Home

English [Auto] It's now I'm gonna check the NSA service and started okay. So open your browser now and type HDTV s colons less slash Carly colon 8 8 3 4 and then this will take you to the NSA so log in screen at the beginning you may see an initialization screen like this one so just enter your credentials and hit the sign and button Hey so now this is the NSA is home page it has a pretty clear and clean interface. So what I'm going to do is quickly add a folder from my scans and name it. BW M S F so create the folder. Let's go into the folder okay. So now you have two options here. You can either create a scan directly or you can create a policy and then use this policy for a particular scan. Me I always create policies because then I can use them in every penetration test that I do. So I would advise you to do the same. Just follow along. So even now I'm going to show you how to create a policy so click here to start right. So now these are the predefined policies for your purpose you can choose one of them but also you have the option to start a custom policy so over here on the upper left corner there's an advanced scan so click here. All right. So let's give it a name and description and that's gonna be your first scan. So this is provides you an ability to share your policy or scan with other users so if you want under the permission tab select can use as an option under the discovery menu you'll find how to discover hosts and services and you also can figure how to scan the ports on the target and there's really nothing change here assessment menu. It provides extra assessment configuration now here under brute force segment. I want you to check this box to not try after successful long in all right. So you have web applications in our lab. Open it. I won't change anything under Windows and malware segment. Now you can specialize your reports but I think it doesn't allow much more than that. This might be. If there is one a negative side of Knesset and the advanced menu you know I think I've said this before but being stealthy is important. So you've got a check here to randomly scan Target's also check here to prevent network congestion and under the credentials tab. NASA's gives you the opportunity to scan targets with custom discovered credentials NASA's will perform more tests on the targets if valid credentials are given and you can also add hashes as well as a mother's service account so earlier we have discovered how to use the vagrant username and password so that's what I'm going to use compliance tab not gonna change anything here this. This could be a good benefit for you when you perform a vulnerability assessment now here. There are many compliance checklists you can choose a bunch of them and run a scan. But for now I don't need that. And here's a plugins tab. So this is actually takes its power from plugins every plugin performs a particular task and an SS team divides plug ins into families. So for example the denial of service plugins resides under this category. Now you also have to be careful to check the plugins because every unrelated plugin will create congestion in the network and that prevents you from being stealthy and also some plug ins could very well crash a system. Sorry. Now I am going to quickly uncheck unrelated plug in families not gonna touch plugins that sell but you can be that specific. So finally save the policy. Okeydoke. So now you need to create a scan that's gonna use this policy so go up here to the top menu scans and here are the predefined scanned but if you want to use your policy like I do. Follow me and go to the user defined tab and click your policy. Now this screen comes up. So name your scan and give it a description. And I'm going to choose the folder. P. W M.S. F. And now you can add targets so of course we're gonna use the both the matter portable 2 and 3 IP addresses. All right. So let's save the scan now. Let's check the scan here. And from that menu just launch it or reconfigure it. I'm going to launch it OK so now you can watch the progress and examine what NASA's find scans. Gonna take some time so I'll just let it finish up and I'll get right back to you.