Friday, October 14, 2011

Penetration Testing with Nessus


Nessus is a server-client based penetration testing tool available as open source.
You can test the vulnerabilities of your network by Nessus. It has many plugins and you can
also create your own policy for a particular testing.

So let's begin penetration testing:

You'll need Nessus which you can get from here.

Now after the installation, you will see 2 files on your desktop:
Nessus Client
Nessus Server Manager

Step 1: Open Nessus Server Manager and click Manage users, now click on '+' to add a new user
           and give the username and password which you will need to login the client.

Step 2: After creating the user, click on "Start Server" .

Step 3: Open the nessus client in your browser and login with your username and password. 
Note: It may give you a warning ignore that.

Step 4: After login you should see a page like this:


Now click on Policies and configure it as you wish.



Now after this click on Next and define the credentials.



Step 5: Now Click on "Scans" then "Add Scan" and define the options for Scanning.


Step 6: Launch Scan

Now wait for the scan to be completed and then analyse the results.



This is the result, if you can find something interesting in this... :)
 

The Hacker News