Nessus 3.2.1 on Back|track 4 Beta

Posted: Thursday,February 12, 2009 in Vulnerability Assessment
Tags: , , ,

Hello all the visitors.here I am going to tell how to install Nessus on Back|track 4 beta.don’t use apt-get install nessus as first I tried with apt-get but there was very older version of Nessus in respositories.something 2.x.quite useless isn’t it.so lets install the latest one.
First download these packages

Nessus-3.2.1-ubuntu804_i386.deb

NessusClient-3.2.1-debian4_i386.deb

(I choose this debian package because NessusClient-3.2.1.1-ubuntu804.i386.deb was missing some of dependencies and was not installing correctly.instead the debian package worked like a charm and it produces no error at all.

Next register your copy to get plugins update using homefeed and please provide the real mail ID as they will send you the activation key for homefeed.

Regsiter Here

Click accept and enter a valid working email ID.

now we start installing the packages.

root@ThUndErbOLt:~#dpkg -i Nessus-3.2.1-ubuntu804_i386.deb

now configure the certificate & admin user for nessus

root@ThUndErbOLt:~#/opt/nessus/sbin/nessus-mkcert  (this is neccessary to communicate between nessus client to nessus daemon/remote host)

CA certificate life time in days [1460]:
Server certificate life time in days [365]:
Your country (two letter code) [FR]:IN
Your state or province name [none]: Karnataka
Your location (e.g. town) [Paris]: Bangalore

it should show the message

Congratulations. Your server certificate was properly created.

hit enter to come out

root@ThUndErbOLt:~#/opt/nessus/sbin/nessus-adduser

enter information about the user.

Login

Authentication (Pass/Cert)

Password:

confirm password:

after configuring the parameters it ask for rule-set.we have configured the admin user having full permissions.if we wants to limit and want to add certain users then we can use rule-set here.

For configuring ruleset please refer to nessus-adduser( 8 ) man page for the rules syntax as it limit the use of nessus.

press ctrl + d

it asks for confirmation.choose y

now start Nessus daemon by using

root@ThUndErbOLt:~# /etc/init.d/nessusd start

$Starting Nessus : .

confirm that its running using

root@ThUndErbOLt:~# netstat -ant|grep 1241
tcp                      0                        0 0.0.0.0:1241            0.0.0.0:*               LISTEN
tcp6                   0                        0 :::1241                          :::*                            LISTEN

now Install NessusClient(the GUI Frontend to use nessusd)

root@ThUndErbOLt:~# dpkg -i NessusClient-3.2.1-debian4_i386.deb

now register the plugin feed for updating nessus

root@ThUndErbOLt:~#/opt/nessus/bin/nessus-fetch –register XXXX-XXXX-XXXX-XXXX(replace X with your keys)

Your activation code has been registered properly – thank you.
Now fetching the newest plugin set from plugins.nessus.org…
now it will download the plugins and will purge them into database.if you don’t wan’t to do this now.press ctrl + c to cancel it.later you can download it using

root@ThUndErbOLt:~#/opt/nessus/sbin/nessus-update-plugins

run the scan using NessusClient

backtrack menu->Internet->NessusClient

click on + icon

by default selection radiobox is single host

type Host Name localhost & hit save

select the localhost & press connect

from connect option box choose edit

set the Login & Password which we created earlier using nessus-adduser

hit Save

select localhost & hit connect

first time it asks for logging into nessus server.hit yes

now you can customize the default scan/microsoft scan policy and can scan.that’s it!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s