Using Basic Vulnerability Scanners

As a beginner, I used to face a number of issues while installing these tools, so I thought of writing an article about installing and using these basic tools. Some of the basic scanners are described in this article with their installation procedure for Kali Linux.

HOW TO INSTALL NESSUS?

  1. Nessus Vulnerability Scanner

Step 1 : Go to this website and Register for an activation code: https://www.tenable.com/products/nessus/nessus-essentials and click on Download Nessus.

Step 2 : Download Nessus according to your Operating System version. I am downloading this one as I am using KALI LINUX 2020.3 AMD64. Click on “I agree” and download it.

Step 3 : Open the terminal, locate the downloaded file.

$ cd Downloads
$ sudo dpkg -i Nessus-8.12.0-debian6_amd64.deb
$ sudo service nessusd start

Step 4 : Now, open the browser and navigate to “https://kali:8834”. Click on advanced > accept the risk.

Step 5 : Select Nessus essentials option and continue. Then skip, as we have already registered for an activation code.

Step 6 : Check your Gmail account, copy the activation code from there and paste it in the activation code field and continue.

Step 7 : You will be asked to enter the username and password, it can be anything, it is not necessary to enter your email id in that field. These will just be the credentials that you are going to enter, whenever you want to use nessus in your system. It will download the plugins by itself. Let the installation complete and then proceed.

A window asking for targets will open up. Enter the target IP and continue. The results will be displayed in front of you.

HOW TO INSTALL NEXPOSE?

2. Nexpose

You can download nexpose tool from the official website : https://www.rapid7.com/try/nexpose/. Register on the website and download nexpose for linux.

Step 1 : After downloading nexpose, open the terminal and go to the directory where the bin file has been downloaded and run the following commands.

Step 2 : Click Next > Next.

Note : The default port is 5432, change the Nexpose database port to another port number, such as 54231, during the installation if you intend to use the Kali Linux database to support other security tools.

Fill up the details for registration > keep the INITIALIZE AND START AFTER INSTALLATION OPTION UNCHECKED and click next.

Step 3 : Start the services or reboot the system.

$ service nexposeconsole start

Now open the browser and navigate to https://kali:3780

Click on advanced.. and Accept the Risk to continue. Enter your username and password then your license key available on your e-mail id.

Then login and you can run the scan by the target IP. The activation is for a period of 30 days.

3. OWASP ZAP POXY

Kali linux comes with pre installed OWASP ZAP PROXY tool. We just need to Click the menu button > web application analysis > ZAP.

Step 1 : Select No, and then start. It will show the pending updates, you can update zap or continue as it is by closing the window.

Step 2 : From there, you can go for an automated or manual scan according to your preference. I will be selecting the AUTOMATED SCANNING OPTION.

Step 3 : Here, you may enter your target website’s Domain name or IP Address and click on “attack”.

You can now see that some vulnerabilities have been found in the alert section.

Step 4 : The Report can be imported by clicking on the Report Option in the menu bar > Generate report in the desired format.

Happy Hacking 🙂 This content is made available for educational & informational purposes only!🌼 Follow me for more articles on cyber security and please give me your feedback. 🤩

Cyber Security Enthusiast