Install Nessus for Free and scan for Vulnerabilities (New Way)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this video I'm going to show you how you can easily install nessus for free on Ki Linux nessus is well known in the industry allows you to scan for vulnerabilities and then get a report and assess the vulnerabilities on a host or in a network I'm going to show you how you can quickly install nus on kly Linux and then do a vulnerability scan of a device in this topology I'm using virtual box I've got two virtual machines I've got a Mr Robot virtual machine as well as a kly Linux virtual machine the Mr Robot virtual machine was downloaded from vulnhub and I downloaded kie from the Ki website and I simply downloaded the virtual box VM for Carly Linux and imported both of those virtual machines into virtual box now have a look at some of my other videos which I've linked below that shows you how to install virtual box and how to import virtual machines into virtual box if you're not sure how to get something like this setup the goal of this video is to help you get nessus installed on Ki Linux as quickly as possible okay so that's enough talking let me show you how you can get nessus installed on Ki Linux Gmail is the most popular email service in the world but what are you giving up if you use Gmail in the past Google used to scan your Gmail messages to sell targeted ads now they've stopped that quite a while ago but that doesn't mean that your email is private just have a search online and you'll see things like this text dirty secret the app developer sifting through your Gmail I like this headline Google says no one is reading your emails except do you really trust Google for privacy if a government agency wants access to your Gmail messages they can get access that's very different to proton mail which uses pgp to give you endtoend encryption even proton doesn't have access to your private key because it's encrypted with a password that only you know so even if a government agency requested access to your emails proton mail cannot give access to your emails because it's crypted with your public key and only you have access to your private key so only you can decrypt your email messages I get a lot of messages about proton giving up the IP address of French activists but I asked Andy Yen about that during our interview link below I asked him the difficult questions about proton male now I use proton mail as you can see here a lot of people in the cyber security space use proton mail because it gives you endtoend encryp it allows you to use secure email that protects your privacy don't believe that your email can't be read by companies or government agencies here's a very interesting take from foret and we told that most emails are encrypted while the data is transmitted but the information is stored in clear text making the content readable by email providers including companies like Google or government agencies popular free to-use email Services typically do not provide endtoend encryption which means hackers can easily intercept sent messages but government agencies or companies such as Google can use your email messages to either Target advertising to you or give developers access to your email I highly recommend proton for their VPN solution email solution and other Solutions I really want to thank proton for sponsoring this video now the first thing I'm going to do is open up a web browser and I'm going to browse to table's website to downloads nessus login attempt true and I'm going to download nessus 4 Linux Debian amd64 and I'll click download you need to agree to the license so click agree and nessus will now download downloading downloading downloading to help you with this installation my team and I have created a PDF that you can download link below that gives you the URLs and the steps to get nessus installed you have both this video as well as the PDF to help you get this up and running hopefully this will save you a lot of time when we created this PDF the version was slightly older 10.6.3 versus what I'm demonstrating here simply change the numbers used for the installation process is exactly the same however okay so that's now downloaded it's available in my downloads directory the next thing we need to do is get the shaw 250 check sum what I'm going to do is Click check sum and then copy The Shard 256 check sum I'll open up mouse pad and paste that in okay so we need to go to our downloads directory through the terminal and then we need to use this command Echo the check sum that you've downloaded which will be different to this PDF and the Debian file that we've downloaded again the version that I've downloaded is different to this PDF so I'm going to open up a terminal I'm going to go to my downloads directory so CD downloads Alis shows us that the file has been downloaded you can see that it's 107.2 so the command that we need to use is this command so it's Echo space quotation marks the hash that was downloaded the name of the software so it's this file so I'll copy that make sure that you get rid of any irrelevant spaces and then we're going to Echo that to this file called Shard 256 some nessus okay so I'll paste that in hopefully I've done that right there you go if I typ LS there is the file that has been created okay so what I'm going to do is copy the Sha check sum to make sure that it's correct now one thing I've noticed be careful in the PDF this needs to be a hyphen so make sure that it's sha 256 sum hyphen C and the check sum name and what you should see is that the check sum is correct again this is shown in the PDF just be careful that that's hyphen c not- c next step is to install the software so I'll clear the screen and we're going to install the software so the command is Pudo app install and the software that I'm going to install in my example is nessus 1072 Debian put in my password and as you can see software is now being installed okay I do get this error but it worked in my example so I'll simply run that again and as you can see everything has been installed so I'm happy with that okay you now need to get your license so in the PDF I've given you the link so you go to the tenable website we want to get the essentials version which basically allows us to get the software for free so put in your details put in your email address you need to put a company name in so put in your company name and click get started so we told that we need to check our email for the activation code so go to your email and get the activation code which you now need to continue with the installation okay the next step is to start the service so I'll clear the screen and paste the command pseudo systemctl start nessus d. service service has started and what we can do in our web browser is browse to https Local Host Port 8834 I'm going to go to Advanced accept the risk and continue and notice nessus is now initializing you just need to wait for it to start up okay so we told welcome to nessus you can click settings to configure proxy Etc but what we're going to do is an offline registration and click continue I'm just going to go with the default of expert and click continue now to get a license key you need to visit the offline registration page and enter this code so I'm going to click on that opens up a new tab what we need to do is copy the challenge code paste that in here and then you need to paste in the activation code that you received on your email so I'm going to paste in my activation code and click submit now we're told that we can get plugins here and we need to copy the license and paste it into the console to begin so I'm going to copy this license code and put it in the setup and click continue now I can specify username and a password and click submit okay you can see that the installation is complete it's now initializing and at this point you just need to wait for it to complete the initialization process and there you go no notice we told that no plugins are available so there's limited functionality so what we want to do is go to settings before we create a scan notice I can't create a new scan so go to settings software update we're going to update all components click save so that'll happen daily but what we want to do is do a manual software update so I'm going to update all the components and as an example you could just say update plugins if you like so we told that plugins will be downloaded software will be updated now this is going to take a while so notice feed to the plug-in server was successful and plugins are now being downloaded but you could as an example just update all the components if you want to this is just going to take time so now is a good time to go and get a coffee and wait for this to complete once again going to scans I see nothing here I can't create a scan so that tells me that I just need to wait for the process to complete as you can see at the top here a lot is happening while the software is being downloaded and installed so we've got like 100% CPU utilization you simply need to wait for this installation to complete while we're waiting for that let me show you a installation that's already been done so I'll start up this Dev server and I'll log into that and what you'll notice is when I go to scans I can actually select new scan and now I can run various scans a whole bunch of scans can be run here but we simply going to run a basic Network scan on a specific device in our Network that device once again is the Mr Robot virtual machine which I downloaded from vulnhub again the process is quite simple all I'm going to do is click new scan I'm going to select basic Network scan in this example give it a name so something like Mr Robot and then I need to scan a Target now to help me discover that Target I'm simply going to use nmap and I'm going to scan the network that my device is on so my kie virtual machine is in the subnet 1921 168/24 so I'm going to scan that entire network without port numbers so that I can quickly discover the devices in my topology including that machine so you can see various devices were discovered including a TP Link router I've got a Phillips light but one that I'm interested in is this Oracle device with IP address 192168 0149 so we could run an N map scan of of that device 192168 0149 and we can see that various services are open so HTTP https okay so that's the host that I want to scan you'd obviously put in the IP address or range of IP addresses of the host that you want to scan but in my example 1921 168 049 various options are available here you could schedule the scans to take place at different times you can get notification sent to you if you've got SMTP set up what I'm going to do here is scan all ports on that device you could just scan for common ports or a custom range but I'm going to scan all ports rather than just the well-known port numbers assessment you can change different options here what we're going to do is scan for known web vulnerabilities Quake just to speed it up and for your report you can decide various options but I'm going to just go with those options and click save and then what you can do is Click launch to to start the scan so what you'll see here is this scan Mr Robot is now taking place you could pause it you could stop it but what I've actually done is I've run these test scans previously it's exactly the same type of scan so I could click on test three because it's now completed but before I do that let's have a look at Mr Robot you can see that two vulnerabilities have already been discovered so this is informational information about the device this will update but if we look at a report that's already been run notice we can see a whole bunch of vulnerabilities have been discovered on that device so just to make the point I'll click on test two click more click configure and you can see it's the same device so on test two notice for this device same IP address we have a report showing us that there's one high vulnerability five medium one low and a bunch of info so if I click on high can see that the severity is high 7.5 SSL certificate signed using weak hashing algorithm medium open SSL AES so the remote host is affected by a man in the middle information disclosure vulnerability due to an error in the implementation of Cipher Suites that use AES in CBC mode with hmax SH 1 and hmax Sh 256 so various information is given here but I don't want to go too much into the individual vulnerabilities I simply wanted to show you how you can get nessus installed on Ki Linux and then run a vulnerability scan against a host in this example our Mr Robot virtual machine okay I hope you enjoyed this video please let me know in the comments below did you find this video useful let me know what other types of videos you want me to create and as always please consider subscribing to my YouTube channel that really does help me like the video and click on the Bell to get notifications I'm David Bumble and I want to wish you all the very best

Info

Channel: David Bombal

Views: 112,550

Rating: undefined out of 5

Keywords: kali linux, linux, kali, nessus, nessus free, free nessus, nessus install, kali install, cybersecurity, vulnerability, vulnerability scanner, scan, web scan, wordpress, mr robot, cyber security, vulnerability assessment, tenable, nessus tutorial for beginners, nessus vulnerability scanner, nessus tutorial, vulnerability management, nessus scan, security center, vulnerability scanning, information security, how to use nessus, cybersecurity tools, vulnerability scanning tools, nmap

Id: Gy-aPBb0djk

Channel Id: undefined

Length: 14min 56sec (896 seconds)

Published: Sun May 26 2024