Using Nessus

You will be prompted to enter the login details you created earlier when the download is complete. Load the web interface, and the page will automatically take you to the Scan Queue. Because Nessus is a straightforward tool, scanning for vulnerabilities is easy. You will find almost everything you need right on the top menu of the application.

On the Scan Queue, on the sub-menu to the right of the page, click New Scan to open a New Scan Template page. This is where you will set up your scan target. Give the new scan an appropriate name then select Run Now and under policy select Internal Network Scan.

Under the Scan Target, you will enter the IP address of the host you want to scan or enter multiple IPs separated by commas. Nessus also allows you to scan an address range such as 192.168.0.1-100 or an entire subnet such as 192.168.0.1/24. When done filling the template details, click Run Scan at the bottom of the page and Nessus will do its thing.

Important tip: Users familiar with Nessus report that this tool may crash highly vulnerable targets. It is, therefore, important that you run a scan on a host that you have specifically set aside to test the tool. As a white hat hacker, I cannot emphasize enough how important it is that you only scan targets that you own or those that you have permission to scan. Nessus is a potent tool that you should never play around with.

You will automatically be taken back to the Scan Queue page when the scan begins. On this page, you can keep track of the progress of the scan and any other scans in progress. If you want to see more details about the scan, you can click on the scan in progress to view the progress on the Summary page. Note that the information on the summary page may not be automatically refreshed.

When the scan is complete, the Summary page will contain the details of the

scan including the individual summaries of all the hosts you entered in the Scan Target field of the Scan Template. This information will be saved such that you can access it later by simply clicking on the Results tab on top of the page.

The scan summary will contain information about the scanned targets including all the vulnerabilities discovered in the host scanned. When you click on the host, you will be able to see an even more specific listing of the vulnerabilities discovered along with brief explanations of the information gathered during the scan.

When you click on vulnerability information, it will take you to a page with even greater details about the vulnerability including descriptions and Security Bulletin Numbers. Nessus often lists Windows-specific vulnerabilities by this number that corresponds with known vulnerabilities within Metasploit. This will make it easy for a hacker to easily find out how such a vulnerability analysis can be turned into an exploit.

8.5 Conclusion

You have had a first-hand experience using Nessus to scan for vulnerabilities on a target host. You should understand now why Nessus is the most trusted and preferred scanner on the market. It is simple to use, accurate, and reliable. The results are very detailed and exploiting found vulnerabilities is easier with Security Bulletin numbers when you scan a Windows host.

In the future, when you want to extend your vulnerability scanning, you can upgrade to the Nessus Manager or Nessus Cloud tools to have even more potent tools at your fingertips. Tenable also has several other great tools that you should discover including the Security Center Continuous View and the Passive Vulnerability Scanner which are used by IT organizations to put in place continuous monitoring solutions and to gather operational and vulnerability data through scanning, logging, and sniffing.

Hour 9: Wireless Hacking: Things You Should Know

For a hacking to take place, there must be a communication connection between at least two devices, and the connection between them can be via a cable (LAN) or wireless. Most hacking processes you have learned so far are done over the internet, meaning that they have been remote hacks that you can carry out anywhere provided the target host is online, and you have an internet connection.

The kinds of hackers you hear about on the news causing so much trouble to your potential clients are remote hackers. However, there is an even more dangerous type of hacker who can compromise a computer system by finding vulnerabilities in local computers using the client’s wireless network. More and more corporations and even individuals are hiring whitehat hackers to try to hack their wireless systems to know just how safe you are.

In this and the next hour, we will cover wireless hacking. This chapter will cover all the important things you need to know about wireless networks to prepare you for the different kinds of networks you will encounter and how easy or difficult it is to hack each one. You will learn what hidden networks are and find out how much of a challenge they are to a hacker. This hour is meant to give you a rough idea on how different kinds of wireless networks are usually hacked.