Nessus : In computer security, Nessus is a proprietary comprehensive vulnerability scanning program. It is free of charge for personal use in a non-enterprise environment. Its goal is to detect potential vulnerabilities on the tested systems.
Now we have to add a user for adding a user Go to Application>Backtrack>Vulnerability Assessment>Vulnerability Scanners>Nessuss>nessus user add
or goto the terminal and type /opt/nessus/sbin/nessus-adduser
To start the nessus goto Application>Backtrack>Vulnerability Assessment>Vulnerability Scanners>Nessuss>nessus start
Nessus allows scans for the following types of vulnerabilities:
- Vulnerabilities that allow a remote hacker to control or access sensitive data on a system.
- Misconfiguration (e.g. open mail relay, missing patches, etc.).
- Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.
- Denials of service against the TCP/IP stack by using mangled packets
- Preparation for PCI DSS audits
first of all we need to Registerthe nessuss it will provide us the activation code.
Go to the Application>Backtrack>Vulnerability Assessment>Vulnerability Scanners>Nessuss>Nessuss Registration.
It will send us on the nessuss website for registration click on home user register it will provide you a activation code
Now follows the steps
Go to the terminal and type /opt/nessus/bin/nessus -fetch --register <Code here>
or goto the terminal and type /opt/nessus/sbin/nessus-adduser
No comments:
Post a Comment