Nessus Setup From Scratch
Kundan Antyakula??
Devops Engineer - Data & Infrastructure Specialist | AWS Certified (2x) | GitHub Certified (1x) | Kubernetes & Containerization | CI/CD & Infrastructure Automation | Driving Secure Data & Scalable DevOps Solutions
Installing Nessus on Kali Linux: A Comprehensive Guide
Nessus is a popular vulnerability assessment tool used by security professionals to identify weaknesses and misconfigurations in systems. Kali Linux, being a leading distribution for penetration testing, is a common platform for running Nessus. In this guide, we'll walk you through the installation and setup of Nessus on Kali Linux, using an updated and simplified method.
Step-by-Step Guide to Installing Nessus on Kali Linux
1. Download Nessus for Debian/Kali Linux
To begin, you’ll need to download the Nessus installer package for Debian-based systems, as Kali Linux is based on Debian. Follow these steps:
Open your browser and navigate to the official Nessus download page:
Select Debian / Kali Linux from the download options.
At the time of writing, the latest stable version is Nessus-10.8.2. You will receive a .deb file for installation.
2. Verifying the Downloaded File
After downloading the .deb file, it's important to verify its integrity using SHA-256 to ensure that the file has not been tampered with.
In your terminal, execute the following commands:
echo "d7d680b0b93e84f522cf6d8f9034aab8e18cb864509291eb1641813937d085c8 Nessus-10.8.2-debian10_amd64.deb" > sha256sum_nessus
sha256sum -c sha256sum_nessus
This command compares the hash value of your downloaded file against the known correct hash. If it’s a match, you’re good to go. If not, it’s better to re-download the file to ensure security.
3. Installing Nessus
Now that the integrity of the file is confirmed, proceed to install the Nessus package:
sudo apt install ./Nessus-10.8.2-debian10_amd64.deb
This will install Nessus and set it up for use on your Kali Linux system.
4. Start the Nessus Service
Once the installation is complete, you need to start the Nessus daemon service. This service will allow Nessus to run in the background and be accessible from the browser.
Use the following command to start the service:
sudo systemctl start nessusd.service
To verify that the service is running:
sudo systemctl status nessusd.service
You should see output indicating that Nessus is active and running.
领英推荐
5. Access Nessus Web Interface
After the Nessus service is started, open your browser and navigate to the following address:
https://127.0.0.1:8834
You may receive a warning about an SSL certificate. Since this is a local service, you can safely bypass the warning.
6. Activate Nessus
Once you’ve accessed the Nessus web interface, you’ll need to activate it using a Nessus Essentials license. Follow these steps:
Copy the license code
7. Complete the Nessus Setup
In the Nessus web interface, you will be prompted to enter your activation code. Paste the code into the appropriate field and submit it. This will activate Nessus and unlock its basic vulnerability scanning features.
8. Starting Nessus Scans
Once activation is complete, Nessus will initialize, which may take a few minutes. After initialization, you can start creating new scans:
Once your scan is configured, you can run it and review the results for vulnerabilities.
Troubleshooting Tips
With this setup, you’re ready to perform thorough vulnerability assessments on your network and systems, keeping them secure and compliant.