Scanning for Vulnerabilities

Joseph Wagner CSOL 570

Professor Schmidt

University of San Diego

2

When looking for a vulnerability scanner there are a lot of options on the market.

Depending on the use case, size of the organization, and complexity of the systems being

monitored there is an option that will suit all needs. For the basis of this paper, the tools will be

scored using these criteria:

1. Market Reputation

2. Cost

3. Complexity

4. Support (professional, and crowdsourced)

5. CVE Compatible

Because of the nature of attacks and the way that hackers can get into even the most complex

systems it is important to have a vulnerability scanner than is up to date and keeps an

organizations system safe. “Vulnerability scanning is a non-destructive form of testing that

provides immediate feedback on the health and security of a network. Based on the information

provided, the IT team can take direct action to better protect a network and the information

housed within it. Scanning should take place on a regular basis- but especially if in the middle of

an upgrade.” (Collins, 2021) Being able to run these scans on a consistent basis should be a

common practice of all security teams today and these tools are an integral piece of architecting a

proper security infrastructure.

The two vulnerability scanning tools that I reviewed were

1. Nessus

2. OpenVas
 3

Overall, both tools seem great and would provide an easy free option for individuals as well as

small enterprises with little to no budget for these products. In the end I picked Nessus to install

on machine based on the criteria below.

Criteria OpenVas
Good reputation overall in the market. Open source which is popular in the
Market Reputation developer community. Preloaded into KALI Linux.
Free Version, also paid versions varying in price $3,400 for small
Cost infrastructures up to $135,000 for organizations
Not a great GUI interface, some reports are hard to understand, system is
Complexity slower than Nessus
Lots of support via YouTube and reddit. Many articles and how to Guides
Support on how to install and run reports. Professional support available as well
CVE Compatible Yes 26,000+

Criteria Nessus

Market Nessus has a good market reputation as being a clean and easy to use system. The
Reputation free version is more digestible than OpenVas and the reports are cleaner.

Nessus has a good market reputation as being a clean and easy to use system. The
Cost free version is more digestible than OpenVas and the reports are cleaner.
Nessus has a great user interface, and the reports are easily downloadable and
Complexity digestible.
Lots of videos online, professional support is included in some tiers of the
Support professional licenses.
CVE Compatible Yes 50,000+

Since Nessus is installable on all major platforms, I decided to install it both on my Mac and my

Kali Linux VM. The mac install was easy.

1. Download the DMG file

2. Open file and walk-through prompts

3. Once installed Nessus runs plugins

4

4. Once installed I found the IP for my machine and hit run scan and found vulnerabilities

within minutes

The GUI interface is accessible via a web portal and is easy to use and pulled a lot of

interesting data.

Kali Install

The Kali install was much more complicated and required me to watch a few videos and read

some step by step how to guides. In the end via the web browser the GUI was the same and

the reports and vulnerabilities were easy to digest and view.

1. Visit tenable.com and download the correct package for your VM, I am using an amd64

Kali machine, so I downloaded the correct package to match my machine.

2. Once downloaded I ran cd downloads command and found the file and checked it with

the list command to make sure it was there

3. I then ran the sudo -I dpkg command and installed the package

4. Once this was installed, I had to open the installer, type of root password to open the bin

and then navigated to the website for the gui interface.

5. Once I was on the GUI, I had to type in an activation code and then load and install the

plugins for Nessus to run. Once it was installed, I typed in my password and had access

to the interface.

6. I then ran the scan for the IP of my kali machine as well as other machines in my virtual

box to discover the vulnerabilities.

5

Here are some screen shots from the reporting and scans I ran:

Part of the reason I chose Nessus to install was the feedback around the ease of the tool but how

powerful it was. It was a great GUI, and the scan ran very quickly. It was easy to navigate the

different screens and the data was easy to understand even for someone like myself who is not
6

very technical. Overall, I saw a ton of value in this tool and would recommend organizations

even with a small budget to use Nessus.

7

References

Collins, A. (2021, February 25). The Importance of Vulnerability Scans. All Covered.
https://www.allcovered.com/blog/the-importance-of-vulnerability-scans/

Keary, T. (2021, March 4). Nessus vs OpenVAS: Which is Better? A Head-to-Head Comparison.
Comparitech. https://www.comparitech.com/net-admin/nessus-vs-openvas/