REPUBLIQUE DU CAMEROUN

PAIX- TRAVAIL- PATRIE

INSTITUT SAINT JEAN

Année académique 2023-2024

NETWORK SECURITY REPORT

Thème :
APPRENTISSAGE DES OUTILS
NESSUS ET OPENVAS

Rédigé par : Examinateur :

 YOUMSSI TAMKO  M. MAHAMAT M.


 I- TRYHACKME LAB NESSUS AND SCANNING OF METASPLOITABLE :

1- WHAT IS NESSUS ?

Nessus vulnerability scanner is A vulnerability scanner which uses techniques similar to Nmap to
find and report vulnerabilities, which are then, presented in a nice GUI for us to look at. It’s
different from other scanners as it doesn't make assumptions when scanning, offers a free and
paid service, in which some features are left out from the free to make you more inclined to buy
the paid service.

2- INSTALLATION OF NESSUS:

The official installation guide can be found at the official site of tenable which is :
https://docs.tenable.com/nessus/Content/GettingStarted.htm.
we must download the NESSUS package for Debian amd64, and install it with DPKG, then,
follow the instructions to configure it through the GUI, which is by default launched at
https://kali/8834.
3- NAVIGATION AND SCAN TYPES :
The interface of NESSUS is presented as below, where we can see all scan types, and we notice
that the most suitable scan type is “Basic network scan”, that we’ll use later in this report.

4- RUN A NETWORK SCAN :

We create a new 'Basic Network Scan' targeting the VM that we deployed on Tryhackme.

We define a name for this scan, a description and a target which is the ip address of the VM that
we deployed on Tryhackme, we also define the list of all ports that we want to scan and then, we
launch the scan.
and the result is :

5-) RUN A WEB APPLICATION SCAN ON THE VM:

this scan take a little more time, and when it’s end we can see :

6-) SCANNING METASPLOITABLE WITH NESSUS :

we’ll scan all ports (1-65535), the result is :

II-) OPENVAS :

1-) WHAT’S OPENVAS :

OpenVAS is an effective solution for proactive security management, allowing you to keep
ahead of potential attacks by scanning and assessing your systems on a regular basis. OpenVAS
is a fork of the original Nessus project and is noted for its adaptability, large database of
vulnerability tests, and strong community support.

2-) INSTALLATION OF OPENVAS :

we can install it from the Kali/OpenVAS repositories with the command : “ sudo apt install
openvas ” but openvas is installed in kali linux by default.

3-) DASHBORD AND SCANS :

and then, we reach the interface :

4-) SCANNING METASPLOITABLE :
and then we launch the scan, the result is :