You are on page 1of 13


Open Source Vulnerability Scanner

Presentation by Garrett Tomasek for Joanne Wagner’s CIT 2251 class, Fall 2005
What is Nessus?

Nessus was created to be a free, powerful, remote security

scanner. It is one of the top-rated security software products, and
is endorsed by professional information security organizations
such as the SANS Institute.

Nessus will:
• Perform over 900 security checks
• Accept new plug-ins and patches to expand to new checks
and security threats
• List security concerns as well as recommend courses of action
to correct them
Nessus was created as an open source project typically for use
on Unix, Linux, BSD, and other similar systems. Nessus is a
client/server application – a client can connect to a remote
server and run a scan remotely.

However, ports for Windows based operating systems are

available. NessusWX is a Nessus client, but does not contain a
server portion – NessusWX will have to connect to a typical
Unix-like Nessus server.

NeWT is a commercial Nessus client and server application

that is available for Windows operating systems that do not
have access to a Unix-like Nessus server. The free version of
NeWT only scans the local class C address the PC is connected
to, which will make it unhelpful to us.
What it means to our class
Lab exercise 5.2.5: Configure IOS Firewall
IDS will use Nessus to demonstrate the IDS
in action!

So how do we use Nessus to do this lab?

Knoppix, Linux Live CD
Knoppix is a distribution of Linux that allows
a user to run a nearly fully functional Linux
system off a bootable CD, without requiring
installation on a hard drive. Current
distributions of Knoppix contain Nessus!
Knoppix is the perfect choice to finish this
one lab, without requiring a long and hard
drive altering Linux installation.
The version of Knoppix I am using to create
these instruction is 3.9 of the CD version, but
will work on the current 4.0 DVD version
(and possibly the 4.0 CD version).
Setting up Nessus
The following will be step-by-step instructions on setting up
the Linux system and Nessus in order to complete the lab.
The lab contains little information on how to set it up, so this
will fill in the gap. After this is set up, the lab instructions can
be followed correctly.
Setting up Nessus
1. Boot the computer in to Knoppix with the CD. Once
Knoppix is fully loaded, you will be at the desktop.
2. Find the icon on the bottom panel that looks like a
monitor with a command prompt (the tool tip will say
Konsole) and click it to open the terminal program.
3. Enter the command “su” to switch to root, the
administrative access. Your prompt should have
changed from knoppix@<more text>, to root@<more
4. Enter the command passwd and give root a password.
The Nessus client will not work properly until this is
Setting up Nessus
5. Click on the penguin icon for the Knoppix menu, and
choose Network/Internet, and from that menu pick
Network card configuration. Choose the correct
interface you wish to apply IP settings to and click OK.
6. Click No on use DHCP broadcast. Then enter the
appropriate IP address, network mask, broadcast
address, and default gateway for the network you are
putting this Nessus PC on.
7. This should conclude setting up the network, we can
move on to Nessus now.

Note: It isn’t necessarily important what subnet the Nessus PC

is put on, other than it should be on a different network, so
that it transverses the router we are using IDS on, so that we
can see the IDS work in action.
Setting up Nessus
8. Open up the Konsole again, if it was closed, and enter
the su command to switch to root again if necessary.
Enter the command “nessusd –D”. This command will
turn the Nessus server on, and run it in Daemon mode so
it functions as a server in the background.
9. Now we can run the Nessus client. Open the Knoppix
main menu bar, the farther icon in the low-left corner.
Expand System, then Security, and finally open
NESSUS Security Tool – Network Scanner.
10. Once you are in the Nessus Setup window, make sure
the login textbox says knoppix. Then add the password
“knoppix” as well to the password text box.
Setting up Nessus
11. Now that we have set the login and password, click Log
in. Make sure “Display and remember the server
certificate, do not care about the CA” is selected, and
click OK. Click yes to accept the certificate. Then click
12. The attack PC should now be ready to pick up where the
lab left off, at Step 4, part c, which is executing the
Nessus scan.
Scanning in Nessus
Now we can begin the final steps to scan the
other network in Nessus.

First, we need to choose our target. Click on

the target tab. In the “Target(s)” textbox,
enter the target IP for the PC we are going
to attack.
Scanning in Nessus
Next, we are going to disable the port scan portion of
the test, as this is a very time consuming process, and
does not have any direct impact on the demonstraton
of IDS for this lab (IDS will just report thousands and
thousands of half-open TCP SYNs).
To do this, click on the Scan Options tab. In the “Port
Range:” textbox, enter “-1” to disable all ports in the
scan. You can also mouse-over this textbox to see
additional port scanning options via a tooltip that will
pop up.
The plug-in scan should be finished within 5
minutes, assuming the port scan was