7.18 Penetration Testing Using Nessus 233
Chapter 7
7.18 Penetration Testing Using Nessus
The Nessus Security Scanner is another robust security auditing tool. Once
Nmap has found what may appear to be possible chinks in the armor, Nes-
sus makes it possible for auditors to directly test those chinks using security
modules to find vulnerable spots that should be fixed. It is made up of two
parts, a server and a client. The server/daemon is named nessusd and the
client is nessus. A plug-in architecture allows each security test (module) to
be written as an external plugin. In this manner, one can easily add his or
her own tests to Nessus without having to modify the source code of the
nessusd engine. The main features of the Nessus Security Scanner are
explained below.
Nessus Attack Scripting Language (NASL). The Nessus Security
Scanner includes NASL, a language designed to write security tests
quickly and easily (the security checks can also be written in the C
programming language). Nessus comes with a fairly current security
vulnerabilities database. The security checks database is updated on a
daily basis, so all the newest security checks are available from the
Nessus Web site, http://www.nessus.org.
Nessus client/server architecture. The Nessus Security Scanner is
made up of two parts: a server, which performs the attacks, and a cli-
ent, which is the front-end. You can run the server and the client on
different systems. That is, you can audit your whole network from
your personal computer, whereas the server performs its attacks from
another system. There are several clients available for Nessus: one for
X11, one for Win32, and one written in Java. Nessus can test an
unlimited number of hosts at the same time, depending upon the
power of the system you run the Nessus server component on.
Smart service recognition. Nessus does not believe the target hosts
will respect the Internet Assigned Numbers Authority (IANA)
assigned port numbers. This means that it will recognize a FTP server
running on a non-standard port (31337, say), or a Web server run-
ning on port 8080.
Multiples service support. Imagine a situation where an organiza-
tion runs two Web servers (or more) on their host, one server
assigned to run on port 80 and the other assigned to run on port
8080. Nessus will successfully test both of them, even though they
Get Business Continuity and Disaster Recovery for InfoSec Managers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
