You are previewing Learning Nessus for Penetration Testing.
O'Reilly logo
Learning Nessus for Penetration Testing

Book Description

Master how to perform IT infrastructure security vulnerability assessments using Nessus with tips and insights from real-world challenges faced during vulnerability assessment

In Detail

IT security is a vast and exciting domain, with vulnerability assessment and penetration testing being the most important and commonly performed security activities across organizations today. The Nessus tool gives the end user the ability to perform these kinds of security tests quickly and effectively.

Nessus is a widely used tool for vulnerability assessment, and Learning Nessus for Penetration Testing gives you a comprehensive insight into the use of this tool. This book is a step-by-step guide that will teach you about the various options available in the Nessus vulnerability scanner tool so you can conduct a vulnerability assessment that helps to identify exposures in IT infrastructure quickly and efficiently. This book will also give you an insight into penetration testing and how to conduct compliance checks using Nessus.

This book starts off with an introduction to vulnerability assessment and penetration testing before moving on to show you the steps needed to install Nessus on Windows and Linux platforms.

Throughout the course of this book, you will learn about the various administrative options available in Nessus such as how to create a new user. You will also learn about important concepts like how to analyze results to remove false positives and criticality. At the end of this book, you will also be introduced to the compliance check feature of Nessus and given an insight into how it is different from regular vulnerability scanning.

Learning Nessus for Penetration Testing teaches you everything you need to know about how to perform VA/PT effectively using Nessus to secure your IT infrastructure and to meet compliance requirements in an effective and efficient manner.

What You Will Learn

  • Understand the basics of vulnerability assessment and penetration testing
  • Install Nessus on Windows and Linux platforms
  • Set up a scan policy based on the type of infrastructure you are scanning
  • Configure a scan by choosing the right policy and options
  • Understand the difference between credentialed and non-credentialed scans
  • Analyze results from a severity, applicability, and false positive perspective
  • Perform penetration tests using Nessus output
  • Perform compliance checks using Nessus and understand the difference between compliance checks and vulnerability assessment
  • Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at If you purchased this book elsewhere, you can visit and register to have the files e-mailed directly to you.

    Table of Contents

    1. Learning Nessus for Penetration Testing
      1. Table of Contents
      2. Learning Nessus for Penetration Testing
      3. Credits
      4. About the Author
      5. About the Reviewers
        1. Support files, eBooks, discount offers and more
          1. Why Subscribe?
          2. Free Access for Packt account holders
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Errata
          2. Piracy
          3. Questions
      8. 1. Fundamentals
        1. Vulnerability Assessment and Penetration Testing
          1. Need for Vulnerability Assessment
            1. Risk prevention
            2. Compliance requirements
          2. The life cycles of Vulnerability Assessment and Penetration Testing
            1. Stage 1 – scoping
            2. Stage 2 – information gathering
            3. Stage 3 – vulnerability scanning
            4. Stage 4 – false positive analysis
            5. Stage 5 – vulnerability exploitation (Penetration Testing)
            6. Stage 6 – report generation
        2. Introduction to Nessus
          1. Initial Nessus setup
          2. Scheduling scans
          3. The Nessus plugin
          4. Patch management using Nessus
          5. Governance, risk, and compliance checks using Nessus
        3. Installing Nessus on different platforms
          1. Prerequisites
          2. Installing Nessus on Windows 7
          3. Installing Nessus on Linux
        4. Definition update
          1. Online plugin updates
          2. Offline plugin updates
          3. Custom plugins feed host-based updates
        5. User management
          1. Adding a new user
          2. Deleting an existing user
          3. Changing the password or role of an existing user
        6. Nessus system configuration
          1. General Settings
            1. SMTP settings
            2. Web proxy settings
          2. Feed Settings
          3. Mobile Settings
            1. ActiveSync (Exchange)
            2. Apple Profile Manager
            3. Good For Enterprise
          4. Result Settings
            1. Advanced Settings
        7. Summary
      9. 2. Scanning
        1. Scan prerequisites
          1. Scan-based target system admin credentials
          2. Direct connectivity without a firewall
          3. Scanning window to be agreed upon
          4. Scanning approvals and related paper work
          5. Backup of all systems including data and configuration
          6. Updating Nessus plugins
          7. Creating a scan policy as per target system OS and information
          8. Configuring a scan policy to check for an organization's security policy compliance
          9. Gathering information of target systems
          10. Sufficient network bandwidth to run the scan
          11. Target system support staff
        2. Policy configuration
          1. Default policy settings
          2. New policy creation
            1. General Settings
            2. Credentialed scan
              1. The Windows credentials option
              2. Windows usernames, passwords, and domains
              3. The SSH settings option
              4. The Kerberos configuration option
              5. The Cleartext protocols settings option
            3. Plugins
              1. Filtering
            4. Preferences
        3. Scan configuration
          1. Configuring a new scan
            1. General settings
            2. E-mail settings
          2. Scan execution and results
        4. Summary
      10. 3. Scan Analysis
        1. Result analysis
          1. Report interpretation
            1. Hosts Summary (Executive)
            2. Vulnerabilities By Host
            3. Vulnerabilities By Plugin
          2. False positive analysis
            1. Understanding an organization's environment
            2. Target-critical vulnerabilities
            3. Proof of concept
            4. Port scanning tools
            5. Effort estimation
          3. Vulnerability analysis
            1. False positives
            2. Risk severity
            3. Applicability analysis
            4. Fix recommendations
          4. Vulnerability exploiting
            1. Exploit example 1
            2. Exploit example 2
            3. Exploit example 3
        2. Summary
      11. 4. Reporting Options
        1. Vulnerability Assessment report
          1. Nessus report generation
            1. Report filtering option
          2. Nessus report content
        2. Report customization
        3. Report automation
        4. Summary
      12. 5. Compliance Checks
        1. Audit policies
          1. Credentials
        2. Compliance reporting
        3. Auditing infrastructure
          1. Windows compliance check
          2. Windows File Content
          3. Unix compliance check
          4. Cisco IOS compliance checks
          5. Database compliance checks
          6. PCI DSS compliance
          7. VMware vCenter/vSphere Compliance Check
        4. Summary
      13. Index