Skip to content

2022

Nessus

What does this post cover?

Nessus is possibly the most well-known vulnerability scanner out there. It was originally open source before going closed source / commercial. At that point, development split off into the OpenVAS project.

Having tried OpenVAS first, after configuring and setting it up, it was clear when moving over to Nessus, that also had similar processes to install and configure it. For example, back when these notes were taken, the web interface was accessible from any network interface by default (this still appears to be the case). There's also a setting related to checking the signatures of the scanner plugins after downloading which wasn't often talked about.

Installing Nessus regularly was more or less required for a number of pentesting courses, so this page was created to document those steps a long time ago. This is just a port of those notes with some review of the currrent documentation.

Snapshot in Time

These are my notes from 2022 and earlier on setting up Nessus in a lab environment. They may be outdated, and were only checked against the latest documentation when porting to this blog post. They have not been tested.