Scanning with Nessus

The Nessus vulnerability scanner from Tenable Security (http://www.tenable.com/) is one of the most widely used vulnerability scanners. Metasploit’s Nessus plug-in lets you launch scans and pull information from Nessus scans via the console, but in the example that follows, we’ll import Nessus scan results independently. Using Nessus 4.4.1 with a free Home Feed, we’ll run this scan against the same target we’ll use throughout this chapter, with known credentials. In these early stages of a penetration test, the more tools you can use to fine-tune your future attacks, the better.

Nessus Configuration

After you have downloaded and installed Nessus, open your web browser and navigate to https://<youripaddress>:8834, accept the ...

Get Metasploit now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.