Easy Nessus scan for a beginner with Backtrack 5
I have got to say that the inclusion of Nessus in Backtrack 5 is great. This makes performing a basic vulnerability scan easy.
Everything you need is pre-installed so you can literally start a test scan (on a test system) in under 5 minutes, you simply need to:
1) Get a free home-use key on the Tenable/Nessus website
2) Enter the key as follows
/opt/nessus/bin/nessus-fetch --register xxxx-xxxx-xxxx-xxxx
3) Create a user and password (and hit enter to skip the rules)
/opt/nessus/sbin/nessus-adduser
4) Start the service
/etc/init.d/nessusd start
5) Start the scan, and view the report
https://localhost:8834/
The Nessus user-interface is so straight-forward that don't think there is any point in me describing where to click or what to put in. Just play with it for a minute or two and you should see how it works.
Using Nessus to scan a set of machines really is a no-brainer. Here is a sample report (This XP systems needs patching ;o)
Whilst this is no substitute for a Penetration test, a basic vulnerability scan can certainly help identify computers that are missing patches, or have poor configurations.