Enabling Nessus on BackTrack 5 - The Official Guide

by Paul Asadoorian
July 21, 2011

Preparing Your Backtrack 5 Installation

Nessus 4.4.1 now comes pre-installed on BackTrack 5 and requires that the user activate the installation. Before you activate Nessus on your BackTrack 5 installation, be certain you have installed Nessus either to the hard drive on the computer you plan to use or inside of a virtual machine that you plan to keep on the same host system. If you activate Nessus on a bootable USB thumb drive, DVD or a virtual machine and move it to a new host system, the Nessus activation code will no longer be valid. The Nessus activation ties itself to the physical system on which it is installed. If you do decide to move the virtual machine to a new system, or jump around to different systems using a bootable USB thumb drive or DVD, you will have to re-activate Nessus. If you are using a Nessus ProfessionalFeed, you are allowed to reset your activation by clearing the current connection between a host and an activation code. By logging into the Tenable Customer Support Portal and going to "Activation Codes", you can reset the activation code-to-host pairing. ProfessionalFeed users are currently limited to one reset every 30 days. HomeFeed users will need to re-register Nessus when moving between physical hosts.

Step 1 - Obtaining An Activation Code

Once you have Nessus installed on BackTrack 5, you will need to obtain a Nessus activation code. If you wish to purchase a ProfessionalFeed, you can visit the Tenable Store. If you are using Nessus at home or wish to evaluate Nessus, you can register a HomeFeed. It’s important to note that the HomeFeed is limited to 16 IP addresses per scan (whereas the ProfessionalFeed allows you to scan an unlimited number of IP addresses). The ProfessionalFeed also gives you access to features such as Configuration and Sensitive Data Auditing, SCADA plugins, Nessus Technical Support and access to the Tenable Customer Portal.

Step 2 - Activating Nessus

Be certain that your BackTrack 5 installation has access to the Internet and activate Nessus using your newly obtained activation code as follows:

Click for larger image

As shown above, this will also initially download the appropriate plugins based on which feed you've chosen.

Step 3 - Creating A User Account

Next, you will create the initial user account that will be used to login to the Nessus Web Interface:

Click for larger image

After you've entered a username, the nessus-adduser program asks you if the user account should have admin privileges or not. It is recommended that the initial user account have admin privileges so you can use the Nessus Web Interface to create subsequent accounts. The only difference between a Nessus admin user and a regular user is the ability to create user accounts.

Step 4 - Starting Nessus

Using the supplied startup script, start the Nessus server:


Step 5 - Accessing the Nessus Web Interface

Once Nessus has been initially started, it will begin to index and compile all of the plugins. This can take some time, depending on the speed of your system. If Nessus is still processing plugins, you may see the following screen when accessing the web interface:

Click for larger image

The web interface can be accessed with your browser by making an HTTPS connection to TCP port 8834 (e.g. https://localhost:8834/). If you are using a browser local to the BackTrack 5 distribution, such as the supplied version of Firefox, be certain that you enable Flash and JavaScript for this site (Flash is required to access the Nessus Web Interface, and JavaScript is required to view some of the reports). You can also access the Nessus Web Interface remotely by using the IP address assigned to BackTrack 5 (e.g.


We are happy to have Nessus more easily accessible on the BackTrack Linux distribution as many are using it as their platform of choice for security assessments and penetration testing reconnaissance. There are numerous tools included with BackTrack 5, many of which integrate with Nessus, which makes it a great platform for security professionals.