Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Getting Started with Nessus on Kali Linux

Kali Linux, a Linux distribution designed specifically for penetration testing, comes prepackaged with many pen test tools. Nessus® provides a penetration tester with a wealth of capabilities that will assist in the engagement, such as:

  • Identifying local and remote vulnerabilities
  • Configuration and compliance audits
  • Checking for default credentials
  • Web application scanning

Nessus isn’t installed on Kali Linux by default, but this post will show you how to install Nessus and provide some suggestions for using it in a penetration testing engagement to gain a more complete understanding of your organization's security posture.

Please Note: Because the Kali Linux installation of Nessus has been very popular over the past several years, the instructions in this blog were updated by Juan Vela on May 13, 2019, to reflect the latest version of Nessus. If you are interested in learning how to install Nessus version 5 on Kali Linux, please read our 2014 blog, Installing and Using Nessus on Kali Linux.  

Installing and configuring Nessus

Prior to downloading Nessus, ensure that your Kali Linux installation is up to date:

apt update && apt upgrade

Step 1: Purchase Nessus and obtain an Activation Code

Nessus can be purchased directly from Tenable or through an authorized reseller.

After purchasing Nessus, an Activation Code will be available on the Tenable Support Portal.

Step 2: Download Nessus

Navigate to the Tenable Nessus downloads page and select the appropriate version for your installation of Kali Linux, either the 32-bit or 64-bit Debian package.

Step 3: Install Nessus

Using the command line, install the Nessus package. Once the installation completes, start the Nessus service:

/etc/init.d/nessusd start

If you would like Nessus to start when Kali Linux boots, issue the command:

update-rc.d nessusd enable

After the Nessus service starts, use a web browser to navigate to the Nessus Web Interface at: https://localhost:8834/.

Step 4: Configure and use Nessus

You may see a warning about the SSL certificate not being configured appropriately. You can continue past this warning or consult the Nessus User Guide to properly set this up.

To configure Nessus, follow the installation wizard. Create an administrator user account, activate with your activation code from the Tenable Support Portal and let Nessus fetch and process the plugins.

Refer to the official Nessus documentation for any other questions or issues with installing Nessus.

Nessus interface

Using Nessus in a penetration test

Kali Linux tools complement your Nessus installation, with everything in one place for easy maintenance. Nessus reports on host discovery, vulnerability detection and exploitability. Here are some of the ways Nessus can be used to support penetration testing:

Conclusion

Nessus is the world’s most widely-deployed vulnerability assessment solution. Nessus quickly and accurately identifies vulnerabilities, configuration issues and malware in physical, virtual and cloud environments to help you prioritize what to fix first. Combine Nessus with Kali Linux to build a superior pen testing toolkit that provides deep insight into your network systems.

For more information

To download Nessus, visit the Nessus Download page or evaluate Nessus Professional for 7 days.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.