Setup and Configuration:

  • Download Nessus Essentials 8.15.1 from: https://www.tenable.com/downloads/nessus
  • choose: Nessus-8.15.1-debian6_amd64.deb | Debian 9, 10 / Kali Linux 1, 2017.3, 2018, 2019, 2020 AMD64
  • to install, open terminal in the Download directory and type: sudo dpkg -i Nessus-8.15.1-debian6_amd64.deb
  • after installation to start Nessus: sudo /bin/systemctl start nessusd.service
  • to use Nessus, browser: https://kali:8834/ (Accept the browser warnings)
  • register with name and business email (real) so that you can receive the single use Serial Number (recommended to obtain the SN using the webpage request process)
  • with the SN received in email continue the setup process
  • setup a new username and password
  • after all this expect 1 hoour of downloading and compiling the required modules (I suggest to temporary allocate more ram and vcpu to the kali vm :D )

Usage:

  • Click on “new scan” buton
  • with the free version you can only scan 16 IP addresses (this will reset after 90 days)
  • on Basic Tab select “Basic Network Scan” in name: Metasploitable and in Targets insert the IP addrss of the Metasploitable vm
  • on Discovery tab select Scan type: Port scan (all ports)
  • on Assessement tab select Scan for known web vulnerabilities – or a more intensive option
  • Click Save and then Launch it by clicking the Play symbol