If you have been wondering how to install Nessus Vulnerability Scanner on Debian 11/10/9 then you should worry no more. In this guide, we will go through how to install Nessus Vulnerability Scanner on Debian Linux system.
Nessus is a popular and widely used vulnerability assessment tool that works for both web and mobile applications and can be deployed on Premises or in a cloud environment. It scans and detects malware of embedded devices, configurations auditing, compliance checks among many other functions. Nessus can be used to scan and audit the following environments.
- Virtualization: For VMware ESX, ESXi,Hyper-V, vSphere, vCenter, and Citrix Xen Server
- Operating systems: such as Mac, Windows, Linux, BSD, Cisco iOS, Solaris, IBM iSeries.
- Cloud: It can be used to scans cloud applications and instances like Salesforce and AWS
- Databases: Oracle, SQL Server, MySQL, DB2, Informix/DRDA, PostgreSQL, MongoDB.
- Network devices: firewalls/routers/switches (Juniper, Check Point, Cisco, Palo Alto Networks), printers, storage.
- Web applications: Web servers, web services, OWASP vulnerabilities
Features of Nessus
- High-speed asset discovery
- Sensitive data discovery
- Smart service recognition
- Target profiling, malware detection
- Configuration auditing
- Scalable: It quickly exploits the systems strengths, so it can increase its scanning efficiency.
- Offers multiple services
- Full SSL support
- The biggest user base
- Up-to-date security vulnerability database
- Proven maturity: with the first public release of Nessus in 1998. Ever since the technology behind it has been extensively tested and perfected, on huge networks over time.
Install Nessus Vulnerability Scanner on Debian 11/10/9
Nessus Vulnerability scanner is installed on Debian 11/10/9 by downloading the latest available packages from the official Nessus Downloads page. As of this writing, the latest available version was at Nessus – 10.x
Step 1 – Download and Install Nessus
From the official Nessus downloads page, you can download the .deb package for installation on Debian. For Debian installation, I downloaded a package with the name Nessus-10.x-debian6_amd64.deb
sudo apt update && sudo apt install wget -y
wget 'https://www.tenable.com/downloads/api/v1/public/pages/nessus/downloads/16870/download?i_agree_to_tenable_license_agreement=true' -O Nessus-10.3.0-debian9_amd64.deb
Now with the package downloaded, navigate to the downloads directory and install Nessus with the command below.
sudo apt install -f ./Nessus-10.3.0-debian9_amd64.deb
Sample Output:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'nessus' instead of './Nessus-10.3.0-debian9_amd64.deb'
The following NEW packages will be installed:
nessus
0 upgraded, 1 newly installed, 0 to remove and 9 not upgraded.
Need to get 0 B/53.3 MB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 /root/Nessus-10.3.0-debian9_amd64.deb nessus amd64 10.3.0 [53.3 MB]
Selecting previously unselected package nessus.
(Reading database ... 33876 files and directories currently installed.)
Preparing to unpack .../Nessus-10.3.0-debian9_amd64.deb ...
Unpacking nessus (10.3.0) ...
Setting up nessus (10.3.0) ...
Unpacking Nessus Scanner Core Components...
Created symlink /etc/systemd/system/nessusd.service → /lib/systemd/system/nessusd.service.
Created symlink /etc/systemd/system/multi-user.target.wants/nessusd.service → /lib/systemd/system/nessusd.service.
- You can start Nessus Scanner by typing /bin/systemctl start nessusd.service
- Then go to https://debian11:8834/ to configure your scanner
Step 2 – Start and enable the Nessus service
With the Nessus Vulnerability scanner installed successfully, start and enable the nessusd service on Debian 11/10/9 with the commands.
sudo systemctl start nessusd
sudo systemctl enable nessusd.service
Verify if the service is running:
$ systemctl status nessusd.service
● nessusd.service - The Nessus Vulnerability Scanner
Loaded: loaded (/lib/systemd/system/nessusd.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2022-10-02 06:14:00 UTC; 5s ago
Main PID: 2177 (nessus-service)
Tasks: 12 (limit: 18710)
Memory: 114.5M
CPU: 5.274s
CGroup: /system.slice/nessusd.service
├─2177 /opt/nessus/sbin/nessus-service -q
└─2178 nessusd -q
Oct 02 06:14:00 debian11 systemd[1]: Started The Nessus Vulnerability Scanner.
Oct 02 06:14:02 debian11 nessus-service[2178]: Cached 0 plugin libs in 0msec
Oct 02 06:14:02 debian11 nessus-service[2178]: Cached 0 plugin libs in 0msec
Nessus listens on port 8834. Verify this as below.
$ sudo ss -plunt|grep 8834
tcp LISTEN 0 1024 0.0.0.0:8834 0.0.0.0:* users:(("nessusd",pid=2781,fd=13))
tcp LISTEN 0 1024 [::]:8834 [::]:* users:(("nessusd",pid=2781,fd=15))
If you have ufw enabled, allow this port through the firewall as below.
sudo ufw allow 8834/tcp
Step 3 – Configure Nessus Vulnerability Scanner
At this point, the Nessus web interface can be accessed using the URL https://IP-Address:8834 or https://Hostname:8834 to finish the Nessus installation and activation. You will see this page.
There are several products for the installation, I will go with Nessus Essentials. Now proceed and provide details to receive the Nessus activation code on your email address.
Now with the activation code received on your email, enter it on this page and proceed.
On this page, create a Nessus admin account.
Nessus will initialize and several plugins required will be compiled and installed.
This process might take quite some time, so sit back and relax as you wait for the process to complete.
Step 4 – Use Nessus Vulnerability Scanner
Once complete, you can begin your scan. Enter your Network target list or range, for example, 192.168.205.0/24 will scan all hosts on the subnet.
Click submit and the available devices on the network will be shown.
Select the desired devices to scan for vulnerabilities. When a scan is run, all the vulnerabilities will be shown as below.
Critical, high medium, and low vulnerabilities will be shown for each device and you can show the information by clicking on the vulnerability as shown below for 192.168.205.4.
While on the main dashboard, you can do other scans by clicking on New scan as shown.
Select the type of scan you want to run and proceed.
That marks the end of this guide, we have successfully installed and configured Nessus Vulnerability Scanner on Debian 11/10/9. We have also performed a scan and seen how vulnerabilities can be detected on various systems on a network.
I hope you enjoyed it.
See more on this page:
- Install Nessus vulnerability Scanner on Kali Linux
- Install Nessus Scanner on Ubuntu
- Best Penetration Testing Books