WEBVTT 00:07.460 --> 00:08.030 All right. 00:08.030 --> 00:08.870 Good afternoon. 00:08.870 --> 00:15.770 We are going to install and use Nessus today and start off with I just punched into Google Nessus install 00:15.800 --> 00:17.930 Linux because we're on a Linux machine. 00:18.080 --> 00:21.860 Hit that little link and you can see that it provides me a download button right here. 00:21.860 --> 00:23.390 I'm going to click that download button. 00:23.480 --> 00:25.190 It's going to take me to a new website. 00:25.280 --> 00:28.460 It's going to do NASA's ten 0.7.3. 00:28.490 --> 00:30.560 That is the current version available. 00:30.950 --> 00:32.510 But we're not on an ubuntu system. 00:32.510 --> 00:33.590 We're on a Debian. 00:33.590 --> 00:35.780 So I'm going to scroll up until I find Debian. 00:35.810 --> 00:36.620 Here it is. 00:36.650 --> 00:39.470 We're going to do the amd64 right there. 00:39.470 --> 00:41.120 And we're going to hit that little download button. 00:41.120 --> 00:44.750 Now I've already downloaded my version just to speed this video up. 00:44.810 --> 00:48.320 Uh, the next thing we have to do is we go back after we're done downloading. 00:48.860 --> 00:52.640 And if you click this little plus button right here, it gives you the command right here. 00:52.640 --> 00:58.310 So that DHCP dpkg I'm going to grab that I'm going to copy it. 00:58.340 --> 01:00.450 Now you'll notice I didn't grab the Nessus nastiest version. 01:00.450 --> 01:01.260 There's a reason why. 01:01.290 --> 01:04.650 Because you'll notice that it has version number right there. 01:04.650 --> 01:06.600 And I like hitting that tab button. 01:06.600 --> 01:09.420 So I'm going to open up my terminal and blow this up for you. 01:10.020 --> 01:12.330 First thing I need to do is get into my downloads folder. 01:12.330 --> 01:17.910 So I'm going to do CD downloads like that doing LS. 01:17.910 --> 01:20.850 And we can see that we are actually using Nessus right there. 01:20.850 --> 01:24.690 So I'm going to input that paste that clipboard. 01:25.380 --> 01:28.590 And instead of you can see here that I tried to do it earlier. 01:28.590 --> 01:29.400 That's all right. 01:30.210 --> 01:31.110 We're going to do Nessus. 01:31.110 --> 01:33.870 And then if I just hit tab you can see that it auto fills. 01:35.940 --> 01:37.710 Requires superuser privileges. 01:37.710 --> 01:39.210 So we'll put sudo in front of it. 01:39.240 --> 01:40.020 Sudo. 01:40.050 --> 01:40.800 There we go. 01:45.840 --> 01:47.280 And now we're ready to go. 01:47.280 --> 01:51.810 It says you can start Nessus scanner by typing then start Nessus service. 01:51.990 --> 02:00.610 So I'm just going to grab all that, copy that selection and then we'll just use it in here And we can 02:00.610 --> 02:03.910 start it once we've started it. 02:03.940 --> 02:06.190 We then go to this website right here. 02:06.190 --> 02:08.590 I'm just going to do open link. 02:09.820 --> 02:14.080 We're going to do advanced and I'm going to go and accept the risk. 02:14.230 --> 02:15.160 And here we are. 02:15.190 --> 02:16.900 We're at the NASA start page right now. 02:16.930 --> 02:19.930 We've installed NASA's onto our system. 02:19.960 --> 02:22.690 Now we need to actually scan something with it. 02:22.690 --> 02:28.060 So the first part of our process is to make sure we actually have something to scan. 02:28.060 --> 02:31.840 And you can see here that I've got two running in the background. 02:32.050 --> 02:34.300 Uh, key object two is off of Vulnhub. 02:34.810 --> 02:40.840 You can remember to find that or you can download that off of the specific systems. 02:40.930 --> 02:41.500 All right. 02:41.500 --> 02:46.240 So I'm going to open up my terminal the very first thing I need to do right off the bat before I do 02:46.240 --> 02:49.960 anything else is find that key two system. 02:50.770 --> 02:53.650 And in order to do that I'm just going to do an ifconfig. 02:53.680 --> 02:56.140 You can see I'm on 10.0.2.9. 02:56.140 --> 02:57.580 And then I'm just going to do an nmap. 02:57.580 --> 02:57.880 Sweet. 02:57.880 --> 03:07.150 I'm just going to do a switch SN 10.0.2.0 with a slash 24 network, and it should identify where that, 03:07.150 --> 03:09.580 uh, key two is actually pushed out at. 03:09.610 --> 03:14.620 Now I'm on 2.9, which means Archaeopteryx is most likely on 2.5. 03:15.430 --> 03:15.790 All right. 03:15.820 --> 03:18.820 Next thing we need to do is actually start our Nessus. 03:18.820 --> 03:34.810 So I'm going to do a sudo, then systemctl and then start start Nessus d just like that and enter. 03:34.840 --> 03:36.430 Type in that password for it. 03:36.430 --> 03:40.210 And I should have Nessus starting right up. 03:43.300 --> 03:52.690 To get the status of NASA's, I'm going to do a sudo systemctl and then status. 03:52.690 --> 03:56.200 And of course NASA's e just like that. 03:56.200 --> 04:01.570 And we can see here that, our system is running there. 04:01.570 --> 04:04.420 It is just like we want. 04:04.450 --> 04:05.260 Okay. 04:07.090 --> 04:10.330 Uh, if we had it disabled, let's say that something was disabled. 04:10.330 --> 04:12.520 For whatever reason, we could do a system. 04:12.640 --> 04:14.950 Uh, this is enabled, so I could do that. 04:14.950 --> 04:26.620 Now I can do, uh, sudo and then system ctl and then enable and then necessary like that. 04:27.580 --> 04:29.260 And we've enabled it. 04:29.260 --> 04:37.030 And now if we did a status again we can see here that it has in fact been enabled. 04:37.150 --> 04:37.630 Okay. 04:37.660 --> 04:44.140 So in order to get on an SS it's actually a web UI, a web GUI interface, I'm going to open up Microsoft 04:44.170 --> 04:45.520 or I shouldn't say Microsoft. 04:45.520 --> 04:48.550 I'm opening up Firefox just like that. 04:48.550 --> 04:50.740 And we're going to provide that onto localhost. 04:50.740 --> 04:56.320 So it's just going to be if I open up the uh, page, it's going to be on localhost right here. 04:56.320 --> 04:59.280 And I can do it right here at NASA's essentials. 05:00.390 --> 05:01.350 There we go. 05:02.190 --> 05:05.670 And you can see that I am there now when you do yours. 05:05.700 --> 05:07.740 Yours may not be kindred, right? 05:07.770 --> 05:10.290 Depending on how you set it up, it could be something else. 05:10.320 --> 05:11.010 Okay. 05:11.010 --> 05:13.620 So it could be localhost. 05:13.620 --> 05:19.350 It could be however you set yours up in my case, mine is under kindred .8834. 05:19.350 --> 05:21.090 And I'm just going to go ahead and sign in. 05:21.180 --> 05:21.720 Okay. 05:22.470 --> 05:22.860 All right. 05:22.890 --> 05:28.170 Now I've already done some scans on the system, but I'm going to walk you through the process. 05:28.200 --> 05:28.860 Okay. 05:28.890 --> 05:34.050 The very first thing is we want to let it update everything that needs to be updated. 05:34.080 --> 05:34.620 Okay. 05:34.650 --> 05:37.860 And you can see that it started and then it was successful. 05:37.860 --> 05:39.510 Just let it finish. 05:39.510 --> 05:40.140 Any updates? 05:40.140 --> 05:46.920 The first time that you run Nessus, uh, expect to just let it sit there for about about 2 to 3 hours. 05:46.950 --> 05:47.190 Right. 05:47.220 --> 05:48.450 Go get some coffee. 05:48.480 --> 05:49.980 Let it finish updating. 05:49.980 --> 05:53.550 It needs to go through and actually, uh, do some software updates. 05:53.580 --> 05:53.820 Right. 05:53.850 --> 05:58.560 And we can see software updates right here You can update all the components or whatnot. 05:58.590 --> 05:59.220 Okay. 05:59.220 --> 06:02.880 But under the events is where we actually see what's going on. 06:02.910 --> 06:03.690 All right. 06:03.900 --> 06:07.110 You can see the last time I logged in this system was actually May 29th. 06:07.110 --> 06:09.630 And it updated based off of that. 06:09.660 --> 06:10.290 All right. 06:10.470 --> 06:14.940 Now once you've let it update you can go to scans. 06:15.150 --> 06:15.690 Okay. 06:15.720 --> 06:18.900 From scans you can see past scans. 06:18.930 --> 06:20.940 But you can also do a new scan. 06:20.970 --> 06:24.270 Now you can see that I've already performed that scan just because. 06:24.450 --> 06:27.810 And if I wanted to relaunch it, I could relaunch a new scan. 06:27.840 --> 06:32.850 I'm going to do a new scan, but I'm going to provide it and name it something else, because I want 06:32.880 --> 06:34.050 to be able to look at these results. 06:34.050 --> 06:36.720 So we're not waiting a couple hours for that to take place. 06:36.780 --> 06:40.170 The scans that I can do are all right here. 06:40.200 --> 06:40.770 Okay. 06:40.800 --> 06:43.740 I can do a host discovery scan just to figure out where things were. 06:43.770 --> 06:46.080 If I didn't want to use nmap, I could utilize that. 06:46.080 --> 06:49.320 I could do a basic network scan, an advanced scan. 06:49.320 --> 06:52.320 I mean, there's all kinds of different scans that you could utilize. 06:52.320 --> 06:54.930 Some of them you have to upgrade to. 06:54.960 --> 06:59.710 You have to pay money to go through with the necessary essentials, which is what we started. 06:59.830 --> 07:01.180 We're good to go, right? 07:01.210 --> 07:04.180 You can see here that a new version of Nessus is available. 07:04.180 --> 07:06.520 And if I wanted to, I could apply that. 07:06.520 --> 07:07.960 Now, I'm not going to. 07:08.050 --> 07:10.450 For today's purposes, it doesn't make sense to. 07:10.540 --> 07:14.860 But you can see all the different scans associated that I could, I could go through. 07:15.100 --> 07:19.240 I'm going to do a basic or I should say I'm going to do an advanced cat. 07:19.270 --> 07:21.400 If I start the advanced scan I just click on it. 07:21.400 --> 07:23.260 I can name it whatever I want. 07:23.290 --> 07:26.530 I'm going to name this one test number two. 07:26.650 --> 07:35.470 Just like that, I can provide a description the objects to and then basic scan just like that. 07:35.470 --> 07:38.080 And you can see that it's going to go to my scans folder. 07:38.080 --> 07:39.970 And then I need to provide it a target. 07:40.000 --> 07:45.100 Now if you remember correctly, we were on 10.0.2.5 just like so. 07:45.100 --> 07:49.180 And then I just save it once I've saved it. 07:49.180 --> 07:54.010 You can see that test number two is on demand schedule and has not been scanned. 07:54.010 --> 07:58.580 And to start it I just hit that launch button just like that, and it's going to start scanning through 07:58.580 --> 07:59.480 the process. 07:59.480 --> 08:05.300 While it's scanning, let's take a look at the scan that we already performed, because there shouldn't 08:05.300 --> 08:06.560 have been much changed. 08:06.830 --> 08:13.640 If I click on that and you'll have the similar window once your system is done scanning, you can see 08:13.640 --> 08:17.000 that I've got the IP address, the different vulnerabilities. 08:17.000 --> 08:25.700 You can see that it identified two critical vulnerabilities 21 high 21 medium, seven low and 63, which 08:25.700 --> 08:29.780 are informational things that we should be aware of that we may want to take care of. 08:29.810 --> 08:38.300 If I click on the vulnerabilities tab, it provides me, in descending order of Cvss score highest to 08:38.330 --> 08:40.820 lowest, exactly what I'm looking for. 08:40.850 --> 08:41.570 Okay. 08:41.570 --> 08:47.720 And you can see that if I click on that, it'll go through and actually run it out right from there. 08:47.720 --> 08:50.750 I can click on any of these that I want more information on. 08:50.750 --> 08:56.010 For instance, I want more information on Unix operating system Unsupported version detected. 08:56.010 --> 09:02.160 Because Archaeopteryx two is running such an older operating system, the system is detecting it and 09:02.160 --> 09:05.250 saying, hey, this operating system isn't supported anymore. 09:05.250 --> 09:07.500 It has some very major holes in it. 09:07.530 --> 09:10.410 We should consider updating this operating system. 09:10.710 --> 09:17.250 We can also see that critical 9.8 SSL version two and three protocol detection. 09:17.250 --> 09:20.040 If I click on that, we can see a description. 09:20.040 --> 09:26.730 We can see the remote server accepts connections encrypted using SSL 2.0 or 3.0, and these versions 09:26.730 --> 09:29.520 are affected by several cryptographic flaws. 09:29.670 --> 09:35.190 We can see the insecurities if we scroll down, we can see the output associated with it. 09:36.120 --> 09:42.030 If I scroll back up, I can see remediations that the system recommends that I do and it says hey, 09:42.060 --> 09:48.450 action, PHP version or OpenSSL, and we can follow that along and see what it has to do. 09:48.480 --> 09:52.500 We can also see a history of when the scans were taking place. 09:52.500 --> 09:58.820 So if something changed if I was doing a scan, say, once a week or once a month or whatnot, I could 09:58.820 --> 10:03.980 see what was going on, and I could see all the past history of different scans associated with it. 10:04.010 --> 10:07.040 Let's go back to this vulnerabilities window right here. 10:07.040 --> 10:09.500 And you can see that I can look at some more items. 10:09.530 --> 10:09.740 Right. 10:09.770 --> 10:10.910 I can see timestamp. 10:10.910 --> 10:16.190 And again it gives us the same basic flow and structure across the board of what we want to do. 10:16.220 --> 10:20.180 It could even provide us the different remediations associated with it. 10:20.180 --> 10:22.430 So we can search different actions. 10:22.430 --> 10:24.170 We can again look at the history. 10:24.200 --> 10:26.750 We can again look at the hosts associated with it. 10:26.750 --> 10:32.900 And that's this just gives us a good idea of what's going on across the board. 10:32.930 --> 10:33.410 Right. 10:33.440 --> 10:39.680 If I did not want to see this alarm for whatever reason, let's say that this was a legacy system that 10:39.680 --> 10:42.890 we knew we had problems with, and I didn't want to see it in the future. 10:42.890 --> 10:49.820 I could hit that snooze button and I could snooze this for one month, and any future scans that I reran 10:49.820 --> 10:52.460 will not populate with that, right? 10:52.490 --> 10:55.860 I can also modify it if I didn't want a critical. 10:55.860 --> 10:57.150 Let's say that I said, you know what? 10:57.150 --> 10:58.560 This isn't critical. 10:58.560 --> 11:03.240 It's actually, uh, information or I don't want to see this result. 11:03.240 --> 11:04.500 I could do that. 11:04.980 --> 11:09.570 A lot of times we're not going to do the hide, uh, result unless we're running a system. 11:09.570 --> 11:16.320 And I ran into this issue a while ago where we ran a scan against a windows machine. 11:16.320 --> 11:19.650 Uh, and it was populating with a bunch of Linux vulnerabilities. 11:19.650 --> 11:25.410 In that case, we hid those vulnerabilities because we really didn't need to see Linux vulnerabilities 11:25.410 --> 11:26.430 on a windows machine. 11:26.430 --> 11:27.180 They were irrelevant. 11:27.180 --> 11:28.620 They were false positives. 11:28.680 --> 11:30.930 Uh, and so we were able to go through that process. 11:30.960 --> 11:35.190 And that's NASA's in a very short time frame. 11:35.190 --> 11:36.450 It's a great tool. 11:36.450 --> 11:37.200 It really is. 11:37.230 --> 11:39.240 And if you have the paid version, it's even better. 11:39.270 --> 11:39.810 All right. 11:39.840 --> 11:45.360 Now this really does put a lot of effort and time into their software. 11:45.450 --> 11:47.490 Uh, and I can't say enough nice things about it. 11:47.520 --> 11:48.510 It does a great job. 11:48.540 --> 11:49.020 All right. 11:49.020 --> 11:50.820 With that said, that's it for this video. 11:50.850 --> 11:53.040 We will see you next time Thanks everyone.