On the left side, at the bottom of the "Free" section, click "Register Now".
Enter your name and email address to get a registration code.
Click the Register button.
On the next page, Click the Download button.
On the "Download Nessus" page, download the "Debian 6 and 7" version. If you are using the VM I recommended for this class, it's 32-bit Kali.
On your Kali machine, in a Terminal window, execute these commands:
In IceWeasel, go to this URL:
dpkg -i Nessus-6.5.5-debian6_i386.deb
https://localhost:8834A page appears, saying "This Connection is Untrusted", as shown below.
Click the yellow triangle to expand the "I Understand the Risks" section.
Click the "Add Exception..." button.
In the "Add Security Exception" box, click the "Confirm Security Exception" button.
A "Welcome to Nessus 6" page appears, as shown below.
Click the Continue button.
In the "Account Setup" page, enter these values (or any other values you can remember):
Click the Continue button.
A box pops up asking whether to remember the password. Close that box with the X in its upper right corner.
In the "Product Registration" page, enter the Activation Code you got from your email and click the Continue button.
Wait while the product downloads more software, as shown below. This will take some time, perhaps 15 minutes.
On your Windows machine, open a Command Prompt window and execute the IPCONFIG command to find its IP address.
On your Kali machine, open a Terminal window and ping your Windows machine. Make sure you can see replies, as shown below.
If you don't get replies, you need to troubleshoot your network connections. Make sure the firewall is off on the Windows machine.
The simplest way to resolve network connection problems is to place all virtual machines in Bridged mode. That way you can scan either real or virtual machines.
On the left side, click the "New Scan" button.
On the next page, click "Basic Network Scan", as shown below.
Fill in these values, as shown below.
At the bottom of the page, click the Save button.
A box pops up asking whether to remember your password. Close it.
In the "Scans/My Scans" page, in the "Win-YOURNAME" line, on the right side, click the faint gray triangle to start your scan, as outlined in green in the image below.
The "Scans" page shows your scan running, with a little green icon turning, as shown below.
The scan should take 5-6 minutes. When it completes, the green rotating icon changes to a green checkmark. as shown below.
CLick one of the colored regions to see a detailed list of vulnerabilities, as shown below.
YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT
This is an essential part of any vulnerability analysis--an intelligent human must evaluate the results to decide how important they really are to the company.
Scanners almost always flag a lot of problems as CRITICAL when they aren't really so important.
Send a Cc to yourself.
Nessus: Forget the administrator password
Last Modified: 4-12-16