- Download Nessus, open a terminal,
cd Downloads/anddpkg -i Nessus-10.7.4-ubuntu1404_amd64.debto depackage. /bin/systemctl start nessusd.serviceto start.- open
https://kali:8834/#/, add a ssl exception. Install nessus essentials, free, but limited to private addresses. - once you're logged in and plugins finished to compile, create a new basic scan with target
192.168.92.129. - in discovery, select all ports.
- in assessment, scan for web vulnerabilities.
- save and launch.
- we get a report: https://kali:8834/#/scans/reports/8/hosts
A lot more options are available in advanced scan.
Download the nessus file and convert it into an excel spreadsheet. Helpful for the client because we will only focus on the low-hanging fruit as pen testers.
Don't trust the vulnerability scanner, always check and take actual screenshots.
You will need to pay for nessus as a pen tester.