Greetings in initial video presentation, we're going to see how we go about conducting a vulnerability scan using nessus. We're going to pick up where our last lab left off. And that's where we installed nessus as a container up inside of Docker, to clear out my cache and to get a fresh install of Kali, I have rebooted. So I'm going to have to go up inside of Docker, find an image for nessus, I'm going to have to reattach it so that we can get into the web interface. And we're going to do this by going up and we're going to type in Docker space, PS space dash, small letter A, I'm gonna go ahead and hit Enter. And you're gonna see just a moment when I go fullscreen, that we do have our nessus image currently installed, and this is the container ID that it uses.

So I'm gonna go ahead and copy that. I'm going to go down here and I'm gonna use my up arrow. And we're going to go ahead and find that previous command that we use in There it is. So it's already got everything that we need and that is Docker space start space dash dash attach, followed by the container ID. And you saw how I got that, I had to show the containers that were present inside of Docker. And then I was able to find that container ID, I'm going to go ahead and hit enter.

I won't be able to see this terminal refresh, I'm gonna have to close out my terminal, I'm gonna have to open up a fresh one. And we're going to have to go back in and use the Docker command to show currently what containers are up inside of Docker. So I've typed in again, doctors face to face dash small letter A. Now I'm going to go ahead and make this full screen again and you'll see that it is now up and it is running and has been for 42 seconds. We cannot close out the terminal. And I'm going to open up my browser.

Our browser has opened up and I've gone up into the address bar and I've typed In the URL to access the nessus web interface. Now remember, this is a few TPS. So I've got to type that in along with the four slash four slash localhost colon, the port number that NASA needs to use, which is 8834. Now, don't panic when you see that it's compiling plugins. This is what it's going to do before, it allows us to go ahead and have access to begin our first scan. Took my machine about five to seven minutes to compile those plugins.

So do Be patient when you log on to do your first scan. So I'm going to go ahead and type in my username and password. You can tell Firefox to go ahead and remember your username and password that will log you in just a little bit quicker. So once we have logged into nessus, we are presented with the my scans page. Now to get started, we have to create a new scan. So we're going to go over here to the right, we're going to click on the new Scan button.

From here, you'll see that there are a number of scanning templates that you can use. These are already pre configured. And if you want to look for a particular type of scan, you probably find it in here. And now these are all configurable, and there are other nessus templates that you can actually download from the internet for other things that you might have running on your network. So let's go ahead and click on the Advanced scan. As I previously stated, these scanning templates are already pre configured, there are actually a profile of the most common settings that you would find for that particular template.

Now in this case, we're using the advanced scan template. So all of the settings have already been configured for us. Now what we have to do next is go down here to where it says targets and we have to type in the IP address for the range that we want nessus to scan, we're going to need to get our network range. So to get this, I'm going to go ahead and minimize my nessus window and I'm going to open up a terminal. And that's the terminal window. I'm going to type in if config to check to see what the IP address is for this particular machine.

So I'm going to type in ifconfig. And I'm going to scroll back up to the top and I'm going to look for my Ethernet zero adapter. My Ethernet zero is configured for the network 192 dot 168 dot zero, and it has been assigned a host IP of 30. I'm gonna go ahead and close this out. I'm gonna go ahead and maximize my window here for nessus. And I'm going to type in 192 dot 168 dot zero dot one.

And I'm going to scan the network range all the way up to 254. Now that To every possible IP address that is on this network, scroll on down here to the bottom. And we're going to click on Save, I can give this scan a friendly name, I'm going to call it test, scroll on back down. And I'm going to pull down this window here. And I'm going to select launch. It's going to take a few minutes for NASA's to set itself up and go out and scan your local area network.

And as it does, you're going to see that there's going to be some information that gets updated. You can click on the name of your scan anytime you want. And you can go look at the results. So I'm going to go ahead and launch over to the next page. And we're going to see that the test scan currently has no results. So let's give it some time.

So as the scan results come in, you'll be able to see the IP address of the machine and over to the right you'll be able to get a great Out of exactly what vulnerabilities are currently present. So you can see that they are color coded so red is critical. The orange is going to be high yellow is medium and then we have low and info. Right now, all we have showing for this particular IP address are two information, informational messages. So you can click on the scan results, and you can get more information about exactly what those informational messages are or the critical or the high or whatever vulnerability has been discovered. So after eight minutes, my nessa scan has completed.

And I want to remind everyone that when you type in that IP address for your networking range to scan, make sure that you don't have any spaces between the dash. So it identified the following machines on my network and I can go in and I can look at the results. Let's look at the medium. She was going on in here. See SMB signing not required SSL certificate cannot be trusted, wrong hostname, SSL, self signed certificate, it goes on and on, then we get into the informational messages. So you can see that you can get a lot of information here.

But if we click on any of these findings, for instance, I'm going to go in here, you can get all the information about this particular vulnerability. And then you can also find ways to mitigate it. All right, so you go over here you can find all the information about when it was found and discovered and all that fun stuff. And you can scroll on down and you can get some information about the port that it runs on and how it was discovered. And you can also see all the different articles and the findings from nessus samba.org and Microsoft comm You can see all these different organizations have something to say about this particular vulnerability. If you need to get back, just hit the back arrow, and you're back to where you were.

Now, again, these results will vary. But this is actually a pretty cool thing. Now, if you're on a real network, or you got routers, and you've got firewalls, and you've got all the servers, and you've got all that fun stuff to scan, you're going to see a lot of interesting stuff in here. And that's going to tell you exactly where you can begin to do your vulnerability analysis. So if you happen to get lucky and find some criticals or highs on a client's network, not your own, then you're going to be able to actually do some actual pen testing. And again, when those results show up, inside of the scan results, you just click on, it's going to tell you exactly what you need to know to be able to actually exploit that particular vulnerability.

So when we go into a client, we're usually have a pelican case. And inside that Pelican case, we're going to have at least five or six different laptops and each laptop is going to be configured with Ubuntu, and then move on to is going to have all these different tools installed on it, such as nessus. So you can see how we install the container for nessus. Using Kali Well, we can do the same thing with Ubuntu. And I can have all those tools available to me on Ubuntu. Now, that's because a lot of clients will get a little upset with you, if you bring in Kali or some of these other hacking suites.

So we normally build a clean install of Ubuntu, make sure it's updated. Then we install our container for nessus or open bass or whatever it is or creating a container for that usually puts the client At ease, because when you walk into a bank or you walk into someplace where they security's really tough, they're going to look at your laptops. So make sure that you've got everything dress, right dress and don't think that you're going to bring your Apple machine or your Windows laptop onto somebody's work network, because that's not going to happen. Nobody's going to allow anybody to come in off of the street and just drop a laptop onto their network and begin scanning. That's because Windows is vulnerable. That's why it has a virus scanner.

Same thing with Apple. We use Linux, and we use Linux exclusively for pen testing. So that's going to cover this short video presentation on how we go about conducting a nessus scan on our network. So if you have any concerns or questions about any of the material that was covered in this short video presentation, don't hesitate to reach out and contact your instructor and I'll see you in my next video.