Nessus दुनिया का सबसे popular vulnerability assessment solution है। यह Tenable द्वारा developed commercial tool है जो networks, applications और systems में vulnerabilities, misconfigurations और compliance issues को detect करता है।
👉 Enterprise security teams और professional penetration testers में यह industry standard है।
🔍 Nessus क्या-क्या कर सकता है
Vulnerability Scan
Deep vulnerability detection
170K+ Plugins
Huge vulnerability database
Compliance
PCI-DSS, HIPAA compliance checks
Multi-Target
Networks, cloud, containers
Advanced Reporting
Professional PDF reports और executive summaries
⚙️ Nessus Download और Install
👉 Nessus commercial tool है → Official website से download करना पड़ता है। Free version (Nessus Essentials) available है जो 16 IPs तक scan कर सकती है।
Step 1: Download from Tenable
https://www.tenable.com/downloads/nessusStep 2: Install .deb (Debian/Kali)
dpkg -i Nessus-*.debStep 3: Start Nessus Service
systemctl start nessusd.serviceStep 4: Access Web Interface
https://localhost:8834💻 Service Commands
👉 Nessus service management commands:
Start Nessus Service
systemctl start nessusdStop Nessus Service
systemctl stop nessusdCheck Service Status
systemctl status nessusdEnable Auto-start on Boot
systemctl enable nessusd🌐 Real Example (Web Interface Workflow)
Login to Nessus
https://localhost:8834First login में registration करनी पड़ती है
Create New Scan
Scans → New Scan → Select Template
Configure Scan
Target IPs/Hosts add करो, settings customize करो
Launch Scan
Save और Start button दबाओ
Review Results
Scan complete होने पर detailed report देखो
Nessus report में आपको comprehensive मिलती है:
Critical Vulnerabilities
Immediate exploit हो सकता है
High Severity
POTENTIAL compromise risk
Medium Risk
Less immediate threat
Low Risk
Informational findings
👉 Report में आपको मिलता है:
- • Vulnerability name और detailed description
- • CVSS score (0-10 scale)
- • Affected assets और technical details
- • Solution/Remediation recommendations
- • Links to security advisories और CVEs
🔥 Advanced Example (Scan Templates)
👉 Nessus में pre-built templates available हैं → specific needs के लिए
👉 Popular Templates:
Basic Network Scan
Quick port scan + common vulns
Advanced Scan
Comprehensive vulnerability check
Malware Scan
Malware detection और backdoor check
Web App Tests
Web application specific checks
बिना permission किसी भी network या system को scan करना illegal हो सकता है
Practice के लिए use करो:
- अपना lab environment / home network
- Authorized penetration testing engagements
- Virtual machines और test environments
📜 Licensing: Nessus Essentials (free) limited है - 16 IPs तक। Professional version के लिए license buy करनी पड़ती है।
🧩 Related Tools
Nikto
Web vulnerability scanner
OpenVAS
Open-source vulnerability scanner
Lynis
System security auditor
Nessus = "Premium Security Doctor"
यह आपकी company की full health check करता है और professional report देता है जिसे management और technical teams दोनों use कर सकते हैं।