Friday, 10 July 2020

Security Scanning to find vulnerabilities on VM | Nessus | DVWA

In this post we will cover how to do a security scanning of an DVWA VM using Nessus Essentials tool.We assume you have already working Nessus Essentials setup. Here we are using target VM as DVWA.

Access Nessus on your browser and login with your username and password.


 Now we have Nessus is up. we can try it's Vulnerability Scanning on a target machine. Nessus Scans are based on Scan poilicies, which tells the scan what to look for and what not to look for.

Lets Change to Policies tab via sidebar.


Click on New Policy, and you will be met with many predefined policies Nessus has to offer. Ones you should note are Host Discovery, Which discovers live hosts that are suitable for Vulnerability Scanning, and Basic Network Scanning, which allows you to Perform a quick scan without worrying about setting up a custom policy. But In this tutorial, we will be covering how to create a  user-defined policy from scratch that you can Customise and Tailor to your needs.


Click on Advanced Scan Tab, and on the first page give some fancy name for first page, give the policy a fancy name of choosing, and a little but description if you want.


We see several drop-down menus on the left side. Let's click on Discovery. In the Host Discovery Section, We see several settings related to discovering remote hosts. If you are scanning a range of hosts, or a network, and local host falls within that range, go ahead and uncheck the Test The local network host option to disallow Nessus from scanning our own machine. However in this tutorial we will be scanning DVWA host.

Next we move on to the Port Scanning section by default, The SYN option is enabled, and the TCP option is disabled. Don;t be alarmed, as Nessus is opting to use the Faster and Less intrusive SYN scan instead of the normal TCP scan. You can optionally enable the UDP option, But UDP scanning is not reliable and can take long.


In the Credentials section we can pass required details to access remote for scanning purpose.



The plugins tab is where things get interesting. Nessus plugins are like modules that each perform a different component of a vulnerability Assessment. There are plugins for web servers, firewalls, DNS, FTP, and different flavours of Linux, Bruteforce attack etc. You can mix and match a vast range of different plugins to make your vulnerability assessment perfect. It is important you choose the right plugins as you don't want to be scanning for irrerelvant vulnerabilities, such as Cisco vulnerbilities on Linux target.



Once we have configured all the settings we need. we can proceed to clicking save and moving onto configuring the actual scan that will turn our policy into the 1s and 0s hurtling towards our target.


Creating New Scan
Now that we have out policy, Let's move to my scan tab and click on New Scan. We once again see the wide range of policy template, But since we have already configured our own Custom policy,w e can go to the User Defined Tab and select out own policy from there.


We can give a scan a name and description and specify the targets we want to scan. We can even schedule when, and how frequently we want to scan to occur, and send an email notifications to specifies people. Once you have finished loading your weapon, click on little arrow next to Save and click Launch.



This Scan will take a few minutes to complete, and Nessus will display a tick mark once it has completed the scan.