Lab 7 – Vulnerability Assessment: Nessus

Description: In this lab, we will do Vulnerability Assessment using Nessus. Nessus scans cover
a wide range of technologies including operating systems, network devices, hypervisors,
databases, web servers, and critical infrastructure.

Requirements for the lab: Attacker Machine - Kali Linux / Parrot OS. Victim / target Machine –
Metasploitable VM

Step 1: Launch your attacker machine (Parrot virtual machine) and log in
Step 2: Open your web browser, and download nessus from -
https://www.tenable.com/downloads/nessus?loginAttempted=true
Step 3: Once the download is complete, you can dpkg the .deb file of nessus. For that, open the
terminal, go to the directory where you have downloaded the nessus. And type the command –
sudo dpkg –I name_of_nessus_file.
Step 4: After that, you need to start the nessus service from the path given after installation and
do the configuration of nessus in a web browser.
Step 5: Now, configure the nessus by providing you mail id and entering the activation code
received on the mail id.
Step 6: You will get the Nessus interface and after that choose the new scan and set the target
as ip address of you metasploitable VM and set the options as per you need.
Step 7: Start the scanning, once it is completed then analyze the results generated.

Note: It will take several minutes to run the scan.

Question 1: Do you see any critical vulnerabilities?

If yes, please write some of them below:

Question 2: Do you see any high and medium vulnerabilities, do mention the solution for the
same that you observed?

If yes, please write some of them below:?