1NESSUS(1) Users Manuals NESSUS(1)
2
6 nessus - The client part of the Nessus Security Scanner
7
9 nessus [-v] [-h] [-n] [-T <type>] [-q [-pPS] host port user password
10 targets results]
11 nessus -i in.[nsr|nbe] -o out.[html|xml|nsr|nbe]
13
16 The Nessus Security Scanner is a security auditing tool made up of two
17 parts: a server, and a client. The server, nessusd is in charge of the
18 attacks, whereas the client nessus provides an interface to the user.
19 nessus is an X11 client based on the Gimp ToolKit (GTK).
21 This man page explains how to use the client.
23
27 -c <config-file>, --config-file=<config-file>
28 use another configuration file.
29 -n, --no-pixmaps
32 no pixmaps. This is handy if you are running nessus on a remote
33 computer.
34 -q, --batch-mode
37 quiet mode or batch mode. Setting this option makes the nessus
38 client expect all of the following settings.
39 -p
40 obtain list of plugins installed on the server.
41 -P
42 obtain list of server and plugin preferences.
43 -S
44 issue SQL output for -p and -P (experimental).
45 · host
46 is the nessusd host to whom you will connect.
47 · port
48 is the port to which you will connect on the remote nes‐
49 susd host.
50 · user
51 is the user name to use to connect to nessusd.
52 · password
53 is the password associated with this user name.
54 · targets
55 is the name of a file containing the target machines.
56 · results
57 is the name of the file where the results will be stored
58 at the end of the test.
59 -r <report-file>, --open-report=<report-file>
62 Using the GUI, nessus visualizes a report file from a previous
63 session. Repeating this option, more files are displayed.
64 -T <type>, --output-type=<type>"
67 Save the data as <type>, where <type> can be “nbe”, “html”,
68 “html_graph”, “text”, “xml”, “old-xml”, “tex” or “nsr”
69 -V, --verbose
72 make the batch mode display status messages to the screen.
73 -x, --dont-check-ssl-cert
76 do not check SSL certificates.
77 -v, --version
80 shows version number and quits
81 -h, --help
84 lists the available options
85
88 The nessus client interface is divided in several panels:
89 · The “Nessusd host” section:
91 In this section, you must enter the nessusd host to whom you
92 will connect, as well as the port. You must also enter your nes‐
93 susd user name and your password (not the one of the system).
94 Once you are done, you must click on the “Log in” button, which
95 will establish the connection to the nessusd host.
96 Once the connection is established, nessusd sends to the client
97 the list of attacks it will perform, as well as the default
98 preferences to use.
99 · The “Target Selection” section:
102 · In this section, you are required to enter the primary target.
103 A primary target may be a single host (e.g. prof.fr.nessus.org),
104 an IP (e.g. 192.168.1.1), a subnet (e.g. 192.168.1.1/24 or
105 prof.fr.nessus.org), or a list of hosts, separated by commas
106 (e.g. 192.168.1.1, 192.168.2.1/24, prof.fr.nessus.org,
107 joyeux.fr.nessus.org).
108 · You can restrict the maximum number of hosts to test using the
111 “Max Hosts” entry. This is a feature that prevents you from
112 scanning too many machines; or accidentally scanning other
113 machines. (For instance, if you only plan to test prof.fr.nes‐
114 sus.org and www.fr.nessus.org, you can safely set this entry to
115 “2”).
116 · This panel also allows you to enable the “Perform a DNS zone
119 transfer” option. This option is dangerous and should be enabled
120 with caution. For instance, if you want to test www.nessus.org,
121 then if this option is set, nessusd will attempt to get the list
122 of the hosts in the “nessus.org” domain.
123 This option may be dangerous. For instance, if you enable it and
125 you ask to test 192.168.1.1/24, then nessusd will do a reverse
126 lookup on every IP, and will attempt a DNS zone transfer on
127 every domain. That is, if 192.168.1.1 is www.foo.bar, and
128 192.168.1.10 is mail.bar.foo, then a DNS zone transfer will be
129 made on the domains “foo.bar” and “bar.foo”.
130 · The “Plugins” section
134 Once you have successfully logged into the remote nessusd
135 server, this section is filed with the list of the attacks that
136 the server will perform. This panel is divided in two parts: the
137 plugins families, and the plugins themselves. If you click on
138 the name of a plugin, then a dialog will appear, showing you
139 which will be the error message sent by the plugin if the attack
140 is successful.
141
144 You can use nessus to do conversion between formats used for reports.
145 Nessus can take any NSR or NBE reports and change them into HTML, XML,
146 NSR or NBE reports.
147 Please note that the XML report provides usually more information about
149 the scan itself NSR or NBE formats do not include in the report.
150 Basically, XML is a merge between the .nbe reports and the .nessusrc
152 configuration file. You won't get extra verbosity or diagnosis info in
153 the XML report, but you'll know which plugins (and which version of
154 these plugins) have been enabled during the scan.
155 For more information on the report formats please read the files
157 nsr_file_format.txt and nbe_file_format.txt provided along with the
158 documentation.
159
162 HOME The path to the user's home directory which will hold the client
163 configuration cache .nessusrc. The path is refered to as ~/,
164 below.
165 NESSUSHOME
168 If this environment variable is set, this path is used instead
169 of the path defined by the HOME variable. This path is referred
170 to as ~/, below.
171 % More examples should be included here (jfs)
173
175 To run a batch scan from a cron job and publish it in a given web space
176 ( /var/www/html/nessus/ ) try the following:
177 nessus -c /root/nessus/nessus.rc -T html -qx localhost 1241 batch
179 batch1 /root/nessus/target /var/www/html/nessus/results.html
180 Make sure that paranoia level is not set in your nessus.rc configura‐
182 tion file, otherwise the scan will not work
183
186 ~/.nessusrc
187 is the client configuration file, which contains the options
188 about which nessusd server to connect to, which plugins to acti‐
189 vate, and so on. The file is created automatically if it does
190 not exist.
191
194 nessus-mkcert-client(1)
195
198 The canonical places where you will find more information about the
199 Nessus project are:
200 http://www.nessus.org/ ⟨⟩ (Official site)
202 http://cvs.nessus.org/ ⟨⟩ (Developers site)
203
206 The Nessus Project was started and is being maintained by Renaud Derai‐
207 son <deraison@cvs.nessus.org>. The nessusd server is mainly Copyright
208 (C) 1998-2001 Renaud Deraison, as well as the attack modules.
209 Several other people have been kind enough to send patches and bug
211 reports. Thanks to them.
212The Nessus Project February 2003 NESSUS(1)