- Bash
- Nmap
- Nessus
- VMware
- Kali Linux VM
- Metasploitable2 VM
Start Nessus Service in Kali Terminal
Open Firefox then type https://localhost:8834
Login and you will the Nessus dashboard
After Login, Click New Scan
Then click on Host Discovery.
Note that host discovery will run a vulnerability scan after detecting if host is up on the network
Name the scan as Metasploitable VM then type the IP address of Metasploitable VM in the targets field.
Finally, Click Save
This will go back to My Scans folder. Run the scan and wait for it to complete
Upon completion, click on the name of the scan that we have set earlier
On the Vulnerability tab, we can only see 2 vulnerabilities when we ran an unauthenticated scan
Next. We will run an authenticated scan. Click on new scan on the top right corner
on the dashboard then click on Basic Network Scan
Provide a name for scan. We simply name it Authenticated scan then type the IP address of Metasploitable VM
Then click on credentials tab
On the left panel, Click SSH because metasploitable is a Linux virtual machine. (Choose Windows if we are running an authenticated scan on Windows OS Target
then change the Authentication method to password then type the password to login to Metasploitable VM.
Scroll down then click on Save. Back to scans folder click on Run.
After finishing the scan. Click on Vulnerabilities tab. We will see a list of vulnerabilities categorize into critical, high, medium, low, and informational
Notice that we have more vulnerabilities identified and that is because we ran an authenticated scan and be able to detect missing patches and misconfiguration