Install/Register Free Nessus Scanner Essentials and Execute a Vulnerability Scan

Nessus is built from the ground-up with a deep understanding of how security practitioners work. Every feature in Nessus is designed to make vulnerability assessment simple, easy and intuitive. The result: less time and effort to assess, prioritize and remediate issues. Nessus Essentials (formerly Nessus Home) is a free version of the Nessus vulnerability scanner. The activation code does not expire and can be used for as long as needed.

Related Posts:

• Register Free Qualys Community Edition For Your Own Cloud Vulnerability Scan
• Register Free Nessus Scanner Essentials and Execute a Vulnerability Scan
• OpenVAS Virtual Appliance / GreenBone Installation
• Install OpenVAS on Ubuntu
• Metasploit Installation on Windows 7 and 10
• AWVS (Acunetix Web Vulnerability Scanner) Docker Installation

Features

Nessus Essentials is designed to be used by students, professors and people who are starting their cybersecurity careers to help the next generation to quickly and easily master vulnerability assessment and hone their skills. Every feature makes vulnerability assessment simple, easy and intuitive. With Nessus, you’ll spend less time and effort assessing, prioritizing and remediating vulnerabilities so you can stay one step ahead of attackers.

As part of the Nessus family, Nessus® Essentials (formerly Nessus Home) allows you to scan your environment (up to 16 IP addresses per scanner) with the same high-speed, in-depth assessments and agentless scanning convenience that Nessus subscribers enjoy.

Other Limitations:
Nessus Essentials does not allow you to perform compliance checks or content audits, Live Results or use the Nessus virtual appliance.

Features from Nessus Professional:

• Unlimited IT assessments
• Use anywhere
• Configuration assessment
• Live results
• Configurable reports
• Community support
• Advanced support (available as an option)
• On-demand training available
• External Attack Surface Scanning
• Ability to add domains
• Scan Cloud Infrastructure
• 500 prebuilt scanning policies

Similar product : OpenVAS. It can be requested to test the Greenbone Enterprise Feed 14 days for free!

For Community version, it can be installed in a container environment (Docker) or built it from source.

• https://greenbone.github.io/docs/latest/
• https://app.greenbone.cloud/ui/extern/register/free

Register for an Activation Code

You can try Nessus Professional Free for 7 days or buy it for CA$4964.39/year. 

Nessus Esstntials: https://www.tenable.com/products/nessus/nessus-essentials

Or Nessus Essentials for Education: https://www.tenable.com/tenable-for-education/nessus-essentials?edu=true

The activation code will be emailed to your registered email account. 

It is same installation file for Nessus Professional / Expert / Manager / Vulnerability Manager. With different activation code, you will get a different version of Nessus. 

• Tenable Community
• Nessus User Guide
• Nessus Essentials Registration
• Nessus Installer Download

Note: The Activation code provided for Nessus Essentials is for one time use only. If Nessus needs to be reinstalled, a new activation code must be obtained. Offline activation and plugin updates are supported.

Dwonload and Installation

Download Link: https://www.tenable.com/downloads/  or https://downloads.tenable.com

Tenable Community

Nessus User Guide

Nessus Essentials Registration

Nessus Installer Download

Start Nessus Installation

1. Navigate to the folder where you downloaded the Nessus installer.
2. Next, double-click the file name to start the installation process.

Complete the Windows InstallShield Wizard

1. First, the Welcome to the InstallShield Wizard for Tenable, Inc. Nessus screen appears. Select Next to continue.
2. On the License Agreement screen, read the terms of the Tenable, Inc. Nessus software license and subscription agreement. 
3. Select the I accept the terms of the license agreement option, and then click Next.
4. On the Destination Folder screen, select the Next button to accept the default installation folder. Otherwise, select the Change button to install Nessus to a different folder.
5. On the Ready to Install the Program screen, select the Install button.

The Installing Tenable, Inc. Nessus screen appears and a Status indication bar shows the installation progress. The process may take several minutes.

After the InstallShield Wizard completes, the Welcome to Nessus page loads in your default browser.

Configure Nessus

When you access Nessus in a browser, a warning appears to regard a connection privacy problem, an untrusted site, an unsecure connection, or a related security certificate issue. This is normal behavior. Nessus provides a self-signed SSL certificate.

Follow the Install Nessus instructions to open to the Welcome to Nessus screen in your browser. 

1. On the Welcome to Nessus screen, select how you want to install Nessus:

• Nessus Essentials — The free version of Nessus for educators, students, and hobbyists.
• Nessus Professional — The de-facto industry standard vulnerability assessment solution for security practitioners.
• Nessus Expert — The industry leading vulnerability assessment solution for the modern attack surface.
• Nessus Manager — The enterprise solution for managing Nessus Agents at scale.

2. Click Continue.

   If you selected Nessus Professional, Nessus Expert, or Nessus Manager, the Register Nessus screen appears.

   If you selected Nessus Essentials, the Get an activation code screen appears.

3. If you selected Nessus Essentials, do one of the following:

   • If you need an activation code:
     1. On the Get an activation code screen, type your name and email address.
     2. Click Email.
     3. Check your email for your free activation code.
   • If you already have an activation code, click Skip.

4. On the Register Nessus screen, type your Activation Code.

   The Activation Code is the code you obtained from your activation email or from the Tenable Downloads Page.

5. Click Continue.

   The Create a user account screen appears.

6. Create a Nessus administrator user account that you use to log in to Nessus:
   1. In the Username box, enter a username.

   2. In the Password box, enter a password for the user account.

      Note: Passwords cannot contain Unicode characters.

7. Click Submit.

   Nessus finishes the configuration process, which may take several minutes.

8. Using the administrator user account you created, Sign In to Nessus.

   Note: When you sign in to Nessus for the first time, you receive the following message: "Plugins are compiling. Nessus functionality will be limited until compilation is complete." You cannot create scans, view policies or plugin rules, or use the upgrade assistant while Nessus compiles plugins.

Others

After registered your Nessus Essential and entered your admin account username and password, it will start initializing , which is to download plugins. It will take quite a few time, more than 30 minutes in certain situation. The free disk space on your installation drive will be at least 30 GB. 

GCE 6.0.10:

• Download Greenbone Community Edition  - gsm-ce-6.0.10.iso
• Installation Guide: https://infosecindustries.com/downloads/GCE-Instructions-for-Installation.pdf

Nessus Profession / Expert

Nessus has four soultions:

• Tenable Vulnerability Management - Subscription - based license
• Tenable Nessus Professional
• Tenable Nessus Expert
• Tenable Nessus Manager (no longer sold after Feb 1, 2018)

Download:

• https://www.tenable.com/downloads/nessus?utm_source=nessus-trial-thank-you-update&loginAttempted=true

Documentation: 

• https://docs.tenable.com/nessus/Content/GettingStarted.htm

Upgarde Nessus to Professional version

Note:同时对于新版本的Nessus，Tenable在软件及插件包中均加入了暗桩，导致即便用户进行破解后，软件也会自动删除插件包，使得用户无法正常进行主机扫描；因此需要进行一定的权限设置，阻止其进行此操作。

Install Nessus

Nessus 安装

下载好安装包Nessus-8.8.0-x64.msi后，windows系统直接双击安装即可。

安装完成后进行系统设置，打开访问网址 https://127.0.0.1:8834，初始化扫描器。

根据提示步骤，选择 Managed Scanner

再选择 Tenable.sc

最后，点击继续，创建账号密码即可登录。

更新漏洞库

首先注册Nessus账号

• 注册地址：https://zh-cn.tenable.com/products/nessus/nessus-essentials

之后会收到一封邮箱邮件，复制邮件里的 Activation Code 值

note: https://ppfocus.com/0/te3832292.html

再打开 Nessus 本地安装目录，执行CDM命令获取 Challenge Code 值

G:\Nessus>nessuscli.exe fetch --challenge

Challenge code: 17949a66fd9c404d345a9dfb34174743e2dd73f4

You can copy the challenge code above and paste it alongside your

Activation Code at:

https://plugins.nessus.org/v2/offline.php

访问更新包链地址，将上面获取到的值（ Challenge Code 和 Activation Code）填写进去，点击提交， 获取 all-2.0.tar.gz 文件。

更新包地址：https://plugins.nessus.org/v2/offline.php

将all-2.0.tar.gz和nessus.license复制到nessus安装路径下

将下载好的 all-2.0.tar.gz 文件放到 Nessus 的安装目录下，然后执行如下更新命令（使用管理员身份运行）：

C:\Program Files\Tenable\Nessus>nessuscli.exe update all-2.0.tar.gz

[info] Copying templates version 202305231342 to C:\ProgramData\Tenable\Nessus\nessus\templates\tmp
[info] Finished copying templates.
[info] Moved new templates with version 202305231342 from plugins dir.
[info] Moved new pendo client with version 21691 from plugins dir.
 * Update successful.  The changes will be automatically processed by Nessus.

Note: It will take a long time to update plugins folder. You can go to plugins folder to check file numbers：   C:\ProgramData\Tenable\Nessus\nessus\plugins\

It should have more than 160k files. 

注意：更新完漏洞库后，记住version版本号，如上述中的version版本号为202305231342 ，之后破解时会用到这个。

由于本人仅在Windows使用，因此只介绍Win版本方案，其他OS同理。

1. 前往官网下载对应的安装包并进行安装即可。
2. 下载安装完毕后打开对应的网址，选择Managed Scanner ，再选择Tenable.sc，接下来设置你的用户名和密码，等待短暂的校验后进行主页面。
3. 以管理员身份打开CMD，输入net stop "Tenable Nessus"结束服务。
4. 前往官网申请用于普通用户的激活码。
5. 在CMD中键入"C:\Program Files\Tenable\Nessus\nessuscli.exe" fetch --challenge获取申请码。
6. 访问官网分别填入上一步获取到的申请码与邮箱收到的激活码，获取下载链接并下载插件包。
7. 将下载到的插件包放入C:\ProgramData\Tenable\Nessus\nessus目录下。
8. CMD执行以下命令：

attrib -s -r -h "C:\ProgramData\Tenable\Nessus\nessus\plugins\*.*"
attrib -s -r -h "C:\ProgramData\Tenable\Nessus\nessus\plugin_feed_info.inc"
"C:\Program Files\Tenable\Nessus\nessuscli.exe" update "C:\Program Files\Tenable\Nessus\all-2.0.tar.gz"

1. 待执行完成后，打开C:\ProgramData\Tenable\Nessus\nessus\目录，将plugin_feed_info.inc中的PLUGIN_FEED = "HomeFeed (Non-commercial use only)";替换为PLUGIN_FEED = "ProfessionalFeed (Direct)";并保存。
2. CMD中执行以下命令：

copy "C:\ProgramData\Tenable\Nessus\nessus\plugin_feed_info.inc" "C:\ProgramData\Tenable\Nessus\nessus\plugins"copy "C:\ProgramData\Tenable\Nessus\nessus\plugin_feed_info.inc" "C:\ProgramData\Tenable\Nessus\nessus\.plugin_feed_info.inc"
attrib +s +r +h "C:\ProgramData\Tenable\Nessus\nessus\plugins\*.*"
attrib +s +r +h "C:\ProgramData\Tenable\Nessus\nessus\plugin_feed_info.inc"
attrib -s -r -h "C:\ProgramData\Tenable\Nessus\nessus\plugins\plugin_feed_info.inc"
net start "Tenable Nessus"

1. 打开Nessus面板，待插件编译完成后，进入Settings，Licensed Hosts为Unlimited即已成功。
2. 后续更新插件包时重复3-11操作即可。

 Nessus 破解

修改安装目录下的配置文件 plugin_feed_info.inc，可以用 Everything 工具快速查找到该文件。

• C:\ProgramData\Tenable\Nessus\nessus\plugin_feed_info.inc
• C:\ProgramData\Tenable\Nessus\nessus\plugins\plugin_feed_info.inc

注意：如果没有找到 plugin_feed_info.inc 文件，那就在相应目录下自己手动新建下就好了。

同时修改这两个目录下的配置文件内容如下，其中PLUGIN_SET的值就是之前更新漏洞库时的版本号 202305231342

• PLUGIN_SET = "202305231342";
• PLUGIN_FEED = "ProfessionalFeed (Direct)";
• PLUGIN_FEED_TRANSPORT = "Tenable Network Security Lightning";

将plugin_feed_info.inc分别复制到安装目录nessus\nessus和nessus\nessus\plugins目录下。

将nessus\nessus\plugins整个文件夹复制到电脑的其他位置待用（非常关键，破解阶段需要使用）。

最后，打开系统任务管理器，点击服务栏，找到 Tenable Nessus，鼠标右击点击重新启动即可，由于要加载漏洞库，所以需要耐心等待。

此时，再访问 https://127.0.0.1:8834/ 登录账号后，查看漏洞库已更新至最新版，而且是无限制IP。It might still not working. 

If not working, 停止服务net stop"Tenable Nessus", 将plugin_feed_info.inc和plugins拷贝到安装目录nessus\nessus路径下进行替换

按顺序输入以下3个命令（实际路径需根据实际安装目录进行调整）。
attrib +s +r +h “E:\software\nessus\nessus\plugins\*.*”
attrib +s +r +h “E:\software\nessus\nessus\plugin_feed_info.inc”
attrib -s -r -h “E:\software\nessus\nessus\plugins\plugin_feed_info.inc”

启动服务net start "Tenable Nessus"。

安装之后无Scan选项
解决办法为：
首先nessus.license在安装目录，
以管理员权限开启cmd跳转至安装目录
使用命令：
nessuscli.exe fetch --register-offline nessus.license
激活Nessus

注意事项

如果你在破解完后使用工具扫描网站，发现每个目标扫描时间都是几秒钟就立刻结束，扫描不到任何漏洞。那么很有可能是你在破解重启Nessus服务环节的时候，软件自动把Nessus的漏洞库插件全清除了，也就是在安装目录下（C:\ProgramData\Tenable\Nessus\nessus\plugins\）没有任何漏洞插件文件了。

如果真碰到这种情况，那就按照之前的步骤重新更新下漏洞库，然后再破解一遍。或者是在更新完漏洞库后，将nessus\plugins\目录拷贝一份，等破解完重启服务，重进Nessus加载完后退出，再将事先拷贝的文件复制回去。

Videos

 

References

• Install Nessus on Windows
• Nessus Tutorials :https://ithelp.ithome.com.tw/articles/10239827
• https://cloud.tencent.com/developer/article/2148812
• https://blog.csdn.net/qq_38135115/article/details/128373124
• https://www.iculture.cc/topics/nessus