Vulnerability Management- Nessus


Overview

Vulnerability Management means continually assessing your assets, discovering vulnerabilities, remediating them to an acceptable risk and then repeating the process again.

In this project, I will download the Nessus vulnerability scanner and use it to scan my virtual machine, which has an outdated version of Firefox. I will then analyze how many vulnerabilities I can find.

First I have to install a VM on my computer, I will use Oracle Virtualbox with a windows 10 iso.

Next I will have to download Nessus on my main computer. Always write down the local host link because losing it can cause of lot of time loss in the future. I know from experience.

After creating the VM, first you have to disable the firewall on VM. You must go to wf.msc on the search bar. You must disable(firewall state must be off) in: Private profile, Public profile, and Domain profile.

After you must go to the command prompt and type in ipconfig in your virtual machine. Write down the IPV4 address.

Then you ping the IPV4 address from your machine that has nessus(not your VM).

Now you have a connection!

Lets download an outdated version of microsoft firefox. I will be downloading win32 3.6.12

After downloading firefox we need to allow credential scans on the VM, so nessus can run a credential scan. A credential scan allows more in depth of the registry.

You search for services.msc on the VM search and enable remote registry. Dont forget to hit start.

Next you turn off user account control settings

After this we create a LocalAccountTokenFilterPolicy and set it to 1 on our registry editor

After all this we are finally ready for our scan

Go to scanner on nessus

We enter our ipv4 address as our target and enter our credentials on the credentials tab

This is our result

We click on mozilla firefox on the top to see the exact vulnerabilities that need to be patched.

Leave a Reply

Your email address will not be published. Required fields are marked *