问题描述

该笔记将记录：在 Linux 中，部署及使用 Nessus 的方法，以及常见问题的解决方法。

部署服务

参考 Download Nessus Vulnerability Assessment 页面，我们是免费用户，因此使用 nessus essentials 版本。

我们使用 Docker 部署应用服务，因此该部分将记录如何使用 Docker Compose 运行 nessus 服务。

version: '3'

services:
  backend:
    image: "tenableofficial/nessus"
    container_name: "devops-nessus"
    ports:
      - 58834:8834
    restart: always
    volumes:
      - /etc/localtime:/etc/localtime
    environment:
      # 在官方站点中获取
      - ACTIVATION_CODE=<code>
      - USERNAME=<username>
      - PASSWORD=<password>

注意事项
1）在官方 Docker 部署中，未提及任何管理持久化存储的方式，即删除容器之后数据会丢失；
2）根据官方文档的描述，数据的备份与迁移不会保留扫描结果；

使用说明

针对免费版本，默认具有以下功能：

Host Discovery

存活主机发现 和 开放端口发现。

Basic Network Scan

A full system scan suitable for any host.

Advanced Scan

Configure a scan without using any recommendations.

Advanced Dynamic Scan

Configure a dynamic plugin scan without recommendations.

Malware Scan

Scan for malware on Windows and Unix systems.

Web Application Tests

Scan for published and unknown web vulnerabilities.

Credentialed Patch Audit

Authenticate to hosts and enumerate missing updates.

Intel AMT Security Bypass

Remote and local checks for CVE-2017-5689.

Spectre and Meltdown

Remote and local checks for CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754

WannaCry Ransomware

Remote and local checks for MS17-010.

Ripple20 Remote Scan

A remote scan to fingerprint hosts potentially running the Treck stack in the network.

Zerologon Remote Scan

A remote scan to detect Microsoft Netlogon Elevation of Privilege (Zerologon).

Solorigate

Remote and local checks to detect SolarWinds Solorigate vulnerabilities.

2020 Threat Landscape Retrospective (TLR)

A scan to detect vulnerabilities featured in our End of Year report.

ProxyLogon : MS Exchange

Remote and local checks to detect Exchange vulnerabilities targeted by HAFNIUM.

参考文献

Download Nessus Vulnerability Assessment | Tenable®
渗透测试技术—-工具使用(二)–Nessus工具下载及使用(安装在Kali上)
Deploy Nessus as a Docker Image (Nessus)