Scan for the latest vulnerabilities using Nessus and download detailed vulnerability reports in HTML and CSV format with Nessus Add-on for Sn1per Professional!
Features
- Integrate with Nessus to scan for the latest CVE’s and vulnerabilities
- Download detailed vulnerability reports in HTML and CSV format.
- Import all vulnerabilities into Sn1per Professional
Requirements
This add-on requires a Sn1per Professional v9.0 license along with the following add-ons and components:
- Command Execution Add-on
- Nessus Add-on
- Nessus v8.11.x
This assumes that you already have a working Nessus installation running the latest version (8.11.x). If not, you can obtain a free Nessus license from https://www.tenable.com/downloads/nessus?loginAttempted=true
Installation
After Nessus is installed, follow the steps below to install the Nessus add-on:
- Run
/etc/init.d/nessusd start
to start the Nessus service - Open a new browser window and go to: https://127.0.0.1:8834/#/ and login to confirm your Nessus installation
- Extract contents of nessus-add-on.tar.gz to /tmp/
cd tmp
tar -zxvf nessus-add-on.tar.gz
- Run install-nessus-add-on.sh script as ‘root’:
sudo bash install-nessus-add-on.sh
Configuration
- Add your Nessus host/IP, username and password to your /root/.sniper.conf file and set NESSUS=”1″ value to enable Nessus scanning in Sn1per
# NESSUS CONFIG
NESSUS="1"
NESSUS_HOST="127.0.0.1:8834"
NESSUS_USERNAME="admin"
NESSUS_PASSWORD=""
NESSUS_POLICY_ID="c3cbcd46-329f-a9ed-1077-554f8c2af33d0d44f09d736969bf" #DEFAULT POLICY
Running scans
- Run a test vuln scan to confirm your installation:
sniper -t 127.0.0.1 -m vulnscan -w 127.0.0.1
For multi-host scans, you can also use sniper -f targets.txt -m massvulnscan -w targets
command.
NOTE: This can also be done using the Command Execution Add-on from the web UI.
Reporting
After the scan(s) complete, results will be shown in the workspace report view under the “Vulnerabilities” section and from the host report as well as the “Vulnerability Report Viewer“.