In this episode, I would like to talk about Nessus Essentials and, in particular, how to register and update it without direct internet access. Nothing complicated, but there are a couple of pitfalls that I would like to share.
Let’s say you need to scan a host in a critical autonomous segment where Internet access is strictly prohibited. In such scenarios, Nessus Essentials is really suitable. It is a fully functional network vulnerability scanner with a good vulnerability knowledgebase. It can be registered and updated offline! And most importantly, it’s free even for corporate use! There is, of course, a 16 IP addresses limit, but in this case it is not really important.
You go to the Nessus Essentials page, enter your first name, last name and email.
Then you will receive an email with an activation code.
Then you just download Nessus distribution, copy it to your server and start the installation.
Which operating system should you choose for Nessus server? It might seem that the choice is obvious – Linux. However, it’s much more convenient to debug why the WMI connection between the scanner and the target host is not working if you have installed Nessus on Windows.
Please note that the page contains archives with software updates. And it might seem logical that they should be used to update the plugins of your Nessus Essentials scanner. But in fact, no, you DO NOT NEED them, you will get plugins differently.
When installing, choose Nessus Essentials
and offline registration.
In fact, you need to go to the offline registration service (please note that the link in the installer is to http://, but in fact the service only supports https://!) and enter the challenge code and the activation code there.
Besides the license, this service will show you the unique URL! This is very important, please copy it. With this URL you will get the plugin archive. According to instructions the archive with the plugins should be placed in the Nessus directory before entering the license. I did it, but it didn’t work for me.
So, what is the problem?
Once installed, you will most likely end up with no plugins in the scanner.
And to get the plugins, you need to go to Settings -> About -> Software Update -> Manual Software Update, select the archive with plugins that you downloaded using the unique URL from the offline registration service.
In fact, this is not very transparent process, but you should wait for a while until the packages are recompiled and possibly re-login in Nessus. Immediately after import, the Plugin Set remains the empty, but after ~10 minutes it starts showing the normal version of the Plugin Set.
Then use Nessus as usual. Each time update the plugins using the unique URL from the offline registration service.
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.