COVID-19 Update: We are currently shipping orders daily. However, due to transit disruptions in some geographies, deliveries may be delayed. To provide all customers with timely access to content, we are offering 50% off Science and Technology Print & eBook bundle options. Terms & conditions.
Nessus Network Auditing - 1st Edition - ISBN: 9781931836081, 9780080479620

Nessus Network Auditing

1st Edition

Jay Beale Open Source Security Series

Authors: Jay Beale Haroon Meer Charl van der Walt Renaud Deraison
Paperback ISBN: 9781931836081
eBook ISBN: 9780080479620
Imprint: Syngress
Published Date: 20th July 2004
Page Count: 550
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST

Institutional Subscription

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


This book focuses on installing, configuring and optimizing Nessus, which is a remote security scanner for Linux, BSD, Solaris, and other Unices. It is plug-in-based, has a GTK interface, and performs over 1200 remote security checks. It allows for reports to be generated in HTML, XML, LaTeX, and ASCII text, and suggests solutions for security problems. As with many open source programs, Nessus is incredibly popular, incredibly powerful, and incredibly under-documented. There are many Web sites (including where thousands of users congregate to share tips, tricks, and hints, yet no single, comprehensive resource exists. This book, written by Nessus lead developers, will document all facets of deploying Nessus on a production network.

Key Features

  • Nessus is the premier Open Source vulnerability assessment tool, and was recently voted the "most popular" open source security tool of any kind.

  • This is the first book available on Nessus and it is written by the world's premier Nessus developers led by the creator of Nessus, Renaud Deraison.

  • The dramatic success of Syngress' SNORT 2.0 INTRUSION DETECTION clearly illustrates the strong demand for books that offer comprehensive documentation of Open Source security tools that are otherwise Undocumented.


Network Administrators and Security Specialists running Nessus, a security scanner that remotely audits a given network and determine whether it is subject to being cracked or otherwise compromised.

Table of Contents


Chapter 1 Vulnerability Assessment


What Is a Vulnerability Assessment?

Why a Vulnerability Assessment?

Assessment Types

Automated Assessments

Stand-Alone vs. Subscription

The Assessment Process

Two Approaches

Administrative Approach

The Outsider Approach

The Hybrid Approach

Realistic Expectations

The Limitations of Automation


Solutions Fast Track

Frequently Asked Questions

Chapter 2 Introducing Nessus


What Is It?

The De Facto Standard


Basic Components

Client and Server

The Plugins

The Knowledge Base


Solutions Fast Track

Frequently Asked Questions

Chapter 3 Installing Nessus


Quick Start Guide

Nessus on Linux (suse/redhat/mandrake/gentoo/debian)

Nessus on Solaris

Picking a Server

Supported Operating Systems

Minimal Hardware Specifications

Network Location

Source or Binary

Installation from Source

Software Prerequisites

Obtaining the Latest Version

The Four Components


Configuring Nessus

Creating the User Account

Installing a Client

Using the GTK Client

Using the Windows Client

Command-Line Mode

Updating to the Latest Plugins


Solutions Fast Track

Frequently Asked Questions

Chapter 4 Running Your First Scan


Preparing for Your First Scan


Risk vs. Benefit

Starting the Nessus Client


Enable Specific Plugins

Using the Plugin Filter

Plugin Categories

Plugin Information


Specify the Host Ping

Configuring WWW Checks

NIDS Evasion

Brute Force with Hydra

The SMB Scope

Configuring Login Credentials

Configuring SNMP

Configuring Nmap

Scan Options

The Port Range

Unscanned Ports

Performance: Host and Process Count

Optimized Checks

Safe Checks Mode

Report by MAC Address (DHCP)

Detached Scan

Send Results to This E-mail Address

Continuous Scan

Configure the Port Scanner

Ignore Top-Level Wildcard Host

Target Selection

How to Select Targets

Common Scanning Issues (Printers, etc.)

Defining a Target Range

Using Zone Transfers (Bad Idea!)

Automatic Session Saving

User Information

Knowledge Base (Basics)

Starting the Scan


Solutions Fast Track

Frequently Asked Questions

Chapter 5 Interpreting Results


The Nessus UI Basics

Viewing Results Using the Nessus GUI Client for X

Viewing Results Using the NessusWX Client for Windows

New Nessus Client

Reading a Nessus Report

Understanding Vulnerabilities

Understanding Risk

Understanding Scanner Logic

Key Report Elements

Factors that Can Affect Scanner Output

Forums and Mailing Lists


Solutions Fast Track

Frequently Asked Questions

Chapter 6 Vulnerability Types


Critical Vulnerabilities

Buffer Overflows

Directory Traversal

Format String Attacks

Default Passwords


Known Backdoors

Information Leaks

Memory Disclosure

Network Information

Version Information

Path Disclosure

User Enumeration

Denial of Service

Best Practices


Solutions Fast Track

Frequently Asked Questions

Chapter 7 False Positives


What Are False Positives?

A Working Definition of False Positives

Why False Positives Matter

False Positives Waste Your Time

False Positives Waste Others’ Time

False Positives Cost Credibility

Generic Approaches to Testing

The Nessus Approach to Testing

Dealing with False Positives

Dealing with Noise

Analyzing the Report

False Positives, and Your Part in Their Downfall

Dealing with a False Positive

Disabling a Nessus Plugin

False Positives and Web Servers—Dealing with Friendly 404s


Solutions Fast Track

Frequently Asked Questions

Chapter 8 Under the Hood


Nessus Architecture and Design

Host Detection

Service Detection

Information Gathering

Vulnerability Fingerprinting

Denial-of-Service Testing

Putting It All Together


Solutions Fast Track

Frequently Asked Questions

Chapter 9 The Nessus Knowledge Base


Knowledge Base Basics

What Is the Knowledge Base?

Where the Knowledge Base Is Stored

Using the Knowledge Base

Information Exchange

How Plugins Use the Knowledge Base to Share Data

The Type of Data that Is Stored

Dependency Trees


Using get_kb_item and fork


Solutions Fast Track

Frequently Asked Questions

Chapter 10 Enterprise Scanning


Planning a Deployment

Define Your Needs

Network Topology

Bandwidth Requirements

Automating the Procedure

Configuring Scanners

Assigning the Tasks

System Requirements

Scanning for a Specific Threat

Best Practices

Data Correlation

Combining Reports

Differential Reporting

Filtering Reports

Third-Party Tools

Common Problems

Aggressive Scanning

Volatile Applications

Printer Problems

Scanning Workstations


Solutions Fast Track

Frequently Asked Questions

Chapter 11 NASL



Why Do You Want to Write (and Publish) Your Own NASL Scripts?

Structure of a NASL Script

The Description Section

An Introduction to the NASL Language

Writing Your First Script

More Advanced Scripting

The NASL Protocol APIs

The Nessus Knowledge Base


Solutions Fast Track

Frequently Asked Questions

Chapter 12 The Nessus User Community


The Nessus Mailing Lists

Subscribing to a Mailing List

Sending a Message to a Mailing List

Accessing a List’s Archives

The Online Plugin Database

Staying Abreast of New Plugins

Reporting Bugs via Bugzilla

Querying Existing Bug Reports

Creating and Logging In to a Bugzilla Account

Submitting a Bug Report

Submitting Patches and Plugins

Submitting Patches

Submitting Plugins

Where to Get More Information and Help


Solutions Fast Track

Frequently Asked Questions

Appendix A The NASL2 Reference Manual

1 Introduction

1.1 History

1.2 Differences between NASL1 and NASL2

1.3 Copyright


2 The NASL2 Grammar

2.1 Preliminary Remarks

2.2 Syntax

2.3 Types

2.4 Operators

2.5 Precedence

2.6 Loops and Control Flow

2.7 Declarations

3 The NASL2 Library

3.1 Predefined Constants

3.2 Built-in Functions

3.3 NASL Library

4 Hacking your Way Inside the Interpretor

4.1 How It Works

4.2 Adding New Internal Functions

4.3 Adding New Features to the Grammar



Appendix B Utilizing Domain Credentials to Enhance Nessus Scans


Account Creation and Configuration

Manual Modifications

Nessus Scan Configuration

Comparing Scan Results

Comparing Scan 1 with Scan 2

Comparing Scan 2 with Scan 3




No. of pages:
© Syngress 2004
20th July 2004
Paperback ISBN:
eBook ISBN:

About the Authors

Jay Beale

Affiliations and Expertise

Series Editor of the Jay Beale Open Source Security Series, lead developer of the Bastille project, Seattle, WA

Haroon Meer

Charl van der Walt

Renaud Deraison

Ratings and Reviews