1 00:00:10,260 --> 00:00:17,940 In the previous lectures, we have seen what is meant by a vapidity that is a the assessment and penetration 2 00:00:17,940 --> 00:00:21,560 testing and now it's time to get your hands dirty. 3 00:00:21,900 --> 00:00:24,510 So let us start learning about Nessus. 4 00:00:25,710 --> 00:00:31,920 In this lecture, you will learn what is necessary, why do we need Nessus while a vulnerability assessment 5 00:00:32,130 --> 00:00:37,880 and penetration testing tool and what are the advantages and disadvantages of using Nessus? 6 00:00:38,630 --> 00:00:39,570 Let's get started. 7 00:00:41,190 --> 00:00:47,730 Nessa's is a remote security scanning tool which scans a computer and raises an alert if it discovers 8 00:00:47,730 --> 00:00:53,910 anyone the relatives and the malicious hacker could use again to any computer that we have connected 9 00:00:53,910 --> 00:00:54,660 to network. 10 00:00:55,530 --> 00:00:58,290 Basically, Nizza scanner scans. 11 00:00:58,290 --> 00:01:05,310 All the vulnerabilities on the target machine or Target website reduces the effort of normal penetration 12 00:01:05,310 --> 00:01:09,960 testers who would rather take hours and days to manually test a website. 13 00:01:10,860 --> 00:01:18,900 So it is a very handy tool and security experts prefer Nessus 130 scanner nowadays, there are also 14 00:01:18,900 --> 00:01:22,200 many types of scanners, but Nessus still tops the list. 15 00:01:23,390 --> 00:01:31,200 This doesn't come as a free tool, but it has a trial version and a free tool in which they provide 16 00:01:31,200 --> 00:01:34,230 only six to seven IP addresses you can scan. 17 00:01:34,770 --> 00:01:42,030 The professional tool is very costly and therefore attackers and vendors and testers use the free version 18 00:01:42,030 --> 00:01:42,380 of it. 19 00:01:44,440 --> 00:01:50,430 So why do we need nurses, nurses is used to identify which operating systems and services are running 20 00:01:50,440 --> 00:01:53,860 on which ports and therefore the open ports. 21 00:01:54,220 --> 00:01:59,680 It also tells us the available vulnerabilities present on the system. 22 00:02:00,910 --> 00:02:09,010 Nessa's helps us to identify which software components are vulnerable to attacks FTP, SFH, SMB and 23 00:02:09,010 --> 00:02:16,620 more definition also checks if the target machine or their target host is is in compliance with the 24 00:02:16,630 --> 00:02:18,700 various network policies or not. 25 00:02:20,350 --> 00:02:29,070 So what's next in the next lecture or in in the few minutes will start downloading and installing Nessus. 26 00:02:29,320 --> 00:02:34,900 But before that, I would like to tell you a few advantages and disadvantages of using Nessus 27 00:02:37,690 --> 00:02:39,620 being one with the scanner tool. 28 00:02:39,760 --> 00:02:43,520 The biggest advantage of Nessa's is timesaving and accuracy. 29 00:02:44,230 --> 00:02:50,310 And this is a product of rapid saving and therefore it has been rated as one of the top one literately 30 00:02:50,320 --> 00:02:51,820 scandals of all time. 31 00:02:52,660 --> 00:02:54,850 But there is one disadvantage. 32 00:02:55,240 --> 00:02:59,080 It is a machine, it is a tool, and this is just a piece of code. 33 00:02:59,380 --> 00:03:01,830 And therefore it can also create some errors. 34 00:03:02,650 --> 00:03:10,540 The fact that these automated scanners produce false positives places in picture, the penetration testers 35 00:03:10,630 --> 00:03:16,990 who will manually check the flaws which are present on the system level of normal penetration. 36 00:03:16,990 --> 00:03:23,950 Tester will use automated tools, but will also manually test whether these when abilities are present 37 00:03:23,950 --> 00:03:24,400 or not. 38 00:03:24,850 --> 00:03:27,100 So let's start downloading Nessus. 39 00:03:31,310 --> 00:03:38,090 So let us start downloading Nessus, go to Google and type download Nessus. 40 00:03:41,270 --> 00:03:45,320 And then hit enter, you can specify the operating system virgin. 41 00:03:45,890 --> 00:03:51,230 So this is a product of rapid seven act enabled security, so go to the link. 42 00:03:51,710 --> 00:03:55,650 In order to install Nessus, you will need an activation call. 43 00:03:56,090 --> 00:03:59,210 But how to get that activation code first? 44 00:03:59,480 --> 00:04:05,660 After downloading, you have to go to the website and you can see get an activation code that you have 45 00:04:05,660 --> 00:04:06,440 to click there. 46 00:04:06,740 --> 00:04:12,790 You have to register yourself and they will send an activation code depending upon your downloads. 47 00:04:13,280 --> 00:04:17,900 So depending upon your operating system, you're supposed to download the version of the Nessus. 48 00:04:18,410 --> 00:04:22,050 I will download the Vin Amisi version for Windows Installer. 49 00:04:23,000 --> 00:04:29,330 So depending upon your system, please download, accept everything and then it will start downloading. 50 00:04:29,330 --> 00:04:36,200 Nessus, I have already installed Ines's and download it and configure it so I won't be downloading 51 00:04:36,200 --> 00:04:37,640 and showing you again. 52 00:04:39,110 --> 00:04:43,410 The only thing that you need to take care is the about the activation code. 53 00:04:43,670 --> 00:04:51,260 So after installing nurses, your job is to get the activation code via registration so you can see 54 00:04:51,260 --> 00:04:51,980 the button there. 55 00:04:52,310 --> 00:05:01,310 Just click there and click Nessa's Essentials Free Register now and ask you for all the details, name, 56 00:05:01,310 --> 00:05:02,480 user name and email. 57 00:05:03,140 --> 00:05:09,630 And in the email, you will receive the activation code, which you're supposed to enter, and then 58 00:05:09,890 --> 00:05:10,740 it will start. 59 00:05:12,260 --> 00:05:18,980 So in the next lecture, we will start with configuring and creating a policy in the Nexus tool.