最近太陽哥才參加完為期兩日的「2016台灣資訊安全大會」,會後感想可以說是獲益良多。在這個日漸重視的資訊安全領域 —「弱點掃描」可以說是不可或缺的一環。尤其是當公司漸漸的小有名氣時,首當其衝「官網」就很容易被當作攻擊的主要目標,而 Vulnerability Scan 就成為防駭中很重要的一個主動屏障。
而最近哥的公司就因為老闆突然很重視這一塊,搞得我們部門和MIS部門一整個人仰馬翻。
我們言歸正傳,記得最初的文章有一篇「Nessus(一) 搞什麼!」就是先前我們介紹如何將 Nessus 測試機架設起來。事隔多年(其實才1年多) 我們這篇就是專門來介紹掃描的方法,老實說使用這Nessus 弱掃工具一點都不難,只要會用掃毒軟體就會用這個弱點掃描工具。而真正的挑戰是在掃完後的弱點分析和解決方法,這才是弱點掃描的核心價值。
依照慣例我們一樣先來張這篇的圖解大綱:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUiB1NzzpprZDsKFEFWq7yHdfiy8L_0CDn6m8JMBLxFP3C6d72Rcl4txEBO6rEZswEbqENrQtDIuxbnXcHg2E_wFnq9FLi2nbNoypEs3PiUeUYMERTm2VgV1I0REdKRDjriYnFeqnEeKgr/s400/00.jpg)
Step 1: Open a web browser and enter Nessus Server IP with Port 8834 at URL(ex.https://10.8.1.14:8834/nessus6.html#/scans) then login username and password.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFU0D_nAycmtK1-UMpOYrlwXoPY0CXIZU_22E-sr_tR6315dZhEa_N8j8Ll2qj_oXO2L65ARl8Clgp3RajTE2Xq-eqDwgLLqSRmIsQEB8mguj29BcZGNvAYtsa2xZPEeMzVSwSIS_jf3df/s400/01.jpg)
Step 2: Show main console as below.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmKO-VAAMV9_ZAeBKwpyULL0aAWwPgyzrVjAcx0JzjsYTh4AoadBuv5sc578DnlWiBwKHH0CRThREwpT6LawUpVF6Vstc0hr4_N9GI_pHqozNh6joEJ1_z0bxfVS3Z8ztmM_2Kw898-Iwh/s400/02.jpg)
Step 3: Click
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnMyASl-K_5EVq_GJndH_JOt9ogEEetTMIUvx834jKytxpbxskTJgxcX4EWhqwGuAFsKtWsKvvMxDiCwR_MlL3gaBH9HiL-FfAKQlcrOvQFPnREOgWslEJorbYLr8KLFG5Wu3JCtWphMsH/s400/03.1.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh39_Gdi1kSn_VGt6MadghTNTCWPXSOx_cv6_Af7agHEPoFJLPgzintZTTrGGSWr61IxdP4OJIhLqAzPk2ACucTz3HW9Etn2bCGKMvLNi9gfRNoNsuEsA58T0vGG3bWEg9gf1aVIeB4Jx6u/s400/03.jpg)
Step 4: Select a scanner templates which want to use it.
(ex.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwFweRIOj9RDSrc7GWoJ9BeVYKdzJsC5Y_NjHJxfczZCJhNLu1LyhjjOcsV4CaNX9e9f8Sd-RcMqBGCwgnMa-qJRaJtclX2p2G3XUG2LB5WK0o3pAURu2EFikfEr0XzXJ9-mpOn9gaDORL/s1600/04.1.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZXL9Yn2v4OI44aikyKAEc4WUUnW-NrptkneiSP5tnxjkRnDxl_HtOEejHhQNbpdzlFYC8HMvsGLJ8gh_shvcHYODJExC7vS5Zm_EyNOMHHLoXBK3n2G5wwtZ4_t_OGMEPzF679-r0JVB9/s400/04.jpg)
Step 5: Select General > Name(Enter target server name for identify) > Description(for more info. with target server) > Folder(for save scan items folder) > Scanner(for select scanner from local) > Targets(enter the target IP or URL, ex. 192.168.1.1-192.168.1.5, 192.168.2.0/24, test.com)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHIdhS_VLBG3vDaGa6_MROu_XCBoE6Et_d_03EZD0pInl_1OIcK-w1RYhhbkPGsjOubMqRfaE23jGBgL3kBgU3q5s59Rb-18T9YRD7mPyogMlXjTvEkWBZKH1s8CmXyf2u33k5ISz50TEM/s400/05.jpg)
Step 6: Finally double check all items then click Save to start scan.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0MAqKaVZoRVhyNCMa5VY7R3t9ts3RS2Iwubu2dSbgfs0y_o7KI_RNJRq70XrG3QC5zhGgOpZzPnL1dGItBZ8vHGBtbMEB7VH5co0KnxSkp_CmE3_Je87j8VB5U83oNJGTfK8oO3dZLhWQ/s400/06.jpg)
Step 7: Click the target name to check scanning status.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhC9u4d3Oqq3sMOao1YENrB7Ppn93BhDAyTrJcm2tezrHFVcTb5gBd7Vkl9w06pbDTGbqYCcWDG0O08u8ykk-UFOnhU0ktD7Bxb7hgKYzDvnlzJPN6bFJzY-Z02gj9kMJi-goEXv2B1pgB-/s400/07.jpg)
Step 8: Show the target server currently scanning detail information.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbPwkNJcxsns4KLpwneWNT3mc44o2y9qDnQ8qDQ9gs6GVUP7lQ2kYTktOVmUmbKgpZJ9JWC9h51wSLuBP9CRKr4OjEQzkpQeY4AT073Coa6nhteo4ncA7kyIf43iXPX32Tt8Dl5I2gG2rH/s400/08.jpg)
Step 9: After completed the scanning click the target for the detailed result.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhByefk_sZRTJvwRU-n53Nlt-T3e_5W1qjks7kN0jBXVnh_gftEaZ3JE-FTuLY0K23zFbsJ2RHhvssARtoZZ9XDgfq85pMbXTDwCpNZqzbdDLIT9G28ckOrNod7o95PJnQQ-GvUM_NvwaUd/s400/09.jpg)
Step 10: The result shows have 4 medium and 45 Info Vulnerabilities.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWb6tbzB-ane8BavNXmztKjEc0JXlUOPMUwwKpVpZO4xVhvEEuBe9vgQD65xuSC2BcDXrO0PitLwDw5FR5gCjmJ5ViHx18QIKYSTB7s_E49Y_JXsXCm58DMz92rKOeYH8BEix56Kg814Tl/s400/10.jpg)
Step 11: For example click
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKGdwd_m3trJZRUdamsaXcaZkvk0I9MngeJNxQJweVj7EA3PPWFeYcjGUvP712XTwQxmiWeaApr3vhZ67IHSRUCHE6EmyGxNHV-fzcpGtuMCPTPXFIXEVGhtTJcXhOoRSRbs7eXYifVPXr/s400/11.1.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhq3sMwEYeBJQq4-e4vfJ05WTjiCVF3Q9xu7YH1wIHYlAtrazBNnSoJDOwcXD-wPnIX-XKjRZBBAmVkGlaqTLGxN9UIIEtLmczvOcscGK16tiT0ce4yamPYhKkUsJzGRQGnQ1WCI4TqdRlb/s400/11.jpg)
Step 12: This vulnerability shows the description, solution and others.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4Vh-s1HsJZ8rU1gr3_6G9BvHc-oa60ehbsRaBnET-5L4JdfpL7Fu733d43FZIBBrQPelnPYl6qY9OG9kyspoORM0oUw96QLaVP-kTAL6nfBY7LbMyYRZ4HO8XWJ94T1E-AYBEqQRPTJ55/s400/12.jpg)
After that reference the solution to fix this vulnerability.
Step 13: Click Hosts back to main page.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcszfhlu0ARFHC8d33MT7uanTUUc-kCSb57BAqJSjQRNyd4hRiLlR2eBrST6XMkFdD1D1__6exO7SR25HET2DNI_5cI0OmtHxfH4How-lKKSlKjBqf8bwywhRqj_2Ii-JeUKAnxV6Ciq-q/s400/13.jpg)
Step 14: Select Export format download to the local.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGr3UqLsV6bYHgExgBQv-tLcJadEIeCa1hH4sWczb-31VkdihDg3mIRk5R0FkuFPRcQD9Z0qhqOhW_hJ6YOAL_b4aFGl9Vvn2EX0tyQJ1h6Mqd7yRl65z37DvrDlB9O9Rhevt-kM2lsYb1/s400/14.jpg)
Step 15: For this case export as a PDF then select Custom.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5uLRv3Ktrucy7QBmOZh-my7MldBgwZvHwcIe8pJrdSeCBTjRP0eKuhvKCKKbGD6q6pvFcbfkF4bsZ8xZuRANbNQe2yjX_FcAszIGW8AQ6t1yYq41utHjk2MgyujSVIGCjy9Sz6l36Gw6b/s320/15.jpg)
Step 16: Click
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilQfOQADpGNcGtxal4ZZ21aKENWD4w_UycTxFhD7NcL9Q2tuN0qsXcETZaN7jasYKycRmUK1ROqRZksASO2aFNbeEZIF9XaUqSEnT_LGPmSyp_D3rROQCePe6RHY_oc2HWnouvaW2p0VfV/s400/16.1.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZ0UfagGNAHcjyXEYcSw2APzk1X93V_BBXYRXg5a0IOh4IuG1GAIz2HMpAAtx79yGItJrzKNWRyHnB3ELF9wPZIMS07heqhmm81tOwFYCspcwLn_qJLqYCHv36gSQXtjqu7qxV2VkvGcLE/s400/16.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdzA1lfTQQVFps5EScjEi19Me7SHFB1ZGCTfLCf5STBX_np1bv_dEB4hPb6g30e9tZlZgV0pIZdB13d40bDWmuUqmHTrh-3EaVQjkytvpvBWACyex-C2UEa6Qji7HZ2DFDmc9NFtIuOapb/s400/17.jpg)
Step 17: Check the export PDF report(Windows_7_vnb5te.pdf) from local drive.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiEb_TObJdxLB5PL4XwrA_kJaqrPcHNWrAuImOh81N2-yJLDUYED2VDfOoIIEndCUDckoWxGmqNdQvhpNZNou41_9NImc-bcwaI7VKtpKUWf7TeACqstwWbuoeisnuI5Ue5MCPkMpmY87x/s400/19.jpg)
Step 18: Double click the PDF file to open Nessus official report with Adobe Acrobat Reader.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIAuqonO0T-f26KHvGco1-DNDHmr6lcjvOXXEAZmADNBpkU1ABP2NbWGnZ-iTGHRXbMKLHikI5tA77XQfQux2Vx1SjpPIc9NUf4EVaodqCsUwjJ_sJVqcc-658dJypXpPwmmkddfL4RD_j/s400/20.jpg)
Congratulations!
最後終於完成這次的弱點掃描分析與如何查詢與修復方法介紹。
Nessus 基本上提供不少弱點掃描的樣本,方便讓使用者可以直接使用,同時也提供可客製化的 Policies 做為修改之用。
這套弱點掃描工具的優點是,簡單易用且可以產出清楚的報告,所以業界普遍選擇這套 Nessus 做為弱點掃描的首選。
那這節我們就先介紹到這裡,以後如果還有機會,我們可以再做深入的探討。
我們下次見~ 掰掰!
~ See you ~
參考出處:
http://www.tenable.com/