Nessus - Write-up - TryHackMe



  • Name: Nessus
  • Profile:
  • Difficulty: Easy
  • Description: Learn how to set up and use Nessus, a popular vulnerability scanner.




Install tools used in this WU on BlackArch Linux:

pikaur -S nessus

What is the name of the button which is used to launch a scan?

Answer: new scan

The blue button on the top right corner.

What side menu option allows us to create custom templates?

Answer: policies

The first item in the resources section.

What menu allows us to change plugin properties such as hiding them or changing their severity?

Answer: plugin rules

The second item in the resources section.

In the 'Scan Templates' section after clicking on 'New Scan', what scan allows us to see simply what hosts are alive?

Answer: host discovery

Explicit name.

One of the most useful scan types, which is considered to be 'suitable for any host'?

Answer: basic network scan

Not really the most useful, I'm using the advanced one every time.

What scan allows you to 'Authenticate to hosts and enumerate missing updates'?

Answer: credentialed patch audit

Explicit name.

What scan is specifically used for scanning Web Applications?

Answer: web application tests

Explicit name.


Create a new 'Basic Network Scan' targeting the deployed VM. What option can we set under 'BASIC' (on the left) to set a time for this scan to run? This can be very useful when network congestion is an issue.

Answer: schedule

Just do as told.

Under 'DISCOVERY' (on the left) set the 'Scan Type' to cover ports 1-65535. What is this type called?

Answer: port scan (all ports)

Just do as told.

What 'Scan Type' can we change to under 'ADVANCED' for lower bandwidth connection?

Answer: scan low bandwidth links

Just do as told.

After the scan completes, which 'Vulnerability' in the 'Port scanners' family can we view the details of to see the open ports on this host?

Answer: Nessus SYN scanner

Same type of scan we always do with nmap.

What Apache HTTP Server Version is reported by Nessus?

Answer: 2.4.99

Check the Apache HTTP Server Version module.

Scanning a Web Application!#

What is the plugin id of the plugin that determines the HTTP server type and version?

Answer: 10107

id of the HTTP Server Type and Version plugin.

What authentication page is discovered by the scanner that transmits credentials in cleartext?

Answer: /login.php

Check the Web Server Transmits Cleartext Credentials plugin.

What is the file extension of the config backup?

Answer: .bak

Check the Backup Files Disclosure plugin.

Which directory contains example documents? (This will be in a php directory)

Answer: /external/phpids/0.6/docs/examples/

Check the Browsable Web Directories plugin.

What vulnerability is this application susceptible to that is associated with X-Frame-Options?

Answer: Clickjacking

Check the Web Application Potentially Vulnerable to Clickjacking module.