A few words of thanks would be greatly appreciated.

Scanning a Debian-based network with Nessus

Nessus is a network scanner that tries to detect potential security vulnerabilities in the machines of a network (based on a list of known vulnerabilities).

Note that the Nessus vulnerability and threat database is updated daily, but you are also allowed to create your own plugins due to Nessus modularity.

Here is how to install Nessus (on Debian) and how to use it to scan a machine.


Nessus consists of 2 parts: the server and the client.

  • This is the server that performs safety tests.
  • The client may be located on another machine, and ask the server to perform a safety test on one or more machines.


sudo install nessus nessusd


We must add users to the Nessus server to allow them to carry out safety tests.

sudo nessus-adduser
  • Login: Enter the user name
  • Authentication: Just press ENTER (selection of 'password' as an authentication)
  • Login password: Enter the password for the user
  • Login password (again): Enter the password.
  • User rules: You can leave it empty. Just press CTRL + D
  • Is that ok? : Confirm the creation of the user and there ENTER


jak@ubuntu:~$ sudo nessus-adduser
Using /var/tmp as a temporary file holder

Add a new nessusd user

Login : john
Authentication (pass/cert) [pass] : 
Login password : 
Login password (again) : 

User rules
nessusd has a rules system which allows you to restrict the hosts
that john has the right to test. For instance, you may want
him to be able to scan his own host only.

Please see the nessus-adduser(8) man page for the rules syntax

Enter the rules for this user, and hit ctrl-D once you are done : 
(the user can have an empty rules set)

Login             : john
Password          : ***********
DN                : 
Rules             : 

Is that ok ? (y/n) [y] y
user added.

Starting Nessus Server

Start the Nessus server: sudo /etc/init.d/nessusd start

==Nessus Server Connection==

Start the Nessus client (start Nessus in a terminal or Applications Menu> Internet> Nessus Ubuntu)

Enter the Nessus server address, and the login and password, then click "Log in".

As the certificate of your Nessus server has not been signed by a certification authority, select the first option:

The certificate will then be shown: Accept it by clicking Yes.

Using the Nessus client

By default, the plugins at may crash down machines to be tested are disabled.
(Nessus also warn you of it by a small popup window.)

You can leave the defaults in the first instance.

  • Plugin tab lets you choose among the tests.
  • Credentials tab allows you to provide any logins / passwords to access the machines to test.
  • Scan options you can choose which ports to test and how to detect an open port.
  • Target can choose what to test: You can enter the IP address or the name of the machine to be tested.

Enter the IP address of the machine to be tested in the Target tab and click "Start the scan" at the bottom of the screen.

Leave the test be conducted:

Simply click on results to check out results (you can see the results by machine, by subnet, port, by severity ...)


Rights Management

Nessus has a rights management to describe precisely what are the rights assign to a user.


It is important to maintain the list of plugins up to date so that Nessus is able to detect the latest vulnerabilities.
Run regularly nessus-update-plugins: sudo nessus-update-plugins

If you use a proxy, create /etc/nessus/nessus-fetch.rc file and put in the address of the proxy and the login/passwords also:


A few words of thanks would be greatly appreciated.

Ask a question
CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jean-François Pillou, founder of CCM.net. CCM reaches more than 50 million unique visitors per month and is available in 11 languages.
This document, titled « Scanning a Debian-based network with Nessus », is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (ccm.net).

Subscribe To Our Newsletter!

The Best of CCM in Your Inbox

Subscribe To Our Newsletter!