Table of Contents Scan a network Advanced Scans Basic Network Scans Launch A Scan Results Exports Executive Report Technical Report Scan a network Target: 192.168.1.0/24 Nessus provides a set of ready-to-use templates. For general scans, the (1) Advanced Scan and (2) Basic Network Scan would work. The differences are the Advanced Scan supports the Compliance and Plugins which can be used to fine-tune the compliance checks (credentials are required) and plugins.

Table of Contents Scan large IP block Exclude IP blocks of sensitive part of the Internet Include IP blocks for targeted IP blocks Transmission Rates Specify ports and ranges Pull the services and banners Output formats Manage config for different scanning strategies The base system used to perform the scans: root@192.168.1.11:~# uname -a Linux kali 4.9.0-kali3-amd64 #1 SMP Debian 4.9.13-1kali2 (2017-03-07) x86_64 GNU/Linux Scan large IP block Scan the entire 175.

Table of Contents Scan a Network/Subnet Host Discovery Scan a large public network Scan a private network: 192.168.1.0/24 Scan a Single Target Remote OS and Service Detection Host and Port State Reason List of Examples Scan a Network/Subnet Host Discovery HOST DISCOVERY: -sL: List Scan - simply list targets to scan, without sending any packets to the target hosts, useful to generate list of target hosts and dns resolution.

Table of Contents Scan for vulnerability Create a HTTP request file Scan the target Explore the vulnerable target’s databases and system Dictionary attack against password hashes and dump full credentials OS Shell Access Behind the scene Speedup the process and specify custom injection payloads Capture and decode the payload with Ngrep with Wireshark Decode the payload Scan for vulnerability Create a HTTP request file Use -r option instead of passing long parameters of --url, --user-agent, etc.