A few examples taking from http://en.wikipedia.org/wiki/Nessus_(software) :
- Vulnerabilities that allow a remote cracker to control or access sensitive data on a system.
- Misconfiguration (e.g. open mail relay, missing patches, etc).
- Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.
- Denials of service against the TCP/IP stack by using mangled packets
I had a task in getting Nessus installed on bactrack 4 but im not gonna get into that. Refer to the following link for instructions and don't ever forget your new best friend google.com
# /etc/init.d/nessusd start # cd /opt/nessus/bin # ./NessusClient
On the 'Scan' tab click on the '+' button and enter in the host or range of hosts that you would like to scan by their respective IP addresses. Click on Save.
Click on the 'Connect' button to the bottom left of the screen. Click on the '+' button then Enter in the required information (remember the host is gonna be 127.0.0.1 and port should remain 1241. The username and password would have been created in your nessus setup stages). Click on Save. Click on Connect. NessusClient is gonna attmep to connect to the nessus server at this point. Upon succestful connectivity, you should have the right hand '+' button enabled (would be disabled initially). Click on that '+' button. The next window should present you with a ton of options and settings at your disposal. I'd leave that up to you to determine whats right for you but the defaults should be fine for now to get things up and running. Click on Save. Then Click the Scan now button. You have now just performed a somewhat professional vulnerability audit of a system. When the scan is finished you would be presented with a report of nessus's findings. What you do from here onwards is up to you and you little imagination.
http://www.nessus.org/ http://en.wikipedia.org/wiki/Nessus_(software) http://www.itsolutionskb.com/2009/04/how-to-install-nessus-on-backtrack-4/