nessus

本文为12月第二周网站忘记续费后从webcache里面找回的，丢失图片

这篇仍旧是漏洞排查系列过程之 nessus的安装部分，找到2篇教程，基本无坑，这里照抄了 :eek: ，自己存档用，3周前的草稿了，今天补全：）

使用centos安装nessus 8.13，并解除IP限制
 Nessus 8.11.1 最新版破解方法无16IP限制

下载

https://www.tenable.com/downloads/nessus

我这边的平台是 CentOS7，就选它了

申请激活码

去nessus官方申请激活码，https://zh-cn.tenable.com/products/nessus/nessus-essentials

姓名随便填，邮箱必须正确，用来接收激活码。

另外左侧红框可以看到，默认最大16个ip地址。

邮箱收到如下邮件

Your Nessus Essentials License

开始安装

rpm -ivh Nessus-8.13.1-es7.x86_64.rpm</code> 启动

1	rpm -ivh Nessus-8.13.1-es7.x86_64.rpm</code> 启动

service nessusd start</code> 开始配置

1	service nessusd start</code> 开始配置

https://centos的ip:8834

在打开的页面中选择“Managed Scanner”，并点击continue。

如下页面中选择Tenable.sc，并continue。这里下拉框要看清，别选错了。

设置用户名，密码，并提交submit。

进入nessus设置about页面。这个时候，nessus是没有scan功能的。

离线激活

1）获得挑战码（challenge code）

[root@10-23-2-20 ~]# /opt/nessus/sbin/nessuscli fetch --challenge

2）获取离线插件包地址及激活证书。

浏览器打开网页 https://plugins.nessus.org/v2/offline.php ，输入第二步邮箱中申请的激活码，以及上一步得到的挑战码。

得到更新插件地址，及license证书。

下载更新包，下载证书nessus.license。

更新包及license传到centos7。

安装插件包

<span class="token punctuation">[</span>root@10-23-2-20 ~<span class="token punctuation">]</span># <span class="token operator">/</span>opt<span class="token operator">/</span>nessus<span class="token operator">/</span>sbin<span class="token operator">/</span>nessuscli update <span class="token punctuation">.</span><span class="token operator">/</span>all<span class="token operator">-</span><span class="token number">2.0</span><span class="token punctuation">.</span>tar<span class="token punctuation">.</span>gz

[root@10-23-2-20 ~]# /opt/nessus/sbin/nessuscli update ./all-2.0.tar.gz

离线激活nessus。

<span class="token punctuation">[</span>root@10-23-2-20 ~<span class="token punctuation">]</span># <span class="token operator">/</span>opt<span class="token operator">/</span>nessus<span class="token operator">/</span>sbin<span class="token operator">/</span>nessuscli fetch <span class="token operator">--</span>register<span class="token operator">-</span>offline <span class="token punctuation">.</span><span class="token operator">/</span>nessus<span class="token punctuation">.</span>license

[root@10-23-2-20 ~]# /opt/nessus/sbin/nessuscli fetch --register-offline ./nessus.license

`此时强烈建议备份/opt/nessus/lib/nessus/plugins/`

<span class="token punctuation">[root@10-23-2-20</span> <span class="token operator">~</span><span class="token punctuation">]</span># cp <span class="token operator">-</span>r <span class="token operator">/</span>opt<span class="token operator">/</span>nessus<span class="token operator">/</span>lib<span class="token operator">/</span>nessus<span class="token operator">/</span>plugins<span class="token operator">/</span> <span class="token punctuation">.</span><span class="token operator">/</span></code> 重启nessus

[root@10-23-2-20 ~]# cp -r /opt/nessus/lib/nessus/plugins/ ./</code> 重启nessus

<span class="token punctuation">[root@10-23-2-20</span> <span class="token operator">~</span><span class="token punctuation">]</span># service nessusd restart

1	<span class="token punctuation">[root@10-23-2-20</span> <span class="token operator">~</span><span class="token punctuation">]</span># service nessusd restart

打开浏览器访问nessus。会初始化插件。时间很长，静待。

完成后进入nessus系统。显示激活成功，具有了scan功能。但显示仅允许扫描16个IP。

解除IP限制

获取当前plugins的版本。

打开如下的页面，并记录下版本号。

https://plugins.nessus.org/v2/plugins.php

停止nessus服务

创建 plugin_feed_info.inc

<span class="token punctuation">[root@10-23-2-20</span> <span class="token operator">~</span><span class="token punctuation">]</span># vim plugin_feed_info<span class="token punctuation">.</span>inc

1 2	<span class="token punctuation">[root@10-23-2-20</span> <span class="token operator">~</span><span class="token punctuation">]</span># vim plugin_feed_info<span class="token punctuation">.</span>inc

内容如下，并将刚刚获取到的版本号替换如下内容中的数字串。

PLUGIN_SET = "202103010119";
PLUGIN_FEED = "ProfessionalFeed (Direct)";
PLUGIN_FEED_TRANSPORT = "Tenable Network Security Lightning";

PLUGIN_SET = "202103010119";

PLUGIN_FEED = "ProfessionalFeed (Direct)";

PLUGIN_FEED_TRANSPORT = "Tenable Network Security Lightning";

将plugin_feed_info.inc替换到 /opt/nessus/var/nessus/plugin_feed_info.inc

<span class="token punctuation">[root@10-23-2-20</span> <span class="token operator">~</span><span class="token punctuation">]</span># cp <span class="token operator">/</span>root<span class="token operator">/</span>plugin_feed_info<span class="token punctuation">.</span>inc <span class="token operator">/</span>opt<span class="token operator">/</span>nessus<span class="token operator">/</span><span class="token keyword">var</span><span class="token operator">/</span>nessus<span class="token operator">/</span>

[root@10-23-2-20 ~]# cp /root/plugin_feed_info.inc /opt/nessus/var/nessus/

将 /opt/nessus/lib/nessus/plugins/plugin_feed_info.inc 文件删除。

<span class="token punctuation">[root@10-23-2-20</span> <span class="token operator">~</span><span class="token punctuation">]</span># rm <span class="token operator">-</span>rf <span class="token operator">/</span>opt<span class="token operator">/</span>nessus<span class="token operator">/</span>lib<span class="token operator">/</span>nessus<span class="token operator">/</span>plugins<span class="token operator">/</span>plugin_feed_info<span class="token punctuation">.</span>inc

[root@10-23-2-20 ~]# rm -rf /opt/nessus/lib/nessus/plugins/plugin_feed_info.inc

启动nessus服务

<span class="token punctuation">[root@10-23-2-20</span> <span class="token operator">~</span><span class="token punctuation">]</span># service nessusd start

1	<span class="token punctuation">[root@10-23-2-20</span> <span class="token operator">~</span><span class="token punctuation">]</span># service nessusd start

打开浏览器，访问nessus，会看到nessus初始化插件，完成后，看设置页面显示 unlimited。表示解除IP限制成功。

. 后续

由于Nessus服务每次重启后，都会重置plugin_feed_info.inc，这将会使nessus/plugins目录下所有的插件都被删除，无法扫描。因此要将nessus服务设置为手动，并且先停止nessus服务。

<span class="token punctuation">[root@10-23-2-20</span> <span class="token operator">~</span><span class="token punctuation">]</span># systemctl disable nessusd
<span class="token punctuation">[root@10-23-2-20</span> <span class="token operator">~</span><span class="token punctuation">]</span># service nessusd stop

[root@10-23-2-20 ~]# systemctl disable nessusd

[root@10-23-2-20 ~]# service nessusd stop

以后每次使用nessus就重复第6步的操作。

故可以写成批处理。

<span class="token punctuation">[root@10-23-2-20</span> <span class="token operator">~</span><span class="token punctuation">]</span># vim crack_nessus<span class="token punctuation">.</span>sh

1 2	<span class="token punctuation">[root@10-23-2-20</span> <span class="token operator">~</span><span class="token punctuation">]</span># vim crack_nessus<span class="token punctuation">.</span>sh

内容如下：

service nessusd stop<span class="token punctuation">;</span>
cp <span class="token operator">/</span>root<span class="token operator">/</span>plugin_feed_info<span class="token punctuation">.</span>inc <span class="token operator">/</span>opt<span class="token operator">/</span>nessus<span class="token operator">/</span><span class="token keyword">var</span><span class="token operator">/</span>nessus<span class="token operator">/</span><span class="token punctuation">;</span>
rm <span class="token operator">-</span>rf <span class="token operator">/</span>opt<span class="token operator">/</span>nessus<span class="token operator">/</span>lib<span class="token operator">/</span>nessus<span class="token operator">/</span>plugins<span class="token operator">/</span>plugin_feed_info<span class="token punctuation">.</span>inc<span class="token punctuation">;</span>
service nessusd start<span class="token punctuation">;</span>

service nessusd stop;

cp /root/plugin_feed_info.inc /opt/nessus/var/nessus/;

rm -rf /opt/nessus/lib/nessus/plugins/plugin_feed_info.inc;

service nessusd start;

将crack_nessus.sh写到系统启动的脚本里。这样每次重启CentOS，会自动执行解除IP限制程序。

<span class="token punctuation">[root@10-23-2-20</span> <span class="token operator">~</span><span class="token punctuation">]</span># chmod <span class="token operator">+</span>x  <span class="token operator">/</span>etc<span class="token operator">/</span>rc<span class="token punctuation">.</span>d<span class="token operator">/</span>rc<span class="token punctuation">.</span>local 
<span class="token punctuation">[root@10-23-2-20</span> <span class="token operator">~</span><span class="token punctuation">]</span># vim  <span class="token operator">/</span>etc<span class="token operator">/</span>rc<span class="token punctuation">.</span>d<span class="token operator">/</span>rc<span class="token punctuation">.</span>local

[root@10-23-2-20 ~]# chmod +x /etc/rc.d/rc.local

[root@10-23-2-20 ~]# vim /etc/rc.d/rc.local

添加如下内容到rc.local

/bin/bash /root/crack_nessus.sh

1 2	/bin/bash /root/crack_nessus.sh

至此，nessus完全解除IP限制完成。

可能遇到的坑及相应的解决办法

在解除ip限制的过程中，如果已经解除成功，但是新建扫描项目时，发现很快就结束，无扫描结果。此时查看plugins目录内容是否被删除。

<span class="token punctuation">[root@10-23-2-20</span> <span class="token operator">~</span><span class="token punctuation">]</span># du <span class="token operator">-</span>h <span class="token operator">/</span>opt<span class="token operator">/</span>nessus<span class="token operator">/</span>lib<span class="token operator">/</span>nessus<span class="token operator">/</span>plugins

[root@10-23-2-20 ~]# du -h /opt/nessus/lib/nessus/plugins

正常情况下，该目录应该在1.2G左右。如远远低于此数值。请按如下步骤操作（前提是备份好了plugins目录）：

service nessusd stop<span class="token punctuation">;</span>
rm <span class="token operator">-</span>rf <span class="token operator">/</span>opt<span class="token operator">/</span>nessus<span class="token operator">/</span>lib<span class="token operator">/</span>nessus<span class="token operator">/</span>plugins
cp <span class="token operator">-</span>r <span class="token punctuation">.</span><span class="token operator">/</span>plugins <span class="token operator">/</span>opt<span class="token operator">/</span>nessus<span class="token operator">/</span>lib<span class="token operator">/</span>nessus<span class="token operator">/</span>
cp <span class="token operator">/</span>root<span class="token operator">/</span>plugin_feed_info<span class="token punctuation">.</span>inc <span class="token operator">/</span>opt<span class="token operator">/</span>nessus<span class="token operator">/</span><span class="token keyword">var</span><span class="token operator">/</span>nessus<span class="token operator">/</span><span class="token punctuation">;</span>
rm <span class="token operator">-</span>rf <span class="token operator">/</span>opt<span class="token operator">/</span>nessus<span class="token operator">/</span>lib<span class="token operator">/</span>nessus<span class="token operator">/</span>plugins<span class="token operator">/</span>plugin_feed_info<span class="token punctuation">.</span>inc<span class="token punctuation">;</span>
service nessusd start<span class="token punctuation">;</span>