Learning Nessus for Penetration Testing -- Table of Contents -- Learning Nessus for Penetration Testing -- Credits -- About the Author -- About the Reviewers -- www.PacktPub.com -- Support files, eBooks, discount offers and more -- Why Subscribe? -- Free Access for Packt account holders -- Preface -- What this book covers -- What you need for this book -- Who this book is for -- Conventions -- Reader feedback -- Customer support -- Errata -- Piracy -- Questions -- 1. Fundamentals -- Vulnerability Assessment and Penetration Testing -- Need for Vulnerability Assessment -- Risk prevention -- Compliance requirements -- The life cycles of Vulnerability Assessment and Penetration Testing -- Stage 1 - scoping -- Stage 2 - information gathering -- Stage 3 - vulnerability scanning -- Stage 4 - false positive analysis -- Stage 5 - vulnerability exploitation (Penetration Testing) -- Stage 6 - report generation -- Introduction to Nessus -- Initial Nessus setup -- Scheduling scans -- The Nessus plugin -- Patch management using Nessus -- Governance, risk, and compliance checks using Nessus -- Installing Nessus on different platforms -- Prerequisites -- Installing Nessus on Windows 7 -- Installing Nessus on Linux -- Definition update -- Online plugin updates -- Offline plugin updates -- Custom plugins feed host-based updates -- User management -- Adding a new user -- Deleting an existing user -- Changing the password or role of an existing user -- Nessus system configuration -- General Settings -- SMTP settings -- Web proxy settings -- Feed Settings -- Mobile Settings -- ActiveSync (Exchange) -- Apple Profile Manager -- Good For Enterprise -- Result Settings -- Advanced Settings -- Summary -- 2. Scanning -- Scan prerequisites -- Scan-based target system admin credentials -- Direct connectivity without a firewall -- Scanning window to be agreed upon.

Scanning approvals and related paper work -- Backup of all systems including data and configuration -- Updating Nessus plugins -- Creating a scan policy as per target system OS and information -- Configuring a scan policy to check for an organization's security policy compliance -- Gathering information of target systems -- Sufficient network bandwidth to run the scan -- Target system support staff -- Policy configuration -- Default policy settings -- New policy creation -- General Settings -- Credentialed scan -- The Windows credentials option -- Windows usernames, passwords, and domains -- The SSH settings option -- The Kerberos configuration option -- The Cleartext protocols settings option -- Plugins -- Filtering -- Preferences -- Scan configuration -- Configuring a new scan -- General settings -- E-mail settings -- Scan execution and results -- Summary -- 3. Scan Analysis -- Result analysis -- Report interpretation -- Hosts Summary (Executive) -- Vulnerabilities By Host -- Vulnerabilities By Plugin -- False positive analysis -- Understanding an organization's environment -- Target-critical vulnerabilities -- Proof of concept -- Port scanning tools -- Effort estimation -- Vulnerability analysis -- False positives -- Risk severity -- Applicability analysis -- Fix recommendations -- Vulnerability exploiting -- Exploit example 1 -- Exploit example 2 -- Exploit example 3 -- Summary -- 4. Reporting Options -- Vulnerability Assessment report -- Nessus report generation -- Report filtering option -- Nessus report content -- Report customization -- Report automation -- Summary -- 5. Compliance Checks -- Audit policies -- Credentials -- Compliance reporting -- Auditing infrastructure -- Windows compliance check -- Windows File Content -- Unix compliance check -- Cisco IOS compliance checks -- Database compliance checks -- PCI DSS compliance.

VMware vCenter/vSphere Compliance Check -- Summary -- Index.