Install Nessus Vulnerability Scanner on Debian

Nessus is a cross-platform, comprehensive systems vulnerability scanner, which provides a wide range of penetration techniques. 

[EDIT July 2023]: this article has been updated from Nessus Home to Nessus Essentials.

Register for a Nessus Essentials Licence

Nessus Essentials registration if free and can be done on this page: https://www.tenable.com/products/nessus/nessus-essentials

Essentials licence is available for personal use and allows us to scan our environments with a limitation of up to 16 IP addresses per scanner.

Make sure that the email provided during the registration is valid as it will be used to send an activation code.

Download the Installation Package

Installation packages are available for download on this page: https://www.tenable.com/downloads/nessus

Select the package for your OS, in our case it is Debian.

$ curl --request GET \
  --url 'https://www.tenable.com/downloads/api/v2/pages/nessus/files/Nessus-10.5.3-debian10_amd64.deb' \
  --output 'Nessus-10.5.3-debian10_amd64.deb'

Installation

Install Nessus scanner:

$ sudo apt install ./Nessus-10.5.3-debian10_amd64.deb>

Enable and start the daemon:

$ sudo systemctl enable nessusd --now

Check that Nessus is running:

$ sudo ss -nltp | grep nessus
LISTEN    0   1024   0.0.0.0:8834  0.0.0.0:*     users:(("nessusd",pid=28820,fd=22))                                            
LISTEN    0   1024   [::]:8834     [::]:*        users:(("nessusd",pid=28820,fd=23))

Open a web browser and go to:

https://localhost:8834/

Make sure that TCP 8834 port is open on a firewall if intended to access form another PC.

$ sudo iptables -A INPUT -p tcp --dport 8834 -j ACCEPT

Follow the on-screen instructions: create a new user account, enter the activation code and download plugins (this is CPU and disk intensive task and takes a lot of time). Once the plugins are downloaded and processed, subsequent startups will be much faster.

Happy vulnerability scanning!