top of page

Tips for vulnerability assessment of your vSphere environments[Part-2] - Using Nessus!!

In the previous post, we looked at some of the steps involved in performing a vulnerability scan on vSphere environments manually using tools such as nmap and online vulnerability databases such as CVE and NVD.

As mentioned in the previous post, a manual scan can become very tedious, and almost impossible for massive datacenters. To simplify our work, we have several tools available that automate the vulnerability scanning task. Some examples include:

- AlienVault

- Nessus

- Qualys

In this blog post, we shall take a look at how to use the Nessus vulnerability scanner tool from "Tenable" to perform vulnerability assessments of our vSphere environments. You can find the download and setup instructions of Nessus from the Tenable website:

In this blog post, I am assuming that Nessus is pre-installed. For this blog post I will be using the Nessus Essentials version, which is a free to use version for "NON-COMMERCIAL" purposes only, like educational, homelab etc.

Let us dive into the vulnerability assessment. Let us quickly recap the steps involved in vulnerability assessment of a vSphere host (covered in Part-1 of this series):

1- Discover live hosts in the network

2- Identify hosts running ESXi in the network

3- Discover open ports and services running on vCenter server.

4- Identify vulnerabilities on the vCenter server.

STAGE 1: Firstly, let us look at "Host Discovery" scan which would cover steps [1-3] from above:

1- On your web browser, navigate to "https://localhost:8834"

2- You will be directed to the Nessus scanner landing page, click on "scans":

3- Now click on "New Folder", enter a name for the folder and click on "Create"

4- From the left hand pane, click on yhe folder you just created and then click on "+ New Scan":

5- Using the "Host Discovery" Scan template, you can perform steps [1-3] from the steps outlined above for performing vulnerability scans. Click on the "Host Discovery":

6- The host discovery scan configuration page opens up. Enter a name for your scan under "Name". Under "Targets", enter the IP/IP range of your target environment:

7- On the right hand page of this window, click on "Discovery". In the "scan type" drop down, select the type of scan you would want to perform and then click on save:

8- Now, navigate back to your scans folder on Nessus window. Select the scan you just created. Click on the "More" drop down on the top right corner and select "Launch":

9- You will see the can progresses. Wait for the scan to be completed for the results:

Well, that is specific and accurate!!

STAGE 2: Now that we have discovered the ESXi hosts in our environment, let us look at the steps for setting up a vulnerability scan task for our ESXi host.

1- Navigate back to your scan folder and click on "+ New Scan". This time we select the "Advanced Scan" template:

2- The scan configuration window opens up. In the "General" tab under settings, enter the scan name and target ESXi host IP address:

3- Click on the "Credentials" tab. From the "Categories" drop down select " Miscellaneous".

4- Scroll to select the "vCenter ESX SOAP API" option:

5- Now, enter your vCenter IP/FQDN, username and password. We will use HTTPS to connect to vCenter, so that is set to "on". In this example, I am not checking the "Verify SSL Certificate option". You may select this option based on your environment configurations. I have selected the "Auto Discover Managed ESXi hosts.

6- Click on save. Navigate to your scans folder, select the scan you just created and launch the scan:

7- The scan will start execution. The scan will take a while to complete, but since it is automated, sit back and relax while the tool does the scanning.

You can also export the scanned reports to PDF format, post the scan.

Well, that's a wrap on today's blog post! Merry Christmas to all the readers!!

28 views0 comments
bottom of page