Invest in yourself, Learn Today and Lead Tomorrow! Special Learner Discount - Get 20% OFF - Use Coupon: LEARN20 Now!
+011 4734 4723[email protected]

How to Do Authenticated (Credentialed) Scans

Authenticated (credentialed) scans in Nessus allow the scanner to log in to target systems and perform a more in-depth analysis of their security posture. Unlike unauthenticated scans, which focus on what’s visible externally, credentialed scans reveal vulnerabilities in configurations, installed software, and permissions that are only accessible to authenticated users.

Here’s a detailed guide on how to set up and perform authenticated scans in Nessus.

1. What Are Authenticated Scans?

Authenticated scans use credentials to log in to the target system and assess:

  • Installed patches and updates.
  • User permissions and password policies.
  • Configuration issues and security settings.
  • Software vulnerabilities in applications and operating systems.

They are more accurate and produce fewer false positives compared to unauthenticated scans.

2. Prerequisites

  1. Nessus Installed and Configured:
    • Ensure Nessus is installed, licensed, and updated with the latest plugins.
  2. Valid Credentials:
    • Obtain credentials for the target system, such as:
      • SSH credentials for Linux/Unix systems.
      • Windows credentials (e.g., username and password, domain account).
      • SNMP community strings for network devices.
      • Database credentials for specific database scans.
  3. Target System Prepared:
    • Verify the system allows login using the credentials.
    • Ensure that firewalls or access control lists (ACLs) do not block Nessus from accessing the target system.

3. Setting Up an Authenticated Scan

Step 1: Create a New Scan

  1. Log in to the Nessus interface.
  2. Navigate to My Scans.
  3. Click New Scan and select an appropriate template, such as:
    • Basic Network Scan for general scans.
    • Advanced Scan for detailed customization.

Step 2: Configure Scan Settings

  1. General Settings:
    • Enter a descriptive name for the scan.
    • Provide target IPs, hostnames, or ranges.
  2. Port Ranges:
    • Use default ports or specify a custom range based on your environment.
  3. Scan Type:
    • Choose the intensity and depth of the scan, depending on the target.

Step 3: Add Credentials

Navigate to the Credentials tab and add the required credentials based on the target system.

  1. Windows Credentials:
    • Choose Windows and enter:
      • Username: The user account name.
      • Password: The account password.
      • Domain: The domain name (if applicable).
    • Enable SMB signing and PowerShell-based detection if supported.
  2. SSH Credentials (for Linux/Unix):
    • Choose SSH and enter:
      • Username: The SSH user account.
      • Authentication Method: Password or private key.
      • Password or Private Key: Provide the relevant authentication data.
      • Passphrase: Add the passphrase for the private key if applicable.
    • Enable privilege escalation (e.g., sudo) if root-level access is required.
  3. Database Credentials:
    • Select Database and provide login information for specific database types (e.g., MySQL, Oracle).
  4. SNMP Credentials (for network devices):
    • Select SNMP and provide the community string or version-specific settings.
  5. Custom Credentials:
    • Add other credentials, such as API tokens, if needed for specific environments.

Step 4: Save the Scan

After entering all the necessary settings and credentials, save the scan.

4. Running the Authenticated Scan

  1. Locate the saved scan in the My Scans folder.
  2. Click Launch to start the scan.
  3. Monitor the scan’s progress in real-time.
    • Credentialed scans may take longer as they access more data.

5. Reviewing Scan Results

Once the scan is complete, analyze the results to identify vulnerabilities.

  1. Credential Success:
    • Verify that the credentials worked. Check the scan results for a message like “Authenticated scan successful” or similar indicators.
  2. Vulnerability Insights:
    • Credentialed scans reveal:
      • Missing patches or outdated software.
      • Weak file or directory permissions.
      • Misconfigurations in system settings.
    • These findings are detailed with affected hosts, severity levels, and remediation steps.
  3. System-Specific Issues:
    • Drill down into individual hosts to see vulnerabilities related to installed applications, configurations, or accounts.

6. Troubleshooting Credentialed Scans

  1. Failed Authentication:
    • Ensure the credentials are correct and the user account has the necessary permissions.
    • Verify that Nessus has network access to the target.
  2. Privilege Escalation Issues:
    • For Linux/Unix systems, confirm that the user can escalate privileges using sudo or other methods.
  3. Blocked Access:
    • Check firewalls, ACLs, or endpoint protection systems that might block Nessus traffic.
  4. Unsupported Configurations:
    • Some configurations may not be supported by Nessus. Check the Nessus documentation for specific limitations.

7. Best Practices for Authenticated Scans

  1. Use Least Privileged Accounts:
    • Provide only the permissions necessary for Nessus to perform its scans.
  2. Use Secure Authentication Methods:
    • Prefer SSH keys over passwords for Linux/Unix systems.
    • Use strong passwords and enable two-factor authentication if possible.
  3. Keep Credentials Secure:
    • Store credentials securely in Nessus and avoid sharing them unnecessarily.
  4. Test Credentials:
    • Verify the credentials manually before configuring them in Nessus.
  5. Regular Scans:
    • Schedule credentialed scans to run regularly, ensuring continuous monitoring of vulnerabilities.

8. Benefits of Authenticated Scans

  • Comprehensive Results:
    • Access vulnerabilities not visible to unauthenticated scans, such as internal configurations or missing patches.
  • Reduced False Positives:
    • Validate vulnerabilities with deeper access to the system.
  • Compliance and Auditing:
    • Credentialed scans are essential for meeting regulatory and compliance requirements (e.g., PCI DSS, HIPAA).

Authenticated scans in Nessus provide detailed insights into vulnerabilities that are not visible externally, making them an essential part of any robust security assessment. Following the steps above, you can configure and run effective credentialed scans, ensuring a thorough evaluation of your systems’ security posture. Regularly performing these scans helps minimize risks and maintain compliance with security standards.

Anandita Doda
How to Use Web Application Scanner
Vulnerability Scanning with Metasploit

Get industry recognized certification – Contact us

keyboard_arrow_up
Open chat
Need help?
Powered by Joinchat
Hello 👋
Can we help you?