- Set up the scan target as local machine IP or localhost
- Start a full Nessus vulnerability scan
- Review vulnerabilities and severity
- Research fixes and mitigations
- Document the most critical findings
- Provide clear explanations for each screenshot
A vulnerability is a weakness in a system that attackers can exploit.
Examples include outdated software, weak SSL certificates, insecure services, or misconfigurations.
Severity uses CVSS scoring:
- Critical: 9.0–10
- High: 7.0–8.9
- Medium: 4.0–6.9
- Low: 0.1–3.9
- Info: Not exploitable but informational
Nessus Essentials is a popular, widely used vulnerability scanning tool.
It identifies:
- Weak configurations
- Missing patches
- SSL/TLS issues
- Exposed services
- System information leakages
It also provides:
- CVSS scores
- Remediation suggestions
- Professional reports
Find your local IP using:
ipconfig
Example:
IPv4 Address: 192.168.29.x
- Open Nessus →
https://localhost:8834/ - Go to New Scan
- Select Basic Network Scan
- Enter:
- Name: Task 3 – Vulnerability Scan
- Target: Your IPv4 Address
- Click Launch
This screenshot shows the overall results of the Nessus scan for the local machine.
- Total Vulnerabilities: 39
- Severity Levels: Medium, Low, and Informational
- List of detected issues, including:
- Netstat Portscanner
- DCE Services Enumeration
- MySQL Server Detection
- SSL/TLS information
- Host Details panel, including:
- IP Address
- Operating System (Windows 11)
- Start & End times
- Authentication status (Auth: Fail)
- Pie chart showing severity distribution
It demonstrates:
- Nessus completed the scan successfully
- The system has multiple detectable vulnerabilities
- The user understands severity distribution and basic scan interpretation
This screenshot shows Plugin ID 57582, a Medium‑severity vulnerability.
-
Name: SSL Self‑Signed Certificate
-
Severity: Medium
-
CVSS v3 Score: 6.5
-
Description:
The SSL certificate used by FileZilla Server is self‑signed and not trusted by recognized Certificate Authorities.
This can allow Man‑in‑the‑Middle (MITM) attacks. -
Output section shows:
- The certificate subject:
CN=filezilla-server self signed certificate - Affected port: 21/tcp (FTP)
- The certificate subject:
-
Solution:
Replace with a CA‑signed certificate or generate an internal trusted certificate.
It demonstrates:
- Ability to read, interpret, and document Nessus detailed findings
- Understanding of SSL/TLS issues
- Knowledge of remediation steps
| Vulnerability | Severity | Fix / Mitigation |
|---|---|---|
| SSL Self‑Signed Certificate | Medium | Install trusted CA certificate |
| Weak TLS Cipher Suites | Medium | Disable old ciphers (e.g., RC4, 3DES) |
| SMB Information Disclosure | Info | Restrict SMB access, disable SMBv1 |
| MySQL Detection | Info | Disable if unused, update MySQL |
| Service Enumeration | Info | Restrict unnecessary services |
This task demonstrates:
- Running Nessus scans
- Reviewing vulnerabilities
- Understanding CVSS severity
- Researching remediations
- Documenting findings professionally
- Explaining screenshots clearly
Nessus is a vital tool for SOC Analysts, Vulnerability Analysts, and Cybersecurity Engineers.