Deploying Nessus Vulnerability Scanner in Windows using Docker

Recently I have started using a vulnerability scanner to scan vulnerabilities using Nessus Essentials in the web applications that we develop. I have deployed Nessus Essentials as a docker container in my work Windows system. I would like to document the method how I installed this vulnerability scanner using docker in a windows system. This article can help someone who is in a similar situation seeking to use a vulnerability scanner for securing their web applications.

Docker Installation

Docker desktop should be running without issues

Docker Desktop

Docker commandline can be accessed from powershell

Docker command line in Power shell

Getting Activation Code

You need to get an activation code from Tenable before you deploy it into your docker container. Go to this link(Get ActivationCode)and click Register Now under Nessus Essentials section

Click Register now

In the following page enter Firstname, Lastname and your email address

You will receive an email from no-reply@tenable.com with an activation code. Keep it safe for later use. This is a one-time code. If you uninstall and then reinstall you will need to register the scanner again and receive another activation code.

Deploy Nessus as a Docker Image

Tenable does not recommend deploying Nessus in a Docker container that shares a network interface controller (NIC) with another Docker container.

Access the Nessus Docker image from https://hub.docker.com/r/tenableofficial/nessus

To deploy Nessus as a docker image:

In Windows Powershell, use the docker pull command to get the image
```$ docker pull tenableofficial/nessus```

While downloading image
After docker image downloaded

After the image is successfully downloaded, Use the docker run command to run your image

Note: Tenable recommends you use environment variables to configure your instance of Nessus when you run the image. If you do not include environment variables such as an activation code, username, password, or linking key (if creating a managed Nessus scanner), you must configure those items later.

$ docker run — name “container name” -d -p 8834:8834 -e ACTIVATION_CODE=<activation code> -e USERNAME=<username> -e PASSWORD=<password> tenableofficial/nessus

I ran the docker image without environment variables with the below command. I configured the activation code and username credentials at later part


$ docker run --name "sarannessuslocal" -d -p 8834:8834 tenableofficial/nessus

Check if nessus docker container is running using docker ps command

You can also verify in Docker Desktop app

Nessus Essentials is successfully deployed as an Docker image in your windows machine

Using Nessus Essentials for the first time

Click Proceed

Click Nessus Essentials and proceed

You can skip the next part if you have requested for Activation code already. I have requested so I am skipping the next screen

Enter the activation code and click continue

Set a main admin username and password to access your Nessus Essentials

The following screen takes longer based on your network speed and system performance. Plugins needed for network scans are downloaded from the Internet and installed for your usage

Offline Activation

Check the Offline activation checkbox and Offline registration link on the page. Copy the challenge code

Paste the copied challenge code and the activation code that you received in the Offline registration page

Copy the license characters that you are presented after activation

Return to your nessus essentials page and paste the copied license key in the provided text box. Your product will be activated successfully.

If you used the offline activation method there is a high chance that Nessus plugins won’t be downloaded successfully due to your organization’s firewall and proxy configurations.

In order for the Nessus vulnerability scanner to successfully work inside your work system or pc you need to whitelist these url’s your work machine.

If you cannot change firewall settings, disable proxy configuration or VPN configuration when you are performing the vulnerability scanning

Attention followers! Show your support for my work and keep me fueled by buying me a coffee on BuyMeACoffee. Your generosity helps me keep creating content for you. Follow this link https://www.buymeacoffee.com/saransenwrites to make a contribution today. Thank you for your support!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Saranyan Senthivel

I believe writing is not only a way for me to improve my vocabulary and grammar, also a way for me to learn from others and continue to grow as a professional