Nessus recently released a Web Application Scanner that can be run directly from your Nessus scanner. This alongside Terrascan really helps broaden the landscape from just network scanning to other parts of a companies infrastructure all without using the more robust products like Tenable Security Center or Tenable Vulnerability Management.
So following the same logic as my terrascan article we click the checkbox and it should install right away right?…. alas no.
So we need to install Docker since WAS uses containers to run. What’s the easiest way to do that? We can go over to the documentation here:https://docs.tenable.com/nessus/Content/WebApplicationScanning.htm
“Before you enable web application scanning in Tenable Nessus Expert, you must install Docker version 20.0.0 or later on your Tenable Nessus host.”
Alright sounds easy enough, so we keep scanning the documents and see this handy video: https://www.youtube.com/watch?v=c4mkTh7fx4o. now were talking,
Ah, makes sense. Wait, but how do we install docker still!?!
We will need two things:
- Root access to the OS (or sudo)
- Knowledge of the OS and It’s CPU(Ubuntu? Maybe REHL? Could be Centos…)
Now we head over to Docker and see how we can do this ASAP. https://docs.docker.com/engine/install (I am using OL8(Oracle Linux 8))
So I went here:https://oracle-base.com/articles/linux/docker-install-docker-on-oracle-linux-ol8 and fired off these commands in rapid succession.
dnf install -y dnf-utils zip unzip
dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
dnf remove -y runc
dnf install -y docker-ce --nobest
systemctl enable docker.service
systemctl start docker.service
systemctl status docker.serviceWords went flying by and now my Nessus is not angry.
Let’s run a version check to make sure we are in adherence with version 20.0.0 of Docker specified in the documentation.
Alright we can go ahead and click “Retry Download”, then it will pull the WAS Image down to Docker and when we click “Save”
Finito! Now we can navigate to Scans>New Scan> and we will see Web App in the top left corner next to scanner and we can begin crashing our web application firewall!(allegedly)
