LAB L11 · VULNERABILITY MANAGEMENT · INTERMEDIATE

Vulnerability Triage with AI + Nessus

Run Nessus Essentials (free) against Metasploitable, analyze 50+ vulnerabilities, and use AI to prioritize CVEs by CVSS score, exploit availability, and business impact — generating an executive-ready risk report.

⏱ 90 min

🖥️ Kali + Metasploitable

🔧 Nessus Essentials (free) · Python · CVSS

🤖 AI Risk Prioritization

📋 Lab Scenario

Your manager wants a vulnerability report for a legacy server before it's migrated. You have 24 hours to scan, prioritize, and present findings to the security committee. The scan will return 50+ vulnerabilities — your job is to tell them which 5 to fix first and why.

Phase 0 — Install & Configure Nessus

Set up Nessus Essentials (free for 16 IPs)

Download and install Nessus Essentials

Free forever for up to 16 IP addresses — perfect for home labs

Download from tenable.com/products/nessus/nessus-essentials (free registration required). Install on Kali Linux:

# After downloading the .deb file:
sudo dpkg -i Nessus-*.deb
sudo systemctl start nessusd
sudo systemctl enable nessusd
# Access UI at: https://localhost:8834
# Complete setup wizard and enter activation code (emailed after registration)

💡

Plugin compilation takes 15-30 minutes on first run. Start this step early and work on something else while it compiles.

Configure the scan policy

A basic network scan policy gives the best results for Metasploitable

# In Nessus UI (https://localhost:8834):
# New Scan → Basic Network Scan
# Name: "Metasploitable Lab Scan"
# Targets: 192.168.56.101
# Under Discovery: Port scan range = 1-65535
# Under Assessment: Enable all safe checks
# Credentials (optional for deeper scan):
#   SSH: username=msfadmin, password=msfadmin

Phase 1 — Run Scan & Analyze Results

Execute the vulnerability scan and review findings

Launch the scan and review severity distribution

Nessus will find 50+ vulnerabilities on Metasploitable

Click Launch to start the scan. It takes 10-20 minutes. When complete, review the summary: how many Critical, High, Medium, Low findings?

🤖 AI Analyst

Screenshot or copy the vulnerability count by severity (Critical/High/Medium/Low/Info). The AI will explain what the distribution means, which severity levels need immediate action, and how this compares to industry baselines.

Export findings to CSV for AI analysis

Export so AI can process the full vulnerability list

# In Nessus UI: Report → Export → CSV
# Then process with Python for prioritization
python3 << 'EOF'
import csv
with open('nessus_export.csv') as f:
    vulns = list(csv.DictReader(f))
criticals = [v for v in vulns if v.get('Risk') == 'Critical']
print(f"Total: {len(vulns)} | Critical: {len(criticals)}")
for v in sorted(criticals, key=lambda x: float(x.get('CVSS v3.0 Base Score','0') or 0), reverse=True):
    print(f"  CVSS:{v.get('CVSS v3.0 Base Score','N/A')} | {v['Name']} | {v['CVE']}")
EOF

Identify the top 10 most dangerous vulnerabilities

Look beyond CVSS score — exploitability and exposure matter more

Click each Critical finding and note: CVE number, CVSS score, exploit availability (check Exploit-DB), and whether it's in CISA's KEV (Known Exploited Vulnerabilities) catalog.

🤖 AI Analyst — Vulnerability Triage

Paste your list of Critical and High vulnerabilities (CVE numbers, names, CVSS scores). The AI will prioritize them based on: CVSS score, exploit availability, attack complexity, and whether they're in CISA KEV — then explain the reasoning.

Phase 2 — Validate & Exploit

Verify that high-severity findings are actually exploitable

Validate the top finding with Metasploit

Proof-of-concept exploitation proves the vulnerability is real and critical

# Metasploitable has many publicly known CVEs — pick one flagged by Nessus
# Example: MS08-067 (if Windows target) or vsftpd backdoor (CVE-2011-2523)
msfconsole -q
search vsftpd
use exploit/unix/ftp/vsftpd_234_backdoor
set RHOSTS 192.168.56.101
run
# If exploit succeeds: you have root — vulnerability is confirmed Critical

⚠️

Only run exploits against systems you own (Metasploitable in your lab). Never run exploits against systems without written authorization.

Document false positives

Not all Nessus findings are real — eliminate noise

Try to verify 3-4 High findings manually. Some may be false positives (version detection without actual exploit confirmation). Note which findings you can verify vs which are unverified.

🤖 AI Analyst

Share the CVE details of a High finding you're unsure about. The AI will explain how to manually verify it, whether public exploits exist, and how to distinguish a real vulnerability from a false positive.

Phase 3 — AI-Generated Risk Report

Turn raw findings into executive and technical deliverables

AI generates prioritized remediation roadmap

Actionable fix plan organized by priority and complexity

🤖 AI Analyst — Remediation Plan

Share your top 10 vulnerabilities with CVE numbers, CVSS scores, and service/port. The AI will generate a prioritized remediation plan: what to patch first, estimated effort, and specific remediation commands where applicable.

AI writes executive risk summary

Non-technical summary for management — business risk language

🤖 AI Analyst

Provide your scan summary (total vulns by severity, top 5 critical findings). The AI will write a one-page executive summary explaining business risk in non-technical language, suitable for the CISO and board.

Lab complete

Review vulnerability management lifecycle skills

✅ Nessus Essentials installed and configured
✅ Full scan of Metasploitable completed
✅ Vulnerability list exported and processed
✅ Top findings identified with CVE details
✅ Critical vulnerability exploited for validation
✅ False positives identified
✅ Prioritized remediation plan generated
✅ Executive risk summary written

Next: Lab L12 — Active Directory Attack & AI Defense

Purple team exercise: attack an AD environment then build detection rules for everything you did.

Start L12 →

Vulnerability Triage with AI + Nessus

Next: Lab L12 — Active Directory Attack & AI Defense

Connect AI Analyst