Scanning Android devices with Nessus

There could be some instances where in you need to scan your Android devices with scanners such as Nessus etc to look for insecure/ unnecessary ports, services and misconfigurations.
There are two types of scanning- unauthenticated scan and authenticated scan. Unauthenticated scans are preatty simple, just provide the IP of the target to be scanned, but in case of an authenticated scan which is more comprehensive, you need to have some valid account created on the target device. So, how to run an authenticated scan on Android device? We don't have any IS level account on it.

One way to accomplish this is to create an ssh server on the device. Once the server is installed, it is very basic to run ssh commands remotely such as we do using Putty.

The steps are following:
1. Go ahead and download, install an ssh server. ssh servers such as SSHDroid, SSHelper etc can be installed. They can be installed via Google Play.
One is here:

2. Create an account on the server.

3. Provide the account credentials to Nessus for an authenticated scan.

Hope that helps.


Popular posts from this blog

SQL Injection in search field

File Upload through Null Byte Injection