Penetration Testing mailing list archives
RE: nessus which plug'in reports which vulnerability?
From: "Pete Herzog" <pete () isecom org>
Date: Mon, 23 Feb 2004 11:12:18 +0100
Hi, try: grep "zone transfer" /usr/local/lib/nessus/plugins/* That's assuming you have the default dir setup. While you offered a simple example, also searching on the CVE or CAN would get you the plug-in. Using an mySQL back-end, I suppose you could match key-words from the report back to the plug-ins by name. Even a spreadsheet would be okay for that too if you don't mind a little copy/paste work. Sincerely, -pete. Pete Herzog, Managing Director, OPST, OPSA Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.isestorm.org
-----Original Message----- From: cissper [mailto:cissper () yahoo com au] Sent: Monday, February 23, 2004 03:24 AM To: pen-test () securityfocus com Subject: nessus which plug'in reports which vulnerability? Hi all One of my favourite general purpose scanner is nessus for obvious reasons. However, I do struggle with the interpretation and evaluation of the results: After the scan, I use the report function to generate a HTML type report. The vulnerabilities listed in that report are not associated with the plug-in's that detected them in the first place. How can I possible know which plug-in detected which vulnerability? I need to validate the identified vulnerabilities in order to eliminate false positives, therefore I would like to know which script was used to identify a certain vulnerability. One simple example: nessus reports that a DNS zone transfer was possible. However, when I try to manually perform a zone transfer, I am not able to do so! The conclusion would be a false positive - but - maybe the script is using a more sophisticated approach and is successful! The next step would be to look at the plug' in which detected the vulnerability in the first place - and I don't know which one it is. Any ideas guys? Thank you for your help. Kind regards, cissper ------------------------------------------------------------ --------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_pen-test_040219 ------------------------------------------------------------ ----------------
--------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_pen-test_040219 ----------------------------------------------------------------------------
Current thread:
- nessus which plug'in reports which vulnerability? cissper (Feb 22)
- Re: nessus which plug'in reports which vulnerability? Javier Fernandez-Sanguino (Feb 24)
- RE: nessus which plug'in reports which vulnerability? Pete Herzog (Feb 24)
- RE: nessus which plug'in reports which vulnerability? Harshul Nayak (Feb 24)
- <Possible follow-ups>
- RE: nessus which plug'in reports which vulnerability? MARTIN M. Bénoni (Feb 24)
- RE: nessus which plug'in reports which vulnerability? Vaccare, Anthony (Feb 24)
- RE: nessus which plug'in reports which vulnerability? cissper (Feb 25)
- RE: nessus which plug'in reports which vulnerability? Vaccare, Anthony (Feb 25)