RE: nessus which plug'in reports which vulnerability?


Welcome to the Virus.Org Mailing List Archive

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

To: "cissper" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
Subject: RE: nessus which plug'in reports which vulnerability?
From: "Pete Herzog" <[EMAIL PROTECTED]>
Date: Mon, 23 Feb 2004 11:12:18 +0100
In-reply-to: <[EMAIL PROTECTED]>
Reply-to: <[EMAIL PROTECTED]>

Hi,

try:

grep "zone transfer" /usr/local/lib/nessus/plugins/*

That's assuming you have the default dir setup.

While you offered a simple example, also searching on the CVE or CAN
would get you the plug-in.  Using an mySQL back-end, I suppose you
could match key-words from the report back to the plug-ins by name.
Even a spreadsheet would be okay for that too if you don't mind a
little copy/paste work.

Sincerely,
-pete.

Pete Herzog, Managing Director, OPST, OPSA
Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
www.hackerhighschool.org - www.isestorm.org


> -----Original Message-----
> From: cissper [mailto:[EMAIL PROTECTED]
> Sent: Monday, February 23, 2004 03:24 AM
> To: [EMAIL PROTECTED]
> Subject: nessus which plug'in reports which vulnerability?
>
>
> Hi all
>
> One of my favourite general purpose scanner is nessus for obvious
> reasons. However, I do struggle with the interpretation and
> evaluation
> of the results:
> After the scan, I use the report function to generate a HTML type
> report. The vulnerabilities listed in that report are not associated
> with the plug-in's that detected them in the first place. How can I
> possible know which plug-in detected which vulnerability? I need to
> validate the identified vulnerabilities in order to eliminate false
> positives, therefore I would like to know which script was used to
> identify a certain vulnerability.
>
> One simple example:
> nessus reports that a DNS zone transfer was possible.
> However, when I
> try to manually perform a zone transfer, I am not able to do so!
> The conclusion would be a false positive - but - maybe the script is
> using a more sophisticated approach and is successful! The next step
> would be to look at the plug' in which detected the
> vulnerability in the
> first place - and I don't know which one it is.
>
> Any ideas guys?
>
> Thank you for your help.
>
> Kind regards,
> cissper
>
>
>
> ------------------------------------------------------------
> ---------------
> Free trial: Astaro Security Linux -- firewall with
> Spam/Virus Protection
>
> Protect your network with the comprehensive security solution that
> integrates six applications for ease of use and lower TCO.
>
> Firewall - Virus protection - Spam protection - URL blocking - VPN
> - Wireless security.
>
> Download 30-day evaluation at:
> http://www.securityfocus.com/sponsor/Astaro_pen-test_040219
> ------------------------------------------------------------
> ----------------
>
>
>



---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_pen-test_040219
----------------------------------------------------------------------------

References:
- nessus which plug'in reports which vulnerability?
  - From: cissper

Prev by Date: Re: nessus which plug'in reports which vulnerability?
Next by Date: which os version
Previous by thread: Re: nessus which plug'in reports which vulnerability?
Next by thread: RE: nessus which plug'in reports which vulnerability?
Index(es):
- Main
- Thread

Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.