Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


RE: nessus which plug'in reports which vulnerability?
.

  • To: "'cissper'" <[EMAIL PROTECTED]>
  • Subject: RE: nessus which plug'in reports which vulnerability?
  • From: "Harshul Nayak" <[EMAIL PROTECTED]>
  • Date: Mon, 23 Feb 2004 12:02:22 +0530
  • Cc: <[EMAIL PROTECTED]>
  • In-reply-to: <[EMAIL PROTECTED]>
  • Reply-to: <[EMAIL PROTECTED]>
.
 
Hi cissper,
many of the nessus plugins are written using NASL,
and each nessus plugin is assigned a unique nessus id..
when a test is conducted using Nessus , a temporary file get generated in
the "temp" or "/tmp" folder.. u can use it as reference to know which
".nasl" file was called and for which vulnerability ;)
regs
Harshul

-----Original Message-----
From: cissper [mailto:[EMAIL PROTECTED]
Sent: Monday, February 23, 2004 7:54 AM
To: [EMAIL PROTECTED]
Subject: nessus which plug'in reports which vulnerability?


Hi all

One of my favourite general purpose scanner is nessus for obvious
reasons. However, I do struggle with the interpretation and evaluation
of the results:
After the scan, I use the report function to generate a HTML type
report. The vulnerabilities listed in that report are not associated
with the plug-in's that detected them in the first place. How can I
possible know which plug-in detected which vulnerability? I need to
validate the identified vulnerabilities in order to eliminate false
positives, therefore I would like to know which script was used to
identify a certain vulnerability.

One simple example:
nessus reports that a DNS zone transfer was possible. However, when I
try to manually perform a zone transfer, I am not able to do so!
The conclusion would be a false positive - but - maybe the script is
using a more sophisticated approach and is successful! The next step
would be to look at the plug' in which detected the vulnerability in the
first place - and I don't know which one it is.

Any ideas guys?

Thank you for your help.

Kind regards,
cissper



---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_pen-test_040219
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_pen-test_040219
----------------------------------------------------------------------------
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.