nessus which plug'in reports which vulnerability?
From: cissper (cissper_at_yahoo.com.au)
Date: 02/23/04
- Previous message: Bojan Zdrnja: "RE: Firewall Netscreen 10 - URGENTLY"
- Next in thread: Javier Fernandez-Sanguino: "Re: nessus which plug'in reports which vulnerability?"
- Reply: Javier Fernandez-Sanguino: "Re: nessus which plug'in reports which vulnerability?"
- Reply: Pete Herzog: "RE: nessus which plug'in reports which vulnerability?"
- Maybe reply: MARTIN M. Bénoni: "RE: nessus which plug'in reports which vulnerability?"
- Reply: Harshul Nayak: "RE: nessus which plug'in reports which vulnerability?"
- Maybe reply: Vaccare, Anthony: "RE: nessus which plug'in reports which vulnerability?"
- Maybe reply: cissper: "RE: nessus which plug'in reports which vulnerability?"
- Maybe reply: Vaccare, Anthony: "RE: nessus which plug'in reports which vulnerability?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <pen-test@securityfocus.com> Date: Mon, 23 Feb 2004 13:24:22 +1100
Hi all
One of my favourite general purpose scanner is nessus for obvious
reasons. However, I do struggle with the interpretation and evaluation
of the results:
After the scan, I use the report function to generate a HTML type
report. The vulnerabilities listed in that report are not associated
with the plug-in's that detected them in the first place. How can I
possible know which plug-in detected which vulnerability? I need to
validate the identified vulnerabilities in order to eliminate false
positives, therefore I would like to know which script was used to
identify a certain vulnerability.
One simple example:
nessus reports that a DNS zone transfer was possible. However, when I
try to manually perform a zone transfer, I am not able to do so!
The conclusion would be a false positive - but - maybe the script is
using a more sophisticated approach and is successful! The next step
would be to look at the plug' in which detected the vulnerability in the
first place - and I don't know which one it is.
Any ideas guys?
Thank you for your help.
Kind regards,
cissper
---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.
Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.
Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_pen-test_040219
----------------------------------------------------------------------------
- Previous message: Bojan Zdrnja: "RE: Firewall Netscreen 10 - URGENTLY"
- Next in thread: Javier Fernandez-Sanguino: "Re: nessus which plug'in reports which vulnerability?"
- Reply: Javier Fernandez-Sanguino: "Re: nessus which plug'in reports which vulnerability?"
- Reply: Pete Herzog: "RE: nessus which plug'in reports which vulnerability?"
- Maybe reply: MARTIN M. Bénoni: "RE: nessus which plug'in reports which vulnerability?"
- Reply: Harshul Nayak: "RE: nessus which plug'in reports which vulnerability?"
- Maybe reply: Vaccare, Anthony: "RE: nessus which plug'in reports which vulnerability?"
- Maybe reply: cissper: "RE: nessus which plug'in reports which vulnerability?"
- Maybe reply: Vaccare, Anthony: "RE: nessus which plug'in reports which vulnerability?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
