RE: nessus which plug'in reports which vulnerability?

From: Pete Herzog (pete_at_isecom.org)
Date: 02/23/04

  • Next message: Christian Perst: "which os version" 
    To: "cissper" <cissper@yahoo.com.au>, <pen-test@securityfocus.com>
Date: Mon, 23 Feb 2004 11:12:18 +0100

    Hi,

    try:

    grep "zone transfer" /usr/local/lib/nessus/plugins/*

    That's assuming you have the default dir setup.

    While you offered a simple example, also searching on the CVE or CAN
    would get you the plug-in. Using an mySQL back-end, I suppose you
    could match key-words from the report back to the plug-ins by name.
    Even a spread*** would be okay for that too if you don't mind a
    little copy/paste work.

    Sincerely,
    -pete.

    Pete Herzog, Managing Director, OPST, OPSA
    Institute for Security and Open Methodologies
    www.isecom.org - www.osstmm.org
    www.hackerhighschool.org - www.isestorm.org

    > -----Original Message-----
    > From: cissper [mailto:cissper@yahoo.com.au]
    > Sent: Monday, February 23, 2004 03:24 AM
    > To: pen-test@securityfocus.com
    > Subject: nessus which plug'in reports which vulnerability?
    >
    >
    > Hi all
    >
    > One of my favourite general purpose scanner is nessus for obvious
    > reasons. However, I do struggle with the interpretation and
    > evaluation
    > of the results:
    > After the scan, I use the report function to generate a HTML type
    > report. The vulnerabilities listed in that report are not associated
    > with the plug-in's that detected them in the first place. How can I
    > possible know which plug-in detected which vulnerability? I need to
    > validate the identified vulnerabilities in order to eliminate false
    > positives, therefore I would like to know which script was used to
    > identify a certain vulnerability.
    >
    > One simple example:
    > nessus reports that a DNS zone transfer was possible.
    > However, when I
    > try to manually perform a zone transfer, I am not able to do so!
    > The conclusion would be a false positive - but - maybe the script is
    > using a more sophisticated approach and is successful! The next step
    > would be to look at the plug' in which detected the
    > vulnerability in the
    > first place - and I don't know which one it is.
    >
    > Any ideas guys?
    >
    > Thank you for your help.
    >
    > Kind regards,
    > cissper
    >
    >
    >
    > ------------------------------------------------------------
    > ---------------
    > Free trial: Astaro Security Linux -- firewall with
    > Spam/Virus Protection
    >
    > Protect your network with the comprehensive security solution that
    > integrates six applications for ease of use and lower TCO.
    >
    > Firewall - Virus protection - Spam protection - URL blocking - VPN
    > - Wireless security.
    >
    > Download 30-day evaluation at:
    > http://www.securityfocus.com/sponsor/Astaro_pen-test_040219
    > ------------------------------------------------------------
    > ----------------
    >
    >
    >

    ---------------------------------------------------------------------------
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.

    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.

    Download 30-day evaluation at:
    http://www.securityfocus.com/sponsor/Astaro_pen-test_040219
    ----------------------------------------------------------------------------

  • Next message: Christian Perst: "which os version"