RE: nessus which plug'in reports which vulnerability?

From: Harshul Nayak (harshul.nayak@patni.com)
Date: Mon Feb 23 2004 - 01:32:22 EST

• Next message: Vaccare, Anthony: "RE: nessus which plug'in reports which vulnerability?"
• Previous message: cissper: "question regarding nessus plug-in 10595 DNS AXFR"
• In reply to: cissper: "nessus which plug'in reports which vulnerability?"
• Next in thread: Vaccare, Anthony: "RE: nessus which plug'in reports which vulnerability?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi cissper,
many of the nessus plugins are written using NASL,
and each nessus plugin is assigned a unique nessus id..
when a test is conducted using Nessus , a temporary file get generated in
the "temp" or "/tmp" folder.. u can use it as reference to know which
".nasl" file was called and for which vulnerability ;)
regs
Harshul

-----Original Message-----
From: cissper [mailto:cissper@yahoo.com.au]
Sent: Monday, February 23, 2004 7:54 AM
To: pen-test@securityfocus.com
Subject: nessus which plug'in reports which vulnerability?

Hi all

One of my favourite general purpose scanner is nessus for obvious
reasons. However, I do struggle with the interpretation and evaluation
of the results:
After the scan, I use the report function to generate a HTML type
report. The vulnerabilities listed in that report are not associated
with the plug-in's that detected them in the first place. How can I
possible know which plug-in detected which vulnerability? I need to
validate the identified vulnerabilities in order to eliminate false
positives, therefore I would like to know which script was used to
identify a certain vulnerability.

One simple example:
nessus reports that a DNS zone transfer was possible. However, when I
try to manually perform a zone transfer, I am not able to do so!
The conclusion would be a false positive - but - maybe the script is
using a more sophisticated approach and is successful! The next step
would be to look at the plug' in which detected the vulnerability in the
first place - and I don't know which one it is.

Any ideas guys?

Thank you for your help.

Kind regards,
cissper

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_pen-test_040219
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_pen-test_040219
----------------------------------------------------------------------------

• Next message: Vaccare, Anthony: "RE: nessus which plug'in reports which vulnerability?"
• Previous message: cissper: "question regarding nessus plug-in 10595 DNS AXFR"
• In reply to: cissper: "nessus which plug'in reports which vulnerability?"
• Next in thread: Vaccare, Anthony: "RE: nessus which plug'in reports which vulnerability?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:48 EDT