Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: nessus which plug'in reports which vulnerability?
From: "Vaccare, Anthony" <rvaccare () ola state md us>
Date: Mon, 23 Feb 2004 10:24:10 -0500

I posted your question to the Nessus ListServ and received the following
responses.  Hopefully this helps (it was enlightening for me, a Nessus
newbie):

========================================================================
==========

The GTK client actually *does* link the result of the plugins to each
plugin ID. If you export results in HTML, you can even click on the
plugin link and be sent to the Nessus forums where you can ask questions
about the results and all.

I guess that this person is using NessusWX, which - as far as I
understand it - does not include such links. Maybe that's a feature
which should be asked to Victor ?
_______________________________________________

========================================================================
==========

I suppose that since I am pretty new to Nessus and use NessusWX,
I am not familiar with that functionality.  I imagine the user 
that posted that question was in the same boat.  Renaud, is there 
any way I could see what you are talking about on the Nessus client 
machine, or is it that since I am using NessusWX, I cannot produce 
the results with links at all?

The links are not available, but the plug-in ID number is displayed in
the NessusWX results. From there, you can create your own link using the
below URL:
        http://cgi.nessus.org/plugins/dump.php3?id=XXXXXXXXXX

(obviously, replace the "XXXXX" with the plug-in number from NessusWX)

========================================================================
===========

-----Original Message-----
From: cissper [mailto:cissper () yahoo com au] 
Sent: Sunday, February 22, 2004 9:24 PM
To: pen-test () securityfocus com
Subject: nessus which plug'in reports which vulnerability?


Hi all

One of my favourite general purpose scanner is nessus for obvious
reasons. However, I do struggle with the interpretation and evaluation
of the results: 
After the scan, I use the report function to generate a HTML type
report. The vulnerabilities listed in that report are not associated
with the plug-in's that detected them in the first place. How can I
possible know which plug-in detected which vulnerability? I need to
validate the identified vulnerabilities in order to eliminate false
positives, therefore I would like to know which script was used to
identify a certain vulnerability. 

One simple example:
nessus reports that a DNS zone transfer was possible. However, when I
try to manually perform a zone transfer, I am not able to do so! The
conclusion would be a false positive - but - maybe the script is using a
more sophisticated approach and is successful! The next step would be to
look at the plug' in which detected the vulnerability in the first place
- and I don't know which one it is.

Any ideas guys? 

Thank you for your help.

Kind regards,
cissper 



------------------------------------------------------------------------
---
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_pen-test_040219
------------------------------------------------------------------------
----



*************************************************************
Scanned by net.work.Maryland Antivirus Service ...
the Backbone of eMaryland, the Digital State.
*************************************************************


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_pen-test_040219
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]