> How it coming ? Is this already done ? I was daydreaming about this, and > realized it's probably not as easy as it looks. But, I don't want to > duplicate the effort if it's already under way.
I also would like to see this. However, I did some digging and I'd suggest nobody hold their breath waiting. If we'd like to test all the CVE/CAN vulnerabilities associated with the SANS Top 20, the web page lists 247 CVE/CAN numbers in conjunction with the problems. And a nessus plugin currently exists about for half of them (yes, I did a nessus-update-plugins today before I did the grep excercise). The good news is that many of the CAN/CVE problems can not be remotely tested, so the actual gap between 'required' plugins and existing plugins is not as big as it looks. I haven't done any looking into that direction yet, since I hope someone has already compiled a list of really missing SANS Top 20 plugins? Would that someone care to share so we could maybe see what is really needed and contribute? If no such list exists yet, I do now have the list of missing CVE/CAN numbers and I can start going though the CVE database to weed out the stuff that can not be tested remotely. -- Lea 'LadyBug' Viljanen, GSNA Fact without theory is trivia. [EMAIL PROTECTED] Theory without fact is bullshit. - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
