I like the new format. Would it be possible to indicate on the new reports the version of Nessus used? It doesn't have to be at the very top, but it would be nice to have that documented somewhere on the report.
Thanks and nice work.
Marjan
Marjan Rajabi
IT Security
Farmers Insurance Group
William Heinbockel
<[EMAIL PROTECTED] To: [EMAIL PROTECTED]
sc.rit.edu> cc:
Sent by: Subject: New Nessus HTML Reports
owner-nessus@list.
nessus.org
01/31/2003 01:38
PM
Through the past couple of weeks, I have been adding information
to the base Nessus report...
To further enhance the reports, I am asking for feedback from the
Nessus community. I have attached an example of one of my new
HTML reports.
Would you rather have me replace some of the old formats?
or would you rather add my reports in addition to the old formats?
You can find that report, along with an HTML report from Nessus 1.3.1
at my webpage: http://www.rit.edu/~wjh3710/nessus.html
** I will be releasing an alpha copy of my enhanced Nessus next week **
----------------------
William Heinbockel
Information Security Incident Response Assistant
Co-op Risk & Safety Management
Rochester Institute of Technology
E-mail: [EMAIL PROTECTED]
(See attached file: testing.html)
Title: Nessus Scan Report
|
| ||||||||||||
| ||||||
| ||||||||||
| |||||||||||||||||||||||||||||||||
| |||
| Name | Port | Risk |
| Services | ssh (22/tcp) | Unidentified |
| Description | ||
| An ssh server is running on this port | ||
| Nessus ID | 10330 | |
| Name | Port | Risk |
| SSH Server type and version | ssh (22/tcp) | Unidentified |
| Description | ||
| Remote SSH version : SSH-2.0-OpenSSH_3.4p1 | ||
| Nessus ID | 10267 | |
| Name | Port | Risk |
| SSH protocol versions supported | ssh (22/tcp) | Unidentified |
| Description | ||
| The remote SSH daemon supports the following versions of the SSH protocol : . 1.99 . 2.0 | ||
| Nessus ID | 10881 | |
| Name | Port | Risk |
| rpcinfo -p | sunrpc (111/tcp) | Unidentified |
| Description | ||
| RPC program #100000 version 2 'portmapper' (portmapper 100000 portmap sunrpc rpcbind ) is running on this port | ||
| Nessus ID | 11111 | |
| Name | Port | Risk |
| rpcinfo -p | kdm (1024/tcp) | Unidentified |
| Description | ||
| RPC program #100024 version 1 'status' (status 100024 ) is running on this port | ||
| Nessus ID | 11111 | |
| Name | Port | Risk |
| A Nessus Daemon is running | msg (1241/tcp) | Unidentified |
| Description | ||
| A Nessus Daemon listens on this port. supported versions: < NTP/1.0 >< NTP/1.1 >< NTP/1.2 > | ||
| Nessus ID | 10147 | |
| Name | Port | Risk |
| Services | msg (1241/tcp) | Unidentified |
| Description | ||
| A TLSv1 server answered on this port | ||
| Nessus ID | 10330 | |
| Name | Port | Risk |
| SSL ciphers | msg (1241/tcp) | Unidentified |
| Description | ||
| Here is the TLSv1 server certificate: Certificate: Data: <snip> Nessus Server Certificate Removed <snip> | ||
| Nessus ID | 10863 | |
| Name | Port | Risk |
| SSL ciphers | msg (1241/tcp) | Unidentified |
| Description | ||
| This TLSv1 server does not accept SSLv2 connections. This TLSv1 server does not accept SSLv3 connections. | ||
| Nessus ID | 10863 | |
| Name | Port | Risk |
| X Server | x11 (6000/tcp) | Low |
| Description | ||
| This X server does *not* allow any client to connect to it however it is recommended that you filter incoming connections to this port as attacker may send garbage data and slow down your X session or even kill the server. Here is the server version : 11.0 Here is the message we received : No protocol specified | ||
| Fix | ||
| Filter incoming connections to ports 6000-6009 | ||
| Nessus ID | 10407 | |
| CVE ID | CVE-1999-0526 | |
| Name | Port | Risk |
| (null) | general/tcp | Unidentified |
| Description | ||
| Nmap found that this host is running Linux Kernel 2.4.0 - 2.5.20, Linux 2.5.25 or Gentoo 1.2 Linux 2.4.19 rc1-rc7) | ||
| Nessus ID | 10336 | |
| Name | Port | Risk |
| rpcinfo -p | sunrpc (111/udp) | Unidentified |
| Description | ||
| RPC program #100000 version 2 'portmapper' (portmapper 100000 portmap sunrpc rpcbind ) is running on this port | ||
| Nessus ID | 11111 | |
| Name | Port | Risk |
| format string attack against statd | unknown (1024/udp) | High |
| Description | ||
| The remote statd service may be vulnerable to a format string attack. This means that an attacker may execute arbitrary code thanks to a bug in this daemon. *** Nessus reports this vulnerability using only *** information that was gathered. Use caution *** when testing without safe checks enabled. | ||
| Fix | ||
| Upgrade to the latest version of rpc.statd | ||
| Nessus ID | 10544 | |
| CVE ID | CVE-2000-0666 | |
| Name | Port | Risk |
| statd service | unknown (1024/udp) | High |
| Description | ||
| The statd RPC service is running. This service has a long history of security holes, so you should really know what you are doing if you decide to let it run. * NO SECURITY HOLES REGARDING THIS PROGRAM HAVE BEEN TESTED, SO THIS MIGHT BE A FALSE POSITIVE * We suggest that you disable this service. | ||
| Nessus ID | 10235 | |
| CVE ID | CVE-1999-0493 | |
| Name | Port | Risk |
| rpcinfo -p | unknown (1024/udp) | Unidentified |
| Description | ||
| RPC program #100024 version 1 'status' (status 100024 ) is running on this port | ||
| Nessus ID | 11111 | |
This file was generated by Nessus, the open-sourced security scanner.
Report created on: Fri Jan 31 15:56:55 2003
