On Thu, Feb 13, 2003 at 10:10:53PM +0100, Pavel Kankovsky wrote:
> On Sun, 2 Feb 2003, Melle, Jens wrote:
>
> > If I scan a wide range of addresses and I find a lot of vulnerabilities,
> > it would be really usefull, to see (in addition) the vulnerabilities -
> > sorted by type of vulnerability .
>
> Yep, I'd like something like that too. Unfortunately, determining whether
> two entries in a Nessus report correspond to the same vuln is rather
> tricky. You cannot use the text because it often contains target specific
> data like versions or names (and this is a good thing) and you cannot use
> plugin id either because one plugin can generate multiple different
> reports (and this is unavoidable because one test may discover different
> things, and it would be silly to duplicate code (and runtime effort) in
No, it would be silly to have one test perform N completely different
actions. Generally, you can identify a vulnerability by the couple
(plugin_id, risk_level).
All the checks are supposed to perform one and only one action.
-- Renaud
