On Thu, Aug 19, 2004 at 01:55:56AM +0000, net sec wrote: > What I want to do is recover the results of a scan that I have done > previously without actually sending packets to the targeted hosts. ... > I run the initial scan with KB saving enabled and run the test to > completion. > If I then start a second scan with 'Reuse the knowledge bases about the > hosts for the test' AND select all 4 options for Do not execute > scanners/plugins that have already been executed, will I essentially > recover my exact results without sending traffic?
I *believe* so, provided the kb_max_age has not been reached. > Would this be equivalent in result to Restore Session? Effectively yes. Restoring sessions, though, is more general -- KBs keep only the latest results while sessions allow you to go back to *any* scan for which you have a session. Also, sessions are not aged out. Provided you've compiled nessus with session saving (nessus-core/configure --enable-save-sessions ...), you can use the nessus GUI to restore a session and recover results in that way. As long as the session was not interrupted and all the hosts were up at the time, no traffic should be generated. One drawback of restoring sessions, though, is that it takes almost as long to restore a session as it does to execute the scan originally. To get around this, you can use my sd2nbe script to recover results from the session data directly. This is a Perl script that simply filters the session data and outputs NBE format, which can then be fed into the client and used to generate other output formats. http://www.tifaware.com/perl/sd2nbe/ George -- [EMAIL PROTECTED]
pgpOOEDJO5xiQ.pgp
Description: PGP signature
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
