Wouldn't that negate the usage of the Nmap scan beforehand to discover the open
ports I want Nessus to scan?
Here's what I *was* doing (under Windows) and why I'm trying to automate the
process:
1. Run Nmap on a subnet (pingscan) to determine alive hosts and output to a
normal file.
2. Scan all alive hosts on all ports (1-65536) and save the output as a normal
file.
3. Configure the Nessus client to only scan the open ports discovered on each
host via Nmap.
Needless to say, it is very time consuming to wait for each host scan to finish
before moving on to the next host, configuring the ports for Nessus to scan for
each one.
Is there a way to tell Nessus to ONLY scan on the open ports defined in a file
(or other cli switch/syntax)?
I've installed the nmap.nasl and configured it in the .nessusrc - would this be
the best way to scan a complete subnet? The whole reason this was brought up
to begin with was the differences in open ports found by both Nessus and Nmap.
On one occasion, Nmap would discover more open ports than Nessus would, and on
another occasion, it would be the opposite. Since I can use Nmap to fine-tune
my scans, I'd prefer to use the output of an Nmap scan to tell Nessus what
ports to look at on a given host. Is there something wrong with my thinking on
this? Are there better ways to do what I'm attempting?
I like the fact that I can have Nessus output the results of the scan to HTML
format, and I've configured this for Nmap as well, using a
/webroot/scans/nmap/{DATE}/{SUBNET}/ip.[nmap/gnmap/xml] format, and it works
out quite well. I'd like to do the same for Nessus using the HTML output
format for each host or subnet.
Kevin
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of George A. Theall
Sent: Wednesday, February 28, 2007 12:49 PM
To: Nessus List (E-mail)
Subject: Re: Options for command line scanning
On Wed, Feb 28, 2007 at 11:28:04AM -0500, Kevin Reiter wrote:
> Doing my test run now. If anyone's interested, this is the script I just
> whipped up for testing it:
...
> nmap -n -sS -p1-65535 -oG $target $subnet/24
...
> nessus -q -x -V -c /root/.nessusrc -T html localhost 1241 username password
> $target $results/$subnet.html
You appear to use nmap's greppable output file, $target, as the target
specification for the Nessus client. I'd be surprised if that works.
What might be better is to echo "$subnet/24" to a separate file and use
that as the penultimate commandline argument.
George
--
[EMAIL PROTECTED]
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
This message may contain confidential or proprietary information and is
intended solely for the individual(s) to whom it is addressed. If you are not
a named addressee you should not disseminate, distribute or copy this e-mail or
act upon the information contained herein. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and delete
this e-mail from your system.
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
