Dang it. Bug #1 - the script strips out the plugins in the SCANNER_SET. Oh well. The appropriate scanner plugins should be turned on automatically if auto_enable_dependencies is set to yes. Can someone confirm?
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Scherff Sent: Thursday, May 17, 2007 12:54 PM To: harry forbess Cc: [email protected] Subject: RE: picking a plugin for a particular CVE? Harry, If you have a perl interpreter and a nessusrc (nessus config) file, try the below script. Assuming you save the script as 'rcfilter.pl', you'd use it like this: rcfilter.pl nessusrc CVE-2001-0416 CVE-1999-0905 CVE-2001- > new_nessusrc You can list as many CVE IDs or partial IDs as you want (or any other search parameter, for that matter). You'd then use the new rcfile with the NessusClient -c switch. Hope this helps. NOTE: I just threw this together. Obviously, you wouldn't embed credentials in a production script. John Scherff #!/usr/bin/perl scalar @ARGV ge 2 or die "Usage: $0 <config> <filter> [<filter> ...]\n"; my $nConf = shift; open( CONF, $nConf ) or die "Error opening config file $nConf: $!.\n"; my $pSet; my $cveIdRgx = join( '|', @ARGV ); my ( $nHost, $nPort, $nUser, $nPass ) = ( 'myhost', '1241', 'john', 'foobar' ); foreach ( qx/NessusClient -xqp $nHost $nPort $nUser $nPass/ ) { my $nId = ( split /\|/ )[0]; /$cveIdRgx/ and $pSet .= " $nId = yes\n" or $pSet .= " $nId = no\n"; } foreach ( <CONF> ) { / \d{5} =/ and next; /end.PLUGIN_SET/ and print $pSet; print; } close CONF; -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ron Gula Sent: Thursday, May 17, 2007 2:40 AM To: harry forbess Cc: [email protected] Subject: Re: picking a plugin for a particular CVE? harry forbess wrote: > is there a way to just pick the plugins for particular CVEs? Not all plugins have a CVE in them. Many do, but enough don't that it isn't a feature in the various Nessus clients. You can search by CVE at the nessus.org plugins interface to find which plugins you should run. http://www.nessus.org/plugins/index.php?view=search Ron Gula, CTO Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
