Hi, our customers have been running Nessus to get an overall report, and then I use NASL to run single plugin to verify each vuln reported.
To my surprise, for quite some vulns, NASL did NOT confirm them at all. I searched the archive, and noticed some dated arguments about KB stuff. However, I think in the NASL (eg 3.0.5) I tried, if it can't get_kb_item(), then from the trace one can see it simply exits without firing off the attack packets. For one particular plugin 11759, it doesn't involve KB stuff (when it's running in non safe_check mode). Then NASL and Nessus yield opposite results repetitively. So I don't know to trust which one now? I have been getting the feeling that different runs of Nessus can actually yield somewhat different results. So I'm inclined to believe what NASL is telling me. Here's the result from NASL on 11759: (TRACE) call safe_checks() (TRACE) ret -> 0 (TRACE) call get_port_state(4000 ) (TRACE) ret -> 1 (TRACE) call start_denial() (TRACE) ret -> (TRACE) call open_sock_tcp(, , , , 4000 ) (TRACE) ret -> 1000000 (TRACE) call raw_string(128 ) (TRACE) ret -> . (TRACE) call send(.dupa , , , 1000000 ) (TRACE) ret -> 5 (TRACE) call close(1000000 ) (TRACE) ret -> 0 (TRACE) call end_denial() (TRACE) ret -> 1 Thanks for your comments and help, Charles _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
