I run my
Nessus scans from the command line via a script. The server is Ubuntu 7.1
64-bit running Nessus 3.2 (Debian 64-bit installer)
Here is part of my
script:
/opt/nessus/bin/nessus
-qxV -c /usr/local/bin/asap-scripts/.nessusrc-normal localhost 1241 ### ###
/usr/local/bin/asap-scripts/iplists/${CUST}/nessus-ike-list
/home/scan-data/${SAVETO}/nessus/nessus-scan.nbe
/opt/nessus/bin/nessus
-i /home/scan-data/${SAVETO}/nessus/nessus-scan.nbe -o
/home/scan-data/${SAVETO}/nessus/nessus-scan.html
/opt/nessus/bin/nessus
-i /home/scan-data/${SAVETO}/nessus/nessus-scan.nbe -o
/home/scan-data/${SAVETO}/nessus/nessus-scan.txt
/opt/nessus/bin/nessus
-i /home/scan-data/${SAVETO}/nessus/nessus-scan.nbe -o
/home/scan-data/${SAVETO}/nessus/nessus-scan.nsr
/opt/nessus/bin/nessus
-i /home/scan-data/${SAVETO}/nessus/nessus-scan.nbe -o
/home/scan-data/${SAVETO}/nessus/nessus-scan.nessus
We are in
the process of upgrading our in-house database to handle parsing the new
.nessus file format. However, we have run into some issues.
The .nessus file seems to be missing data that
is in the NBE and HTML files. It seems like there might be a bug in the
generation of the .NESSUS file when it encounters an apostrophe. In the
below the ‘Easy VPN Server’ is missing from the .NESSUS file. I provided
a second example as well.
Can someone help me with this?
Nessus-scan.NBE File:
results|##.##.##.##|##.##.##.##|
snmp (161/udp)|
17986|
Security Hole|
\nThe remote version of IOS contains a feature called 'Easy VPN Server'
which\nallows the administrator of the remote router to create a lightweight
VPN\nserver.\n
\nThere is an implementation flaw in the remote version of
this software\nwhich may allow an authorized user to complete authentication
and access\nthe VPN remotely.\n
\nSolution :
http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml\n
Risk Factor : High\n
CVE : CVE-2005-1058\n
BID : 13033, 13031\n
Other references : OSVDB:15305\n
Nessus-scan.NESSUS File:
<ReportItem>
<port>snmp (161/udp)</port>
<pluginName>Plugin#17986</pluginName>
<severity>3</severity>
<pluginID>17986</pluginID>
<data>\nThe remote version of IOS
contains a feature called
''\n\n\n\n\n\n\n\n\n\n\n\n\n</data>
</ReportItem>
<ReportItem>
Nessus-scan.HTML File
The remote version of IOS contains a feature called 'Easy VPN Server' which
allows the administrator of the remote router to create a lightweight VPN
server.
There is an implementation flaw in the remote version of this software
which may allow an authorized user to complete authentication and access
the VPN remotely.
Solution : http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
Risk Factor : High
CVE : CVE-2005-1058
BID : 13033, 13031
Other references : OSVDB:15305
Nessus ID : 17986
Another Example (missing data
after 'enable'):
NBE:
results|########|telnet
(23/tcp)|23938|Security Hole|\nSynopsis :\n\nThe remote device has a factory
password set.\n\nDescription :\n\nThe remote CISCO router has a default
password set. \nThis allows an attacker to get a lot information\nabout
the network, and possibly to shut it down if\nthe 'enable' password is not set
either or is also a
default\npassword.\n\nSolution : \n\nAccess this device and set a password
using 'enable secret'\n\nRisk factor :\n\nCritical / CVSS Base Score : 10
\n(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)\nCVE : CAN-1999-0508\n
NESSUS:
<ReportItem>
<port>telnet (23/tcp)</port>
<pluginName>Plugin#23938</pluginName>
<severity>3</severity>
<pluginID>23938</pluginID>
<data>\nSynopsis :\n\nThe remote
device has a factory password set.\n\nDescription :\n\nThe remote CISCO router
has a default password set. \nThis allows an attacker to get a lot
information\nabout the network, and possibly to shut it down if\nthe
''\n\n\n\n\n''\n\n\n\n\n\n\n</data>
</ReportItem>
HTML:
Synopsis :
The remote device has a factory password set.
Description :
The remote CISCO router has a default password set.
This allows an attacker to get a lot information
about the network, and possibly to shut it down if
the 'enable' password is not set either or is also a default
password.
Solution :
Access this device and set a password using 'enable secret'
Risk factor :
Critical / CVSS Base Score : 10
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE : CAN-1999-0508
Nessus ID : 23938
____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total
Access, No Cost.
http://tc.deals.yahoo.com/tc/blockbuster/text5.com_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
