I have encountered the same issue evaluating Nessus 3.2 on an RHEL 4.2 installation. The scans are run from the command line: ex: /usr/local/bin/nessus -qx 127.0.0.1 1241 [USER] [PWD] [TARGETFILE] [REPORTFILE] -V -T nessus -c [OLD_NESSUSRC_FILE]
The original .nessus report from the scanner exhibits the same behavior (e.g. incomplete data items) . Mike Larry Petty <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 04/07/2008 11:31 PM To [email protected] cc Subject .nessus File Missing Data I run my Nessus scans from the command line via a script. The server is Ubuntu 7.1 64-bit running Nessus 3.2 (Debian 64-bit installer) Here is part of my script: /opt/nessus/bin/nessus -qxV -c /usr/local/bin/asap-scripts/.nessusrc-normal localhost 1241 ### ### /usr/local/bin/asap-scripts/iplists/${CUST}/nessus-ike-list /home/scan-data/${SAVETO}/nessus/nessus-scan.nbe /opt/nessus/bin/nessus -i /home/scan-data/${SAVETO}/nessus/nessus-scan.nbe -o /home/scan-data/${SAVETO}/nessus/nessus-scan.html /opt/nessus/bin/nessus -i /home/scan-data/${SAVETO}/nessus/nessus-scan.nbe -o /home/scan-data/${SAVETO}/nessus/nessus-scan.txt /opt/nessus/bin/nessus -i /home/scan-data/${SAVETO}/nessus/nessus-scan.nbe -o /home/scan-data/${SAVETO}/nessus/nessus-scan.nsr /opt/nessus/bin/nessus -i /home/scan-data/${SAVETO}/nessus/nessus-scan.nbe -o /home/scan-data/${SAVETO}/nessus/nessus-scan.nessus We are in the process of upgrading our in-house database to handle parsing the new .nessus file format. However, we have run into some issues. The .nessus file seems to be missing data that is in the NBE and HTML files. It seems like there might be a bug in the generation of the .NESSUS file when it encounters an apostrophe. In the below the ‘Easy VPN Server’ is missing from the .NESSUS file. I provided a second example as well. Can someone help me with this? Nessus-scan.NBE File: results|##.##.##.##|##.##.##.##| snmp (161/udp)| 17986| Security Hole| \nThe remote version of IOS contains a feature called 'Easy VPN Server' which\nallows the administrator of the remote router to create a lightweight VPN\nserver.\n \nThere is an implementation flaw in the remote version of this software\nwhich may allow an authorized user to complete authentication and access\nthe VPN remotely.\n \nSolution : http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml\n Risk Factor : High\n CVE : CVE-2005-1058\n BID : 13033, 13031\n Other references : OSVDB:15305\n Nessus-scan.NESSUS File: <ReportItem> <port>snmp (161/udp)</port> <pluginName>Plugin#17986</pluginName> <severity>3</severity> <pluginID>17986</pluginID> <data>\nThe remote version of IOS contains a feature called ''\n\n\n\n\n\n\n\n\n\n\n\n\n</data> </ReportItem> <ReportItem> Nessus-scan.HTML File The remote version of IOS contains a feature called 'Easy VPN Server' which allows the administrator of the remote router to create a lightweight VPN server. There is an implementation flaw in the remote version of this software which may allow an authorized user to complete authentication and access the VPN remotely. Solution : http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml Risk Factor : High CVE : CVE-2005-1058 BID : 13033, 13031 Other references : OSVDB:15305 Nessus ID : 17986 Another Example (missing data after 'enable'): NBE: results|########|telnet (23/tcp)|23938|Security Hole|\nSynopsis :\n\nThe remote device has a factory password set.\n\nDescription :\n\nThe remote CISCO router has a default password set. \nThis allows an attacker to get a lot information\nabout the network, and possibly to shut it down if\nthe 'enable' password is not set either or is also a default\npassword.\n\nSolution : \n\nAccess this device and set a password using 'enable secret'\n\nRisk factor :\n\nCritical / CVSS Base Score : 10 \n(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)\nCVE : CAN-1999-0508\n NESSUS: <ReportItem> <port>telnet (23/tcp)</port> <pluginName>Plugin#23938</pluginName> <severity>3</severity> <pluginID>23938</pluginID> <data>\nSynopsis :\n\nThe remote device has a factory password set.\n\nDescription :\n\nThe remote CISCO router has a default password set. \nThis allows an attacker to get a lot information\nabout the network, and possibly to shut it down if\nthe ''\n\n\n\n\n''\n\n\n\n\n\n\n</data> </ReportItem> HTML: Synopsis : The remote device has a factory password set. Description : The remote CISCO router has a default password set. This allows an attacker to get a lot information about the network, and possibly to shut it down if the 'enable' password is not set either or is also a default password. Solution : Access this device and set a password using 'enable secret' Risk factor : Critical / CVSS Base Score : 10 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE : CAN-1999-0508 Nessus ID : 23938 You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost._______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
