Tenable Blog

The Nessus Client 3.0 introduced a new format for Nessus scan policies, targets and results. This is known as the ".nessus" format. This blog entry discusses the advantages of this new file type and includes links to recently published technical documentation about the format and layout of the file.

Unified Scan Targets, Policy and Results

As part of the more than 17,000 plugins available in the Nessus Direct and Registered plugin feeds, many of these look for common user name and password combinations. They will attempt to find administrator accounts without passwords, simple passwords and vendor defaults. Although these checks aren't performing an exhaustive brute force password audit, they may cause enough login failures to "lock out" operational accounts.

Tenable Network Security's research group has released a new Nessus plugin which can make use of the Remote Desktop Protocol (RDP) to accurately detect Windows Vista, 2000 Server, 2003 Server and XP Professional. The Remote Desktop Protocol is also sometimes referred to as Terminal Services.

Tenable provides a wide variety of information on our vulnerability plugins to the public. This includes RSS feeds, a plugin writer mailing list and an on-line search portal.

Nessus 3 UNIX scanners have the ability to save all of their generated packets as a convenient libpcap compatible file. This means you can save your scans and view them under applications such as TCPDUMP or Wireshark. Please note that this feature is not available on Nessus 4.

Why is this Useful?

There are many reasons to do this.

Several weeks ago, a good friend of my family who is a lawyer for an application hosting company and I were speaking about network security and I brought up Nessus. "Can you scan one of our hosted sites?" he asked. A short while later, especially after asking the right sort of legal questions, we were looking at the results of a non-credentialed Nessus scan for a high traffic web site.

His web site didn't have any "application" content and hosted static HTML web pages. The only odd thing to note was an SSH server found on a very high port.

"Is that bad?" asked my friend.

Tenable Network Security has made available a BETA version of the new NessusClient 3.0. This Nessus client can be used to connect to any Nessus scanner and perform scans, manage scan policies and analyze results. It has a consistent user interface across Mac OS X, Windows and Linux operating systems. The BETA currently includes support for:

This blog entry will discuss the usage of the Nessus nasl binary tool. It will also discuss which plugins work well with the tool, how credentials and other information can be supplied at scan time and how the tool can make use of data saved in a prior scan's knowledge base.

Today, Tenable released Nessus 3.1.4 beta. Here are the main changes compared to Nessus 3.1.3 :

Tenable's research group recently released plugin ID #24904 which speaks with the Link Layer Topology Discovery protocol. This is an Ethernet "layer 2" scan, so it is something you need to perform against a server within the collision domain of a Nessus scanner. LLTD allows you to enumerate a wide variety of information about the remote host. The current NASL script supports discovery of: