Dear Nessus Developers,
The way Nessus 2.0.x manages port specifications is not ideal and
could be improved (I did not look at 2.1.x yet, sorry). The basic idea
is that the protocol information should be taken into account in a
more consistent way. Here are some of the things that could/should be
improved.
(1) we currently use script_require_ports() and script_require_udp_ports();
I'm not sure what the second does (it's not documented in
nasl_guide.tex!) but they should really be symmetric (and I would
really prefer to have script_require_tcp_ports() to be more explicit)
(2) the ports to scan can only be specified via the single port_range
configuration parameter; either there should be one parameter per
protocol or Nessus should support a syntax close to the one of Nmap:
When scanning both TCP and UDP ports, you can specĀ
ify a particular protocol by preceding the port
numbers by "T:" or "U:". The qualifier lasts until
you specify another qualifier. For example, the
argument "-p U:53,111,137,T:21-25,80,139,8080"
would scan UDP ports 53,111,and 137, as well as the
listed TCP ports.
the GUI would probably be more natural with one port range box per
protocol (with maybe a checkbox to specify if the protocol should
be scanned or not) but I have no strong opinion on this
(3) the result XML file of course needs to match what is done
elsewhere: it must reflect which protocols and ports have been
scanned
(4) finally, Nessus has a nice, lightweight TCP port scanner (SYN
Scan) but no UDP port scanner; users must have and use Nmap for
UDP port scans; it would be nice to add a lightweight builtin UDP
scanner
I hope these suggestions make sense...
Thanks for your attention,
__________________________________________________________
Lionel Cons http://cern.ch/lionel.cons
CERN http://www.cern.ch
The way Nessus 2.0.x manages port specifications is not ideal and
could be improved (I did not look at 2.1.x yet, sorry). The basic idea
is that the protocol information should be taken into account in a
more consistent way. Here are some of the things that could/should be
improved.
(1) we currently use script_require_ports() and script_require_udp_ports();
I'm not sure what the second does (it's not documented in
nasl_guide.tex!) but they should really be symmetric (and I would
really prefer to have script_require_tcp_ports() to be more explicit)
(2) the ports to scan can only be specified via the single port_range
configuration parameter; either there should be one parameter per
protocol or Nessus should support a syntax close to the one of Nmap:
When scanning both TCP and UDP ports, you can specĀ
ify a particular protocol by preceding the port
numbers by "T:" or "U:". The qualifier lasts until
you specify another qualifier. For example, the
argument "-p U:53,111,137,T:21-25,80,139,8080"
would scan UDP ports 53,111,and 137, as well as the
listed TCP ports.
the GUI would probably be more natural with one port range box per
protocol (with maybe a checkbox to specify if the protocol should
be scanned or not) but I have no strong opinion on this
(3) the result XML file of course needs to match what is done
elsewhere: it must reflect which protocols and ports have been
scanned
(4) finally, Nessus has a nice, lightweight TCP port scanner (SYN
Scan) but no UDP port scanner; users must have and use Nmap for
UDP port scans; it would be nice to add a lightweight builtin UDP
scanner
I hope these suggestions make sense...
Thanks for your attention,
__________________________________________________________
Lionel Cons http://cern.ch/lionel.cons
CERN http://www.cern.ch