Mailing List Archive

double progress window & subnet division suggestion
I have used nessus for several years. I have some questions about nessus
itself.

When I started using nessus 2.1.2 I noticed that even though I specified a
target by IP number, and had the scan option "reverse lookups" disabled, that
I get a progress window both for the IP number as well as any names the host
has. I am not sure if this is new to 2.1.x because my previous installs were
all upgrades and there may have been some mystery option somewhere - I cannot
find it. I don't believe it's actually performing scans multiple times,
but regardless there should not be TWO progress windows as if two scans are
occuring.

Secondly, I would like to propose an option not to split results up by
network. One way to do this would in the subnet window have an entry marked
Everything. An alternative would be to have an option not to split networks
up in the first place. I have looked at the code myself in report_ng.c but
I'm not a GTK programmer and cannot decipher what would need to be done to
add this change. If it doesn't seem like a good idea for everyone to have,
maybe someone can give me some tips on what to look for. If nobody thinks
this is a good idea, it seems that I can just hardcode the subnet field of
the nbe report everywhere it writes out.

Or a different approach would be if it were possible to, at the time of the
scan, select between option of IP-based subnet or some user-defined string,
such as "servers". I have never had IP subnets be all that useful, but I
have found it rather useful to do conversions on nbe files such as this:

cat serverscan.nbe | sed -e "s/^results|[0-9\.]*/results|servers/" > 1.nbe
cat desktopscan.nbe | sed -e "s/^results|[0-9\.]*/results|desktop/" > 2.nbe
cat 1.nbe 2.nbe > master.nbe

By the way, it's excellent that the files are simple text-based format,
I don't think you could do anything this graceful with those commercial
scanners.

Thanks