Mailing List Archive

Reworking the report GUI of NessusClient
Hi,

I'm working on the report part of the NessusClient GUI. Part of the
plan is to replace the four lists (subnet, host, port, severity) with a
tree that's three levels deep (host, port, severity). Now the question
arises whether the host is unique in a given report. I.e. can there be
two different hosts with the same name in different subnets in a single
report?

Bernhard

--
Intevation GmbH http://intevation.de/
Skencil http://skencil.org/
Thuban http://thuban.intevation.org/
_______________________________________________
Nessus-devel mailing list
Nessus-devel@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus-devel
Re: Reworking the report GUI of NessusClient [ In reply to ]
Bernhard Herzog wrote:
> I'm working on the report part of the NessusClient GUI. Part of the
> plan is to replace the four lists (subnet, host, port, severity) with a
> tree that's three levels deep (host, port, severity). Now the question
> arises whether the host is unique in a given report. I.e. can there be
> two different hosts with the same name in different subnets in a single
> report?

I would think it should be possible since you can specify a
host as a hostname, ipaddress tuple. That allows you scan
multiple virtual hosts on the same machine, but could also
be used to allow you to scan several identical hosts (with
same hostname but different ips) which could be part of
load balanced cluster.

Cheers

Rich.
--
Richard Moore, Principal Software Engineer,
Westpoint Ltd,
Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England
Tel: +44 161 237 1028
Fax: +44 161 237 1031
_______________________________________________
Nessus-devel mailing list
Nessus-devel@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus-devel
Re: Reworking the report GUI of NessusClient [ In reply to ]
Richard Moore <rich@westpoint.ltd.uk> writes:

> Bernhard Herzog wrote:
[...]
>> I.e. can there be
>> two different hosts with the same name in different subnets in a single
>> report?
>
> I would think it should be possible since you can specify a
> host as a hostname, ipaddress tuple. That allows you scan
> multiple virtual hosts on the same machine, but could also
> be used to allow you to scan several identical hosts (with
> same hostname but different ips) which could be part of
> load balanced cluster.

Yes, but my question was not so much whether the same hostname can refer
to different systems. That can be the case. However, once the client
has received a report from the nessus daemon or read a report from a
file, can the same hostname be in two different subnets? 'Hostname'
here refers to whatever was reported by the nessusd as the hostname of a
security hole/warning/info.

I've read a bit more of the code now and it turns out that the subnet in
the report is something NessusClient derives from the hostname by a
purely textual transformation. So equal hostnames will always be in the
same subnet. At least in reports generated by NessusClient. The client
allows importing of reports, though.

Bernhard

--
Intevation GmbH http://intevation.de/
Skencil http://skencil.org/
Thuban http://thuban.intevation.org/
_______________________________________________
Nessus-devel mailing list
Nessus-devel@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus-devel