Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. plugins
Knowledge Base Use
daryl.chambers at hdsupply
Mar 14, 2007, 2:30 PM
Post #1 of 3 (2556 views)
Permalink
Is the Knowledge Base a data base I can go to to pick up data related to
my scans? For instance, Plugin 21726 for Spy Sweeper, writes what it
finds to the Knowledge Base. I want to poll that to create a report of
machines which are running Spy Sweeper. How would I go about
accomplishing this?


Daryl L. Chambers Jr.
Security Audit Analyst
Desk 407.822.2939
Cell 407.401.0775

One Team Driving Customer Success and Shareholder Value
Re: Knowledge Base Use [ In reply to ]
theall at tenablesecurity
Mar 14, 2007, 5:23 PM
Post #2 of 3 (2404 views)
Permalink
On 03/14/07 17:30, Chambers, Daryl [HDS] wrote:

> Is the Knowledge Base a data base I can go to to pick up data related to
> my scans?

Generally yes.

> How would I go about
> accomplishing this?

One approach would be to ensure that you've enabled keyboard saving in
your client configurations, then extract the information from the KBs
themselves with something like Perl. KBs are stored under the Nessus
user's directory on the Nessus server; eg,
./opt/nessus/var/nessus/users/$user/kbs/$host.

Another would be to write a plugin as Ferdy already suggested and pull
the information in using something like get_kb_item(). Assuming you have
a registered / direct feed, you could look at, say, opera_installed.nasl
and opera_910.nasl -- the latter pulls the version number discovered by
the first plugin and uses it in deciding whether to report a vulnerable
version installed.

George
--
theall@tenablesecurity.com
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
RE: Knowledge Base Use [ In reply to ]
daryl.chambers at hdsupply
Mar 15, 2007, 5:55 AM
Post #3 of 3 (2392 views)
Permalink
>One approach would be to ensure that you've enabled keyboard saving in
>your client configurations, then extract the information from the KBs
>themselves with something like Perl. KBs are stored under the Nessus
>user's directory on the Nessus server; eg,
>./opt/nessus/var/nessus/users/$user/kbs/$host.

This is closer to the approach I was looking for. I have already
determined that a script exists, and is running that writes the
information I am seeking to the KB. Now I am running these scans over
multiple subnets, so when I go to attempt to retrieve the data, I have
to span multiple folders, sub-folders, and files. Has anyone written a
parser that can be fed a plugin, subnet(s) and user ID that will then
traverse the multitude of folders and produce a report of devices that
list an entry from said plugin?

_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal