In my organization we are audited several times a year and I would like
to have a *non standard* view into my Nessus vulnerabilities. As opposed
to ranking my findings "high to low" I would like to sort them from
"would an auditor see this the way they scan" or not. An auditor usually
will scan unauthenticated, while for our internal processes we use full
credentials. There is nothing inside a plugin that says flat out
"credentials required" so it takes a little more work to get to that
level. The only way that I have been (almost) able to get there is the
following:
Cmd Prompt
CD to C:\Program Files\Tenable\Nessus\plugins\scripts and run:
Findstr /C:"script_id" *.nasl >AllPlugins.txt
Findstr /C:"smb_func.inc" *.nasl >windowsauthreq.txt
Findstr /C:"ssh_func.inc" *.nasl >unixauthreq.txt
once I chug through all 25k plugins, I am left with 3 files: a
FullPlugin table, plugins requiring SMB (windows auth), and then the
same for Unix.
I then import these into Excel and use them as tables to bounce against
my vuln report.
There are obvious flaws in some of the logic and that is the help I am
looking for. I have 76 INC files in my installation. I know that there
are other INCs which call for windows/unix authentication. If I went
with SMB*.inc and SSH*.inc, would that be all inclusive? Or am I over
thinking this and there is a better way (other than doing to 2 separate
scans)?
With the massive amount of devices on our networks, if I could sort the
Plugins as opposed to doing multiple scans it would save days of time.
Sorry if this is the wrong list for this, but I figured that we are
dealing with NASL on the list and that is the data which I am using for
my ranking.
Any help is appreciated-
Jeremy
to have a *non standard* view into my Nessus vulnerabilities. As opposed
to ranking my findings "high to low" I would like to sort them from
"would an auditor see this the way they scan" or not. An auditor usually
will scan unauthenticated, while for our internal processes we use full
credentials. There is nothing inside a plugin that says flat out
"credentials required" so it takes a little more work to get to that
level. The only way that I have been (almost) able to get there is the
following:
Cmd Prompt
CD to C:\Program Files\Tenable\Nessus\plugins\scripts and run:
Findstr /C:"script_id" *.nasl >AllPlugins.txt
Findstr /C:"smb_func.inc" *.nasl >windowsauthreq.txt
Findstr /C:"ssh_func.inc" *.nasl >unixauthreq.txt
once I chug through all 25k plugins, I am left with 3 files: a
FullPlugin table, plugins requiring SMB (windows auth), and then the
same for Unix.
I then import these into Excel and use them as tables to bounce against
my vuln report.
There are obvious flaws in some of the logic and that is the help I am
looking for. I have 76 INC files in my installation. I know that there
are other INCs which call for windows/unix authentication. If I went
with SMB*.inc and SSH*.inc, would that be all inclusive? Or am I over
thinking this and there is a better way (other than doing to 2 separate
scans)?
With the massive amount of devices on our networks, if I could sort the
Plugins as opposed to doing multiple scans it would save days of time.
Sorry if this is the wrong list for this, but I figured that we are
dealing with NASL on the list and that is the data which I am using for
my ranking.
Any help is appreciated-
Jeremy