Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. users
question about output of Windows command line (UNCLASSIFIED)
craig.bowser1 at us
Nov 17, 2008, 8:40 AM
Post #1 of 2 (3293 views)
Permalink
Classification: UNCLASSIFIED
Caveats: NONE


This might be a totally 'duh' Q&A, but I want to make sure I'm doing
this right. I've been mucking around with the Windows command line
version of Nessus recently. Basically, I wanted to be do a quick scan
for a specific MS Patch on several machines. So I ran the following
command, but I'm wondering if I understand the output correctly.


C:\Program Files\Tenable\Nessus>nessuscmd -PIT -v -p -O -i 33875 x.x.x.x
Starting nessuscmd 3.2 (windows)
Scanning 'x.x.x.x'...

Host x.x.x.x is up
Discovered open port clariion-evr01 (6389/tcp) on x.x.x.x
Discovered open port netbios-ssn (139/tcp) on x.x.x.x
Discovered open port epmap (135/tcp) on x.x.x.x
Discovered open port sunrpc (111/tcp) on x.x.x.x
Discovered open port http (80/tcp) on x.x.x.x
Discovered open port ftp (21/tcp) on x.x.x.x
Discovered open port fpitp (1045/tcp) on x.x.x.x
Discovered open port microsoft-ds (445/tcp) on x.x.x.x
Discovered open port ms-wbt-server (3389/tcp) on x.x.x.x
Discovered open port rxmon (1311/tcp) on x.x.x.x
+ Results found on x.x.x.x :
- Port ftp (21/tcp) is open
- Port http (80/tcp) is open
- Port sunrpc (111/tcp) is open
- Port epmap (135/tcp) is open
- Port netbios-ssn (139/tcp) is open
- Port microsoft-ds (445/tcp) is open
- Port fpitp (1045/tcp) is open
- Port rxmon (1311/tcp) is open
- Port ms-wbt-server (3389/tcp) is open
- Port clariion-evr01 (6389/tcp) is open

The scan doesn't seem to run the OS detection (a Windows 2003 server) or
check for the specified plugin. A check of this blog entry, admittedly
old, http://blog.tenablesecurity.com/2007/07/nessus-32-beta-.html seems
to validate my syntax. I have admin access to the server.

Is this the correct output or am I doing something wrong? Shouldn't it
tell me the OS dectection, the results of the plugin check or give me an
error that it can't do one or the other?

Thanks.


BTW, psinfo -s \\<machinename> | find "kb#" works as well, but for the
sake of using Nessus....


Craig L. Bowser
CISSP SANS GSEC (Gold)
-------------------------------
Price. Quality. Service: Pick two.
Classification: UNCLASSIFIED
Caveats: NONE

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Re: question about output of Windows command line (UNCLASSIFIED) [ In reply to ]
rgula at tenablesecurity
Nov 17, 2008, 12:45 PM
Post #2 of 2 (3161 views)
Permalink
Hi Craig,

The US Army should be using the Professional Feed and this sort of
question could be handled by out support staff. We try to keep this
list as active as possible and I wanted to take a moment and remind
folks that part of having the Professional Feed includes dedicated
and private support.

Having said that, I did not see your username and password indicated
in your nessuscmd entry.

Ron Gula, CTO
Tenable Network Security

Bowser, Craig CTR USA wrote:
> Classification: UNCLASSIFIED
> Caveats: NONE
>
>
> This might be a totally 'duh' Q&A, but I want to make sure I'm doing
> this right. I've been mucking around with the Windows command line
> version of Nessus recently. Basically, I wanted to be do a quick scan
> for a specific MS Patch on several machines. So I ran the following
> command, but I'm wondering if I understand the output correctly.
>
>
> C:\Program Files\Tenable\Nessus>nessuscmd -PIT -v -p -O -i 33875 x.x.x.x
> Starting nessuscmd 3.2 (windows)
> Scanning 'x.x.x.x'...
>
> Host x.x.x.x is up
> Discovered open port clariion-evr01 (6389/tcp) on x.x.x.x
> Discovered open port netbios-ssn (139/tcp) on x.x.x.x
> Discovered open port epmap (135/tcp) on x.x.x.x
> Discovered open port sunrpc (111/tcp) on x.x.x.x
> Discovered open port http (80/tcp) on x.x.x.x
> Discovered open port ftp (21/tcp) on x.x.x.x
> Discovered open port fpitp (1045/tcp) on x.x.x.x
> Discovered open port microsoft-ds (445/tcp) on x.x.x.x
> Discovered open port ms-wbt-server (3389/tcp) on x.x.x.x
> Discovered open port rxmon (1311/tcp) on x.x.x.x
> + Results found on x.x.x.x :
> - Port ftp (21/tcp) is open
> - Port http (80/tcp) is open
> - Port sunrpc (111/tcp) is open
> - Port epmap (135/tcp) is open
> - Port netbios-ssn (139/tcp) is open
> - Port microsoft-ds (445/tcp) is open
> - Port fpitp (1045/tcp) is open
> - Port rxmon (1311/tcp) is open
> - Port ms-wbt-server (3389/tcp) is open
> - Port clariion-evr01 (6389/tcp) is open
>
> The scan doesn't seem to run the OS detection (a Windows 2003 server) or
> check for the specified plugin. A check of this blog entry, admittedly
> old, http://blog.tenablesecurity.com/2007/07/nessus-32-beta-.html seems
> to validate my syntax. I have admin access to the server.
>
> Is this the correct output or am I doing something wrong? Shouldn't it
> tell me the OS dectection, the results of the plugin check or give me an
> error that it can't do one or the other?
>
> Thanks.
>
>
> BTW, psinfo -s \\<machinename> | find "kb#" works as well, but for the
> sake of using Nessus....
>
>
> Craig L. Bowser
> CISSP SANS GSEC (Gold)
> -------------------------------
> Price. Quality. Service: Pick two.
> Classification: UNCLASSIFIED
> Caveats: NONE
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal