Nessus "Exploitable With" Field Updated

Over the past few months, fields in Nessus reports indicating whether or not an exploit exists for a given vulnerability have continued to evolve. We first announced this feature in October 2010 in a post titled New Nessus Feature: Public Exploit Availability. Ron Gula then wrote a follow-up post called ”If an exploit falls in the forest, does anyone hear it being patched?”, that described the usefulness of the information contained within the "Exploit available" and "Exploitable With" fields in Nessus plugins.

The Nessus interface has now received an update that will display the "Exploitable With" field directly in the report (prior to the latest version, this field was only contained in the HTML export).

Exploits_sm.png
Click for larger image


The cool thing is that users can now perform searches to locate the vulnerabilities that are exploitable by their favorite exploit framework. For example, placing "exploit_framework_metasploit" in the "Vulnerability Text" search field will only display the findings with Metasploit references (use "exploit_framework_core" for Core IMPACT and "exploit_framework_canvas" for CANVAS). Searching for "exploit_framework_" returns vulnerabilities exploitable for all frameworks that have references included within Nessus plugins.

Having some additional context around the vulnerabilities found by Nessus is very useful. For example, the following TFTP vulnerability was enumerated by Nessus:

TFTP-vuln.png

I was previously unaware that an exploit existed in the CANVAS D2 exploitation pack for this:

TFTP-Canvas.png