Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Nessus "Exploitable With" Field Updated

Over the past few months, fields in Nessus reports indicating whether or not an exploit exists for a given vulnerability have continued to evolve. We first announced this feature in October 2010 in a post titled New Nessus Feature: Public Exploit Availability. Ron Gula then wrote a follow-up post called ”If an exploit falls in the forest, does anyone hear it being patched?”, that described the usefulness of the information contained within the "Exploit available" and "Exploitable With" fields in Nessus plugins.

The Nessus interface has now received an update that will display the "Exploitable With" field directly in the report (prior to the latest version, this field was only contained in the HTML export).

Exploits_sm.png
Click for larger image


The cool thing is that users can now perform searches to locate the vulnerabilities that are exploitable by their favorite exploit framework. For example, placing "exploit_framework_metasploit" in the "Vulnerability Text" search field will only display the findings with Metasploit references (use "exploit_framework_core" for Core IMPACT and "exploit_framework_canvas" for CANVAS). Searching for "exploit_framework_" returns vulnerabilities exploitable for all frameworks that have references included within Nessus plugins.

Having some additional context around the vulnerabilities found by Nessus is very useful. For example, the following TFTP vulnerability was enumerated by Nessus:

TFTP-vuln.png

I was previously unaware that an exploit existed in the CANVAS D2 exploitation pack for this:

TFTP-Canvas.png

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io Vulnerability Management

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.