Plugin Spotlight: Import Nmap XML Results Into Nessus
Nmap continues to be a powerful tool for port scanning, operating system identification, service identification and now supports extended information with NSE (Nmap Scripting Engine) scripts. A recently released NASL script allows you to import the Nmap results into Nessus. For example, you can run Nmap with the following switches:
As of Nessus v6 the command line utilities for running Nessus scans are no longer included. Customers are encouraged to use the Nessus API to implement command line base scanning, and a host of other features include uploading and downloading reports. Customers can find examples in the Tenable Discussion Forum, and in particular the post "Nessus v6 API Demo Scripts" and documentation.
|# nmap -sC -sV -O -oX mynetwork.xml 192.168.1.3-250|
The options shown in this example above perform the following functions:
|-sC||tells Nmap to run all of the scripts labeled as "default"|
|-sV||tests if a port is open and attempts to identify the service running|
|-O||attempts to identify the the operating system using TCP/IP fingerprinting|
|-oX||generates XML formatted output|
To integrate all of the information from Nmap into Nessus, you can download the Nmap XML Importer and copy it to your plugins directory. You will then need to stop the Nessus server, run nessusd -y, then start the Nessus server.
|NOTE: Adding New Plugins
When adding plugins that are not part of a plugin update be certain to re-process your plugins. To do this you must first stop the Nessus server (/etc/init.d/nessusd stop on most Unix/Linux systems), then run one of the following commands:
nessusd (no arguments) - Starts nessusd and does not look at each plugin's timestamp, unless plugin_feed_info.inc has changed.
nessusd -t - Starts nessusd and looks at each plugin's timestamp. If the plugin's timestamp is newer than that of the last time plugins were processed, it will process the new plugins.
nessusd -R - Flushes the plugins database, then processes every plugin (i.e., converts them into bytecode) and exits. This option ensures there are no leftovers from previous plugins, even if your clock has drifted backwards.
nessusd -y - Does the same as nessusd -t, but exits once done (instead of starting to listen on port 1241).
Typically, if you do not modify your plugins other than performing the routine plugin update process, you do not need to use these switches. If you manually modify a plugin, then you need to use -t or -y.
Once the Nessus server has been restarted, the usage of the plugin is the same as the old plugin (when the old plugin was run when Nmap was not in your path). You can refer to the blog post titled "Using Nmap Results With Nessus Batch Scanning" for information on how to use and run it. Don't forget to restart the NessusClient and create a new policy to see the new options that resulted from the new plugin.
Are You Vulnerable to the Latest Exploits?
Enter your email to receive the latest cyber exposure alerts in your inbox.