Plugin Spotlight: Import Nmap XML Results Into Nessus
Nmap continues to be a powerful tool for port scanning, operating system identification, service identification and now supports extended information with NSE (Nmap Scripting Engine) scripts. A recently released NASL script allows you to import the Nmap results into Nessus. For example, you can run Nmap with the following switches:
As of Nessus v6 the command line utilities for running Nessus scans are no longer included. Customers are encouraged to use the Nessus API to implement command line base scanning, and a host of other features include uploading and downloading reports. Customers can find examples in the Tenable Discussion Forum, and in particular the post "Nessus v6 API Demo Scripts" and documentation.
| # nmap -sC -sV -O -oX mynetwork.xml 192.168.1.3-250 |
The options shown in this example above perform the following functions:
| Nmap Option | Description |
| -sC | tells Nmap to run all of the scripts labeled as "default" |
| -sV | tests if a port is open and attempts to identify the service running |
| -O | attempts to identify the the operating system using TCP/IP fingerprinting |
| -oX | generates XML formatted output |
To integrate all of the information from Nmap into Nessus, you can download the Nmap XML Importer and copy it to your plugins directory. You will then need to stop the Nessus server, run nessusd -y, then start the Nessus server.
| NOTE: Adding New Plugins
When adding plugins that are not part of a plugin update be certain to re-process your plugins. To do this you must first stop the Nessus server (/etc/init.d/nessusd stop on most Unix/Linux systems), then run one of the following commands: nessusd (no arguments) - Starts nessusd and does not look at each plugin's timestamp, unless plugin_feed_info.inc has changed. nessusd -t - Starts nessusd and looks at each plugin's timestamp. If the plugin's timestamp is newer than that of the last time plugins were processed, it will process the new plugins. nessusd -R - Flushes the plugins database, then processes every plugin (i.e., converts them into bytecode) and exits. This option ensures there are no leftovers from previous plugins, even if your clock has drifted backwards. nessusd -y - Does the same as nessusd -t, but exits once done (instead of starting to listen on port 1241). Typically, if you do not modify your plugins other than performing the routine plugin update process, you do not need to use these switches. If you manually modify a plugin, then you need to use -t or -y. |
Once the Nessus server has been restarted, the usage of the plugin is the same as the old plugin (when the old plugin was run when Nmap was not in your path). You can refer to the blog post titled "Using Nmap Results With Nessus Batch Scanning" for information on how to use and run it. Don't forget to restart the NessusClient and create a new policy to see the new options that resulted from the new plugin.
References
Related Articles
Study: Tenable Offers Fastest, Broadest Coverage of CISA's KEV Catalog
October 23, 2023Tenable ranked first in multiple vulnerability management categories, including the most comprehensive coverage and quickest detection of CISA's Known Exploited Vulnerabilities, according to a Miercom report commissioned by Tenable.
Tuning Network Assessments for Performance and Resource Usage
September 13, 2022Using the correct tool for the job and optimizing scanner placement will have a large impact on scan efficiency with Nessus, Tenable.io and Tenable.sc.
Terrascan Joins the Nessus Community, Enabling Nessus To Validate Modern Cloud Infrastructures
May 17, 2022The addition of Terrascan to the Nessus family of products helps users better secure cloud native infrastructure by identifying misconfigurations, security weaknesses, and policy violations by scanning Infrastructure as Code repositories.
CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited
April 23, 2024A zero-day vulnerability in CrushFTP was exploited in the wild against multiple U.S. entities prior to fixed versions becoming available as the vendor recommends customers upgrade as soon as possible.
Operational Technology in the DoD: Ensuring a Secure and Efficient Power Grid
April 19, 2024In an evolving threat landscape, the DoD must make sure that its mission-critical operations don’t experience power outages.
Cybersecurity Snapshot: Cyber Agencies Offer Secure AI Tips, while Stanford Issues In-Depth AI Trends Analysis, Including of AI Security
April 19, 2024Check out recommendations for securing AI systems from the Five Eyes cybersecurity agencies. Plus, Stanford University offers a comprehensive review of AI trends. Meanwhile, a new open-source tool aims to simplify SBOM usage. And don’t miss the latest CIS Benchmarks updates. And much more!
- Nessus