2

I need to write a script (I am not asking for script !) in order to verify if target Servers are available (Up or Down) for Nessus scan or not. The problem is that, sometimes even if ping does not work on target IP address, Nessus still can scan these IP addresses.

My question is: How can I deal with equipment or servers which does not permit the ICMP ping? What should I check to make sure that IP address (Servers) which I need to scan are available for scan if they do not permit ICMP Ping or tracert or arp?

galoget
  • 1,414
  • 1
  • 9
  • 15
tech_enthusiast
  • 435
  • 1
  • 5
  • 19
  • You may send TCP SYN packets to most used ports such as 80 or 443, and then if targets return an answer, you may assume that those targets are available but this is not %100 accurate solution, though. – JackSparrow Mar 16 '18 at 06:15
  • @JackSparrow But is this a fastest way to check as I have to check many servers at the same time. Also, What status should I check? Because this will run as a scheduler script. It won't have any manual admin to check the status. – tech_enthusiast Mar 19 '18 at 00:48
  • Looks like the way is to probe all the hosts with a good combination of protocols/ports looking for responses. Its what nessus and nmap are really doing. – jmingov May 21 '18 at 19:55

1 Answers1

1

I think that you should use Nmap,or other tool but I use this tool, for this kind of enumeration.

You can use the option -sn to do 80 and 443 ports scan and ping scan, because might be not all of deviced have ping blocked. But if you what to scan other specific ports, you can use -p or --top-ports options.

Then, when you will get the result, you can insert discovered targets on Nessus to do the complet scan.

This is the procedure that I use.

Iratzar Carrasson Bores
  • 196
  • 1
  • 13
  • be careful, `-sn` is not detecting hosts with ping disabled, it scans all the hosts as if they where up, skipping host dicovery (unless specified otherwise). – jmingov May 21 '18 at 19:49
  • This is not true. This happen because you are using a virtual machine, for example. But if you use _Nmap_ on native OS, `-sn` have the ping scan abled and discover the active hosts. – Iratzar Carrasson Bores May 22 '18 at 06:42
  • I messed with the -Pn swich, check https://nmap.org/book/man-host-discovery.html, it has nothing to do with with virtual or native os. – jmingov May 22 '18 at 20:50
  • I think that is very strange get as a results all IPs active with `-Pn`, and I'm continue thinking that it can be becouse you use a virtual machine and TTL number is crafted by _VirtualBox_ or _vmWare_ interface. If you need more information, you can use `--reason` flag. – Iratzar Carrasson Bores May 23 '18 at 06:46