IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [nessus]

Nessus is a vulnerability scanning product and vulnerability management product that has both free 'Home' and paid 'Commercial' editions

Nessus is a proprietary vulnerability scanner which is developed by Tenable Network Security. It is free of charge for personal use in a non-enterprise environment.

It has a web interface for conducting scans and provision to generate & download scan reports.

Source - https://en.wikipedia.org/wiki/Nessus_(software)

70 questions
12
votes
2 answers

Tons of vulnerabilities are found on tcp/0 port using vulnerability scanners

Performed credentialed Vulnerability scan on linux/Unix servers by Nessus and thousand of vulnerability came out of port tcp/0. How could a IANA reserved port(tcp/0) handle traffic? Are those vulnerability truly countable or those came out as false…
Shakir
  • 185
  • 2
  • 13
8
votes
2 answers

what is the vulnerability if the DCE service on remote port is enumerated?

when I scan my server using nessus, one of the result is as follows: By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the…
PentestLover
  • 77
  • 1
  • 1
  • 5
7
votes
2 answers

SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection- medium or low risk?

This is a Nessus finding, which is considered medium by default. Basically it may allow for some plaintext injection which may allow for some man in the middling. My question is, has these been exploited in the wild? Are there to tools to take…
Sonny Ordell
  • 3,476
  • 9
  • 33
  • 56
7
votes
3 answers

Nessus Port scan Vs NMAP Port scan

My objective is to find network vulnerabilities. I have used Nessus and NMAP both for vulnerability scan. I have to verify if I can use only "Nessus" rather than using "NMAP". According to my efforts on the web, plenty of people suggested to use…
tech_enthusiast
  • 435
  • 1
  • 5
  • 19
5
votes
1 answer

Is it possible to invoke OS commands from a NASL script in OpenVAS?

I was wondering if it is possible to run a command like cat, w3m or any other Operating System (Linux) utility from inside a NASL script and use its output. Do you know any examples? I know you can use the tools that OpenVAS uses like nikto, etc…
MacKinnon360
  • 53
  • 4
4
votes
5 answers

How to test CVE-2004-0789 Multiple Vendor DNS Response Flooding Denial Of Service?

I use Nessus to check vulnerabilities on my webserver. It is a Windows Server. Nessus reports that this particular server has a CVE-2004-0789 vulnerability. Here is the description from Nessus: The remote DNS server is vulnerable to a denial of…
christofersimbar
  • 41
  • 7
4
votes
2 answers

Use Nessus or focus on manual testing?

Nessus scans for a a lot of vulnerabilities, so should I focus on learning vulnerabilities that are not covered by Nessus, like directory traversal attacks? Should I work on only the vulnerabilities that are not covered by Nessus, or learn all the…
ErrorrrDetector
  • 146
  • 7
3
votes
1 answer

Relationship between CVSS and Risk Level in Nessus output data

In a Nessus output file, does the Risk Level (e.g. Critical, High, Medium, Low, None) depend on the CVSS score? What relationship, if any, do the Risk Level and CVSS have? Thank yo
silverlight
  • 33
  • 1
  • 4
3
votes
2 answers

How to exploit via Metasploit vulnerabilities found with Nessus?

I am new in the field and trying to pentest a php web app locally stored on my host pc using metasploit from a kali vm. I have run some scanners like wmap,OpenVAS and Nessus and found some vulnerabilities but i have trouble finding the matching…
metavaronos
  • 145
  • 2
  • 9
3
votes
1 answer

Nessus: Host Discovery Scan finds no host

I am just starting my studies on pentesting and I have created a lab with Virtual Box with two VM's: a Kali-Linux machine and a Metasploitable2 machine. Their networks are both configured to be attached to Host-Only adapter and have no access to any…
franchzilla
  • 31
  • 1
  • 2
2
votes
1 answer

SMB/CIFS shares on HP-UX vulnerabilities

So, I've run an unauthenticated Nessus scan against a critical piece of infrastructure as part of a pen-test but I'm getting back some weird stuff and i can't seem to re-create the issue to demonstrate it to the client. The machine i'm testing is a…
NULLZ
  • 11,426
  • 17
  • 77
  • 111
2
votes
1 answer

Nessus found a vulnerability, but no corresponding exploit on Metasploit : How to run with meterpreter

I ran Nessus on a local network, it found a critical vulnerability for the router: MikroTik RouterOS < 6.41.3 SMB Buffer Overflow (Vulnerability description : Exploit-db) But I can't find any corresponding exploit on metasploit for this…
Johnny Pralo
  • 73
  • 5
2
votes
3 answers

nikto's results differ from other vulnerability scanners , is it more or less accurate?

I was doing some scanning on a web application, I used OWASP zap and Nessus. The risks that these two detected were medium to low, very few vulnerabilities. Then I tried nikto, and the results were huge. It detected potential risks with the…
user177300
  • 21
  • 2
2
votes
2 answers

Nessus for Operational Technologies

I want to scan with Nessus a network which include OT devices but I don't know how can I config Nessus to do it. Firstly, I disable ping scan, before of Nessus scan I do a IP enumerate with Nmap, and Service Discovery option. In addition, I change…
Iratzar Carrasson Bores
  • 196
  • 1
  • 13
2
votes
1 answer

Nessus Target Availability

I need to write a script (I am not asking for script !) in order to verify if target Servers are available (Up or Down) for Nessus scan or not. The problem is that, sometimes even if ping does not work on target IP address, Nessus still can scan…
tech_enthusiast
  • 435
  • 1
  • 5
  • 19
1
2 3 4 5