Collaborate Disseminate
Scanning a machine on a local network (it is the only machine scanned, and is running Red Hat Enterprise Linux 7.4) and Nessus reports a vulnerability present in an outdated version of Dropbear SSH installed on the machine. T… Continue reading Nessus scan reports a Dropbear vulnerability on a machine that does not have dropbear installed
Nessus is reporting that an “SSL Certificate Cannot Be Trusted”.
This is due to the intermediate certificate not being in the certificate bundle presented during the TLS/SSL handshake.
I’ve looked at a couple of similar thr… Continue reading Checking Intermediate Certificates Programatically
I had a Ubuntu 16.04.02 box running Nessus Pro for scanning machines in our LAN.
Inspecting /opt/nessus/var//reports directory, I noted the Nessus reports are sqlite database.
In order to use reports information, we want to… Continue reading Converting Tenable Nessus reports to plain text in syslog format [on hold]
I want to know that, what database Nessus use to store scan information and how to export it?
Continue reading what database Nessus use to store scan information? [on hold]
I first considered masscan due to its speed. But, then I could not find a quick solution to import masscan XML result into Nessus to further my reconnaissance phase. If I have necessary bandwidth to scan over 100k IP addresse… Continue reading What is the optimal port and vulnerability scanning technique for over 100,000 IP addresses within a few full days?
If I wish to run Nessus against a Windows server that is only accessible from another machine, I can setup an SSH tunnel like so:
ssh user@10.99.5.6 -L 127.0.0.1:445:10.0.0.45:445 -L 127.0.0.1:139:10.0.0.45:139
Then I would configure Ne… Continue reading Credentialed scanning through SSH tunnel
I am writing an open source python tool aimed at inventoring/auditing and hardening of a system. When I started off with the project, I did some research around it and figured out that there were not many tools (at least open… Continue reading Difference between Lynis and Nessus and yet another hardening tool
When scanning with nessus and defining the ports, there is an option where you could simply type “default” and nessus will scan certain ports. I was wondering what the ports were? I am assuming the ports are the 100 common po… Continue reading Nessus Default Ports
In this security scan, the parameter is found to be at risk of cross-site scripting attacks. Does this mean as below under name=”target” attackers can replace the value of ‘target’ ? What sort of risk would there be ?
In this security scan, the parameter is found to be at risk of cross-site scripting attacks. Does this mean as below under name=”target” attackers can replace the value of ‘target’ ? What sort of risk would there be ?