In this chapter, we will cover the following recipes:
- Understanding Nmap outputs
- Understanding Nessus outputs
- How to confirm Nessus vulnerabilities using Nmap and other tools
In this chapter, we will cover the following recipes:
In this chapter, we will be going through various recipes regarding the reports that can be generated using Nmap and Nessus. We will also look at a recipe on using Nmap to confirm vulnerabilities that are reported by Nessus. It is always required to confirm the vulnerabilities reported by a scanner, as there are chances of the scanner reporting false positive vulnerabilities. Confirming these vulnerabilities will allow the administrative team to focus on the confirmed vulnerabilities instead of wasting resources on false positives that have been reported. Both Nmap and Nessus generate different formats of reports, allowing the user to make a choice as per their requirements.
Nmap displays results based on the responses it receives from the remote hosts. The more hosts that are scanned, the more complex the results are that are printed on the screen. Analyzing these results when printed in terminal or Command Prompt becomes impossible when the number of hosts increases. In order to solve this problem, Nmap supports various reporting formats which can be used as per the user's requirements. One of the simplest ways to store Nmap's output is to use a >> operator followed by a text file name such as output.txt. This will allow Nmap to forward all the contents to that text file. Even the content of a text file becomes a nightmare to analyze for 10+ hosts. Nmap also gives a lot of verbose and debug information, along with a port scan, which can complicate this process even more. The operating system's detection...
Nessus is more of an enterprise-aligned tool. The reporting is more comprehensive and user-friendly. Nessus provides document and structure-based reporting. These reports can be exported by selecting the format required in the Export drop-down in the top-right corner of the Scans result page:
Here, we will go over the reporting formats that are supported by Nessus.
This format allows the user to import the results in .nessus format. This is a format that can only be parsed using Nessus. It allows users to download the scan results and later import the same into Nessus for any type of analysis to be performed.
Most of the vulnerabilities reported by Nessus are signature and value-based, which Nessus makes a decision on based on the code present in the plugins. It is required to confirm these vulnerabilities using manual techniques such as Nmap scripts or port-specific open source tools. This will allow the administration team to put their efforts into the mitigation of the actual vulnerabilities instead of false positives. Also, sometimes, Nessus reports vulnerabilities for which workarounds have already been applied as Nessus only checks with respect to the conditions mentioned in the plugin and cannot recognize any other deviations. In this recipe, we will look at sets to verify multiple vulnerabilities reported by Nessus using Nmap and other open source tools.
In order to create this recipe, we will perform a demo basic...