Plugin Spotlight: Import Nmap XML Results Into Nessus
Nmap continues to be a powerful tool for port scanning, operating system identification, service identification and now supports extended information with NSE (Nmap Scripting Engine) scripts. A recently released NASL script allows you to import the Nmap results into Nessus. For example, you can run Nmap with the following switches:
As of Nessus v6 the command line utilities for running Nessus scans are no longer included. Customers are encouraged to use the Nessus API to implement command line base scanning, and a host of other features include uploading and downloading reports. Customers can find examples in the Tenable Discussion Forum, and in particular the post "Nessus v6 API Demo Scripts" and documentation.
| # nmap -sC -sV -O -oX mynetwork.xml 192.168.1.3-250 |
The options shown in this example above perform the following functions:
| Nmap Option | Description |
| -sC | tells Nmap to run all of the scripts labeled as "default" |
| -sV | tests if a port is open and attempts to identify the service running |
| -O | attempts to identify the the operating system using TCP/IP fingerprinting |
| -oX | generates XML formatted output |
To integrate all of the information from Nmap into Nessus, you can download the Nmap XML Importer and copy it to your plugins directory. You will then need to stop the Nessus server, run nessusd -y, then start the Nessus server.
| NOTE: Adding New Plugins
When adding plugins that are not part of a plugin update be certain to re-process your plugins. To do this you must first stop the Nessus server (/etc/init.d/nessusd stop on most Unix/Linux systems), then run one of the following commands: nessusd (no arguments) - Starts nessusd and does not look at each plugin's timestamp, unless plugin_feed_info.inc has changed. nessusd -t - Starts nessusd and looks at each plugin's timestamp. If the plugin's timestamp is newer than that of the last time plugins were processed, it will process the new plugins. nessusd -R - Flushes the plugins database, then processes every plugin (i.e., converts them into bytecode) and exits. This option ensures there are no leftovers from previous plugins, even if your clock has drifted backwards. nessusd -y - Does the same as nessusd -t, but exits once done (instead of starting to listen on port 1241). Typically, if you do not modify your plugins other than performing the routine plugin update process, you do not need to use these switches. If you manually modify a plugin, then you need to use -t or -y. |
Once the Nessus server has been restarted, the usage of the plugin is the same as the old plugin (when the old plugin was run when Nmap was not in your path). You can refer to the blog post titled "Using Nmap Results With Nessus Batch Scanning" for information on how to use and run it. Don't forget to restart the NessusClient and create a new policy to see the new options that resulted from the new plugin.
References
Related Articles
Study: Tenable Offers Fastest, Broadest Coverage of CISA's KEV Catalog
October 23, 2023Tenable ranked first in multiple vulnerability management categories, including the most comprehensive coverage and quickest detection of CISA's Known Exploited Vulnerabilities, according to a Miercom report commissioned by Tenable.
Tuning Network Assessments for Performance and Resource Usage
September 13, 2022Using the correct tool for the job and optimizing scanner placement will have a large impact on scan efficiency with Nessus, Tenable.io and Tenable.sc.
Terrascan Joins the Nessus Community, Enabling Nessus To Validate Modern Cloud Infrastructures
May 17, 2022The addition of Terrascan to the Nessus family of products helps users better secure cloud native infrastructure by identifying misconfigurations, security weaknesses, and policy violations by scanning Infrastructure as Code repositories.
CVE-2024-7593: Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
August 14, 2024Ivanti released a patch for a critical severity authentication bypass vulnerability and a warning that exploit code is publicly available
Microsoft’s August 2024 Patch Tuesday Addresses 88 CVEs
August 13, 2024Microsoft addresses 88 CVEs with seven critical vulnerabilities and 10 zero-day vulnerabilities, six of which were exploited in the wild.
Compromising Microsoft's AI Healthcare Chatbot Service
August 13, 2024Tenable Research discovered multiple privilege-escalation issues in the Azure Health Bot Service via a server-side request forgery (SSRF), which allowed researchers access to cross-tenant resources.
- Nessus