Mailing List Archive: Nessus: users

Requesting for Nessus plugin information

Index | Next | Previous | View Threaded

G.Sandhya at ge

Feb 7, 2008, 2:45 AM

Post #1 of 5 (187 views)
Permalink

Requesting for Nessus plugin information

Hello Team,

Could you please provide the necessary information (CVE Numbers, Patch
details etc) for all the plug-ins which are available in Nessus till
date?

We have installed Nessus on a test machine and we would like to compare
vulnerabilities provided by Nesus with other vulnerability Scanners
available.

Looking forward for your reply.

Thanks and Regards,

Sandhya Gadhe

Senior Engineer--Security Operations Center.

RedHat Certified Engineer.

GENPACT, Hyderabad, India.

T +91 40 66062121

D #8 * 740 4663

E G.Sandhya[at]ge.com

rgula at tenablesecurity

Feb 7, 2008, 5:30 AM

Post #2 of 5 (174 views)
Permalink

Re: Requesting for Nessus plugin information [In reply to]

Hello there,

Tenable does not publish a bulk list of CVE entries as such. However, we
do offer a query interface for you to perform searches located here:

http://www.nessus.org/plugins/

One plugin might cover multiple CVE entries, and there may be multiple
plugins to perform a security test for a missing patch. Please keep this
in mind when you compare Nessus with other vulnerability scanners.

Also, to get an understanding of the more than 20,000 plugins currently
available, you should read this blog entry from a few months ago which
covered (at the time) the statistics for the 18,000 plugins we had.

http://blog.tenablesecurity.com/2007/09/everything-you-.html

If you do find gaps in coverage, please let us know. However, if you do
find that Nessus has more coverage, please let us know that as well.

Ron Gula
Tenable Network Security

Sandhya, G (GE Money, consultant) wrote:
> Hello Team,
>
>
>
> Could you please provide the necessary information (CVE Numbers, Patch
> details etc) for all the plug-ins which are available in Nessus till
> date?
>
>
>
> We have installed Nessus on a test machine and we would like to compare
> vulnerabilities provided by Nesus with other vulnerability Scanners
> available.
>
>
>
> Looking forward for your reply.
>
>
>
>
>
> Thanks and Regards,
>
> Sandhya Gadhe
>
>
>
> Senior Engineer--Security Operations Center.
>
> RedHat Certified Engineer.
>
> GENPACT, Hyderabad, India.
>
> T +91 40 66062121
>
> D #8 * 740 4663
>
> E G.Sandhya[at]ge.com
>
>
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Nessus mailing list
> Nessus[at]list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
Nessus[at]list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

G.Sandhya at ge

Feb 7, 2008, 5:48 AM

Post #3 of 5 (176 views)
Permalink

RE: Requesting for Nessus plugin information [In reply to]

Hi,

Many thanks for your mail. The Website which you shared with me is good.

By any chance can we get all the plugins and their description in Excel
format?
I had gone through the links which you have provided but I would require
all of them in an excel sheet.

Could you please check and let me know the status?

Thanks in Advance.

Thanks and Regards,

Sandhya Gadhe

Senior Engineer--Security Operations Center.

RedHat Certified Engineer.

GENPACT, Hyderabad, India.

T +91 40 66062121

D #8 * 740 4663

E G.Sandhya[at]ge.com

-----Original Message-----
From: Ron Gula [mailto:rgula[at]tenablesecurity.com]
Sent: Thursday, February 07, 2008 7:01 PM
To: Sandhya, G (GE Money, consultant)
Cc: nessus[at]list.nessus.org
Subject: Re: Requesting for Nessus plugin information

Hello there,

Tenable does not publish a bulk list of CVE entries as such. However, we

do offer a query interface for you to perform searches located here:

http://www.nessus.org/plugins/

One plugin might cover multiple CVE entries, and there may be multiple
plugins to perform a security test for a missing patch. Please keep this

in mind when you compare Nessus with other vulnerability scanners.

Also, to get an understanding of the more than 20,000 plugins currently
available, you should read this blog entry from a few months ago which
covered (at the time) the statistics for the 18,000 plugins we had.

http://blog.tenablesecurity.com/2007/09/everything-you-.html

If you do find gaps in coverage, please let us know. However, if you do
find that Nessus has more coverage, please let us know that as well.

Ron Gula
Tenable Network Security

Sandhya, G (GE Money, consultant) wrote:
> Hello Team,
>
>
>
> Could you please provide the necessary information (CVE Numbers, Patch
> details etc) for all the plug-ins which are available in Nessus till
> date?
>
>
>
> We have installed Nessus on a test machine and we would like to
compare
> vulnerabilities provided by Nesus with other vulnerability Scanners
> available.
>
>
>
> Looking forward for your reply.
>
>
>
>
>
> Thanks and Regards,
>
> Sandhya Gadhe
>
>
>
> Senior Engineer--Security Operations Center.
>
> RedHat Certified Engineer.
>
> GENPACT, Hyderabad, India.
>
> T +91 40 66062121
>
> D #8 * 740 4663
>
> E G.Sandhya[at]ge.com
>
>
>
>
>
>
>
------------------------------------------------------------------------
>
> _______________________________________________
> Nessus mailing list
> Nessus[at]list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
Nessus[at]list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

rgula at tenablesecurity

Feb 7, 2008, 5:55 AM

Post #4 of 5 (176 views)
Permalink

Re: Requesting for Nessus plugin information [In reply to]

Sandhya, G (GE Money, consultant) wrote:
> Hi,
>
> Many thanks for your mail. The Website which you shared with me is good.

I'm glad it helps you.

> By any chance can we get all the plugins and their description in Excel
> format?

We don't publish the information that way.

> I had gone through the links which you have provided but I would require
> all of them in an excel sheet.

If you check the archives of this list, you will see some references to
using the Unix nessus client to build your plugin list. It won't output
Excel, but if you put some effort into it, you can create what you need.

Ron Gula
Tenable Network security

_______________________________________________
Nessus mailing list
Nessus[at]list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

rbabcock at cfa

Feb 7, 2008, 8:34 AM

Post #5 of 5 (176 views)
Permalink

RE: Requesting for Nessus plugin information [In reply to]

> Could you please provide the necessary information (CVE Numbers,
Patch details etc) for all the plug-ins which are available in Nessus
till date?

The information you want is in comments in the ~20,000 plugins. George
Theall has a perl script at
http://www.tifaware.com/perl/describe-nessus-plugin/ to extract this
sort of information. I run it unchanged under Windows using perl from
http://www.activestate.com/Products/activeperl/

I also needed wild.pm from http://perldoc.perl.org/perlwin32.html
<http://perldoc.perl.org/perlwin32.html> so I could use wildcards in my
script.

The script I run to extract information from the plugins is simple:

@echo off
cd "C:\Sys\Vulnerability scanners\Nessus\plugins\scripts"
perl -MWild -wT C:\App\Perl\site\bin\describe-nessus-plugin.pl --width
300 --functions id,family,name *.nasl >c:\temp\nessus-scripts.txt

Paths will need to be adjusted to match your installation and I'm
extracting different information than you require. Reformatting the
output for import into Excel shouldn't be too hard to do.

Note that a small number of plugins are empty stubs and generate
warnings when processed and one nasl script has mismatched braces in
comments.

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com