Nessus requests
Results 1 to 10 of 10

Thread: Nessus requests

  1. #1

    Nessus requests

    I am doing a test on our servers at work. I have been using Nessus to do traditional vulnerability scans and my question is this:

    I want to view the actual requests, in raw format that nessus makes when testing for vulnerabilities. Can the requests be found somewhere so that the actual requests can be viewed?

    Thanks!

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    You should be able to look into the rules that make a nessus test. I can't tell you where they are but I'm sure it's in the documentation.

    If you want to see the 'real' traffic (ip packets et al) why not hook up a sniffer? Ethereal wil do very well.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member
    Join Date
    Jan 2003
    Posts
    274
    Well, it's a bit of a kluge, because I don't know how to do it in Nessus, or if it can be done even, but have you thought about putting something like ethereal downstream of your nessus server so you can examine the packets? I would think either creating a span port (if your switches will support that) or dropping the nessus server on an old hub that you having lying around and putting the ethereal machine on it, (the hub) would give you everything you wanted.


    edit----damn, sir dice posted while I was typing. Yeah, what he said.

  4. #4
    Senior Member
    Join Date
    Aug 2002
    Posts
    508
    Or if using *nix you can fire up "ngrep" while nessus scanning your server, I've done it two month ago..you will see the real traffic too..
    Not an image or image does not exist!
    Not an image or image does not exist!

  5. #5
    Senior Member
    Join Date
    Jan 2003
    Posts
    1,499
    www.majorgeeks.com has a pile of exploit scanners and admin tools to help you in your quest.

  6. #6
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    in RH9 the test are in /usr/lib/nessus/plugins and are written in nasl

    This will tell you about nasl http://www.nessus.org/doc/nasl2_reference.pdf and from that you should be able to work out whatthe tests are doing (& probably get them to dump input/otput) to files.

    HTH
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  7. #7
    I am indeed using linux. That grep command sounds interesting. What did the command look like?

  8. #8
    Senior Member
    Join Date
    Apr 2002
    Posts
    712
    Most linux's have tcpdump or similar... or, at least, the RPMs are fairly accessible from your vendor/distro.
    \"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

  9. #9
    Member
    Join Date
    Feb 2003
    Posts
    53
    We've had to do this in the past as well. Like 4 or 5 people already said. The "best" way would be a sniffer. Any sniffer will do, just write the output to a file then go back and look at all the traffic. This is good way to prove you ran certian tests, and did not run others (Some clients don't want you running certian tests).

  10. #10
    Senior Member
    Join Date
    Aug 2002
    Posts
    508
    Originally posted here by Surreal
    I am indeed using linux. That grep command sounds interesting. What did the command look like?
    "grep" and "ngrep" they are differents:
    Code:
    NAME
           grep,  egrep,  fgrep, zgrep, zegrep, zfgrep, bzgrep, bzegrep, bzfgrep -
           print lines matching a pattern
    
    SYNOPSIS
           grep [options] PATTERN [FILE...]
           grep [options] [-e PATTERN | -f FILE] [FILE...]
    
    DESCRIPTION
           grep searches the named input FILEs (or standard input if no files  are
           named, or the file name - is given) for lines containing a match to the
           given PATTERN.  By default, grep prints the matching lines.
    
           In addition, two variant programs egrep and fgrep are available.  egrep
           is  the  same  as grep -E.  fgrep is the same as grep -F.  zgrep is the
           same as grep -Z.  zegrep is the same as grep -EZ.  zfgrep is  the  same
           as grep -FZ.
    etc
    Code:
    SYNOPSIS
           ngrep <-hXViwqpevxlDtT> <-IO pcap_dump > < -n num > < -d dev > < -A num
           > < -s snaplen > < match expression > < bpf filter >
    
    
    DESCRIPTION
           ngrep strives to provide most of GNU grep's common  features,  applying
           them  to the network layer.  ngrep is a pcap-aware tool that will allow
           you to specify extended regular expressions to match against data  pay-
           loads  of  packets.   It  currently recognizes TCP, UDP and ICMP across
           Ethernet, PPP, SLIP, FDDI and null interfaces, and understands bpf fil-
           ter  logic  in  the  same fashion as more common packet sniffing tools,
           such as tcpdump(8) and snoop(1).
    etc
    So you need to have "ngrep" install on your box and read the manual first..for ngrep and you will know what the command is..
    Not an image or image does not exist!
    Not an image or image does not exist!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •