Nessus vs exploits

[ratatosk]

Hi everyone (, my first post on the forum)
I normally use nessus when scanning a website for weaknesses, and then proceed with manual testing. Can anyone tell me how this compares with exploits (I’ve never actually used an exploit myself by the way). I know there are lots of exploits out there to attack specific weaknesses, and I’m wondering if nessus or other tools can uncover a sites vulnerability to these exploits? I guess it all depends on the plug-ins, but I’d appreciate some comments on the topic if anyone knows about it.

-Ratatosk

[phishphreek]

I'm not an expert on nessus, but have used it plenty.

know there are lots of exploits out there to attack specific weaknesses, and I’m wondering if nessus or other tools can uncover a sites vulnerability to these exploits?

That is exactly what nessus is there for. To find vulnerabilities in your network. Make sure you keep up to date with the plugins and up to date on the verson of nessus you are using. They change all the time.

Nessus scans a particular computer/network and looks at the ports that are open and evaluates those ports and then tells you the services running on those ports. Depending on the version of the software/service, and whether it was patched, it will report back to you certain vulnerabilities that the service has. The object is to get this to 0. There will always be warnings, but you can use your firewall to take care of most of these or modify banners, or even change your config files.

Nessus can and will crash a remote computer(s), depending on which plugins you are using. Be very careful with nessus when testing production machines. It'd be a good idea to have a backup replica that is exactly like your production (disaster recovery, etc) but this can be expensive. At least you know you won't kill your production server.

If you are looking to just find weaknesses on web servers, there are tools just for that.

You just have to search a bit. HTTP Auditing tools. There are more... google around a bit.

Can anyone tell me how this compares with exploits

Well, nessus just compares the services against a database of vulnerabilities and does the job for you. It will only show you the vulnerabilities, where an exploit will actually exploit the service. With exploits, you will have to grab the code, modify it to run on your box, and possibly modify it so it'll work on box you are auditing. An exploit is written for only one specific service and there are several conditions that must be met in order for it to work, depending on the exploit.

When you are auditing, you really only want to identify/fix vulnerabilites, not break into your box. You don't know what damage you can cause while breaking into your box... so it'd be a good idea to use a mirror of your production box just in case something goes wrong.

Just so you know... I'm not a http auditing expert. I know very little about auditing web services and applications... so maybe someone else can help you out a bit more.

I'd be interested in seeing others views on this.

[alphabetarian]

Well said Phish... I'm no Nessus expert either, but I used it in a lab assignment once. In the pre-lab lecture the prof gave, he basically said the same thing that you did. Nessus will compare stuff you're running to a database of known (exploit, I think) signatures, then tell you what you're vulnerable too. Basically, Nessus almost but not quite breaks in...exploits do break in.

But again, I'm no Nessus expert, but I know (of) folks that are... www.nessus.com

alpha