Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Mapping between plugin id's and CVE-ID and bugtraq id's

from [Javier Fernandez-Sanguino] Network Security [Permanent Link]
Subject: Re: Mapping between plugin id's and CVE-ID and bugtraq id's
Date: Tue, 22 Feb 2005 12:04:42 +0100
Raghunandan wrote:
Hi All,
I wanted to know is there any list which maps the plugin id's to the cve-id and the bugtraq id's.

There's no public list AFAIK, but you can easily extract this from the plugins quite easily. If you want a script that already does this check the nessus-extract script in the 'nessus-tools' directory of the CVS. Latest version available at:

http://cvsweb.nessus.org/cgi-bin/viewcvs.cgi/nessus-tools/nessus-extract/nessus-extract.pl?rev=1.4.2.8&content-type=text/vnd.viewcvs-markup

This version will print in whatever output format you choose (text, csv or sql statemtns) the information it extracts from the plugins.

If you are interested in getting this mapping onto a database create the database as described in both the README file and the SQL statements at:

http://cvsweb.nessus.org/cgi-bin/viewcvs.cgi/nessus-core/doc/database/?hideattic=0&only_with_tag=NESSUS_SQL

And then run, for example:

$ nessus-extract -p /var/lib/nessus/plugins -f sql | mysql

And you will get updated plugin, plugincve and pluginbid databases.
Notice this script only works with NASL plugins. For C plugins you will have to review them manually.

If you have any issues with the above code please let me know, it's been a while since I used it myself.

Regards

Javier
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Nessus Risk Rating Discussion Part Trois - CVSS, Yeomans, Andrew
Next by Date:  Re: Question on setting up a scan, mike . sleeper
Previous by Thread:  Mapping between plugin id's and CVE-ID and bugtraq id's, Raghunandan
Next by Thread:  Nessus Risk Rating Discussion Part Trois - CVSS, Yeomans, Andrew
Indexes:  [Date] [Thread] [Top] [All Lists]