On Sat Apr 08 2006 at 20:42, Michael Scheidell wrote:
Doesn't pick a banner up at all
No. And it appears that nmap -sV cannot identify Nessus.
# nessusd -a 127.0.0.1 -p 1242
All plugins loaded
$ nmap -sV -p 1241-1242 -v 127.0.0.1
Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-04-12 16:29 CEST
DNS resolution of 0 IPs took 0.00s. Mode: Async [#: 1, OK: 0, NX: 0, DR: 0, SF:
0, TR: 0, CN: 0]
Initiating Connect() Scan against localhost (127.0.0.1) [2 ports] at 16:29
Discovered open port 1242/tcp on 127.0.0.1
The Connect() Scan took 0.00s to scan 2 total ports.
Initiating service scan against 1 service on localhost (127.0.0.1) at 16:29
The service scan took 23.06s to scan 1 service on 1 host.
Host localhost (127.0.0.1) appears to be up ... good.
Interesting ports on localhost (127.0.0.1):
PORT STATE SERVICE VERSION
1241/tcp closed nessus
1242/tcp open unknown
Nmap finished: 1 IP address (1 host up) scanned in 23.218 seconds
$
And after editing nessus_detect.nasl so that it check 1242 instead of
1241 by default (in the Nessus framework, it will check every open
port if thorough_tests is on):
$ nasl nessus_detect.nasl
** WARNING : packet forgery will not work
** as NASL is not running as root
set key Known/tcp/1242 -> 134899496
[12314] plug_set_key:internal_send(0)['1 Known/tcp/1242=nessus;
']: Socket operation on non-socket
set key Services/nessus -> 1242
[12314] plug_set_key:internal_send(0)['3 Services/nessus=1242;
']: Socket operation on non-socket
127.0.0.1: register_service: port=1242, proto=nessus
Success
$
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
