Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Application Fingerprinting & Reporting

from [Ron Gula] Network Security [Permanent Link]
Subject: Re: Application Fingerprinting & Reporting
Date: Wed, 22 Nov 2006 20:53:33 -0500 
I also forgot to mention the equivalent check for UNIX installed
applications:

http://www.nessus.org/plugins/index.php?view=single&id=22869

This lists all installed applications via SSH, and on most UNIX distros,
this can be a lot.

Ron Gula


Ron Gula wrote:

Hi there,

You should consider:

http://www.nessus.org/plugins/index.php?view=single&id=20811

This enumerates all installed software on a windows platform. It doesn't
 discriminate between "clients" like Outlook, Mozilla or Trillian with
regular applications like Google Earth, Power Point or Symantec Anti
Virus. This plugin requires credentials as well. With the exception of
some P2P software and applications like iTunes, there really isn't  a
good way to do a network scan without credentials and determine which
client side applications are installed or in use.

If you use the Passive Vulnerability Scanner:

http://www.tenablesecurity.com/products/pvs.shtml

It can produce an .nsr compatible list of "sniffed" information
including very extensive client-side application data. These blog links
can give you some idea of what it can do:

Detecting Network Change during end-of-year freezes
http://blog.tenablesecurity.com/2006/11/pvs_and_the_end.html

Detecting Corporate Policy Violations
http://blog.tenablesecurity.com/2006/11/using_pvs_to_de.html

Detecting Proxy Firewalls
http://blog.tenablesecurity.com/2006/10/proxyfirewall_d.html

Detecting DNS Servers with "Recursion" Enabled
http://blog.tenablesecurity.com/2006/08/helping_to_stop.html

Ron Gula, CTO
Tenable Network Security


Asthana, Vishal wrote:

Hi,

 

Is there any Nessus plugin that helps report Application names and
versions e.g. Internet Explorer, Yahoo, Firefox etc? There are
Application DETECTION plugins for the same but the post-scan operation
does not report the specific Application installed. It only reports FTP
Server, Web Server, Oracle Listener etc. 

 

I have already referred to the following old threads and ensured that
find_service.nes was part of the scan.

 

http://mail.nessus.org/mailman/htdig/nessus/2004-February/msg00302.html

http://mail.nessus.org/mailman/htdig/nessus/2004-February/msg00218.html

 

I have also tried using Nmap scanner instead of the Nessus TCP scanner
with the same results.

http://www.nessus.org/documentation/index.php?doc=nmap-usage

 

Any pointers would be helpful.

 

Thanks

Vishal


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Information about this scan, George A. Theall
Next by Date:  Re: Nessus plugins update failure, Shingari, Nitin V.
Previous by Thread:  Re: Application Fingerprinting & Reporting, Ron Gula
Next by Thread:  Re: Application Fingerprinting & Reporting, Ron Gula
Indexes:  [Date] [Thread] [Top] [All Lists]