Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: managing scan reports + launching nessus script

from [Mike . Vasquez] Network Security [Permanent Link]
Subject: RE: managing scan reports + launching nessus script
Date: Mon, 22 Oct 2007 10:28:35 -0700 
Hey Jeff,

(I've included John Olson regarding a prior email that I didnt' get to -- 
info on how I use windows nessus and a batch file to ensure all my reports 
are in a common location -- sounds like a question you had in a nessus 
3.0.6 on solaris thread -- hope it helps -- that info after the xsl info)

If you use the Windows version (NessusGui.exe), these sound very much like 
just what you're after:  Reports are generated by classification.  I'm 
looking into what else I can do, but also will be looking at the new 
format and possibilities available based on recent similar threads with 
Renaud. 

Changes: 
Original: Option to view by Host, or by Vulnerability 
Added: Option to View by Host or Vulnerabilty, and further restrict to 
Holes & Warnings, Just Holes, Just Warnings, and Just Info 

This change lets me create just critical, or medium to critical reports, 
as needed.  Info can often be way too much information. 

Original: Regardless if addresses were entered as hostname or IP, the 
result shows only the IP 
Added: info from Plugin ID 12053, so that hostname now shows up in the 
"View by Host" reports (dependant on Plugin ID 12053 pulling in the info) 
This resolves my "which host was that again?" questions, as well as 
resolving DHCP issues by making the hostname readily available.   

Thanks to cmarshall of webmasterworld.com for helping me through the xsl 
on the hostname! 

Extract the following to "C:\Program Files\Tenable\Nessus\report_styles" 
as the default windows locations.  backup beforehand if necessary, they 
can't coexist.  I don't know of any reason why they couldn't also be used 
on the Linux side but I haven't investigated that yet.  (If someone does, 
let me know -- I need to test that route out too, and soon)




There was also a recent thread about the report location issue(by John 
Olson) -- nessus stores report information under the user accounts, which 
can be less than helpful.  Here's the cheesy batch file we use.  In brief:

It opens in notepad a file called "Wind.bat" which simply launches 
windump.exe to packet capture a scan for later analysis in case we have a 
target host problem.  The end user simply gives the files a name/date.  It 
then uses the start command to open the capture in a separate dos window.
It then launches nessus.  when nessus closes, it copies all the captures 
to a network location (which I've mapped as X)
It then copies the report data to a neutral location.  Finally, it copies 
all the logs to a neutral location.  Any client can then import as needed.

%username% is a variable for the logged in user's acct name.  The file 
runs from the all users desktop folder so everyone sees it.  works like a 
champ.  Pause at the end stops it.

@echo off
@echo Welcome to the Nessus Scanning batch file
@echo.
@echo Windump -- Capturing the Scan
@echo First, edit the wind.bat file to packet capture, by changing the 
"<file>"
@echo name, currently "c:\capture\<file>".  Do NOT change the "capture"
@echo directory location, as doing so prevents this batch file from 
automating 
@echo capture file backup.  Capture files will be located at 
@echo \\yourserver\yourshare\Vulnerability_Scanning\Captures.
@echo. 
@echo Once you are done editing close the file...
@notepad.exe "C:\Documents and Settings\All Users\Desktop\wind.bat"
start cmd /k "C:\Documents and Settings\All Users\Desktop\wind.bat"
@echo Close Nessus when you are done scanning to begin file copy
@"C:\Program Files\Tenable\Nessus\NessusGUI.exe"
@echo Copying the packet captures....
@echo.
@echo.
xcopy /d /e /c /h /y c:\captures\*.* x:\vulnerability_scanning\captures\
@echo Now copying the Nessus Report raw data (can be imported into any 
Nessus Installation)
@echo.
@echo.
xcopy /d /e /c /h /y "C:\Documents and 
Settings\%username%\Tenable\Nessus\reports\*.*" 
x:\vulnerability_scanning\reports\
@echo Now copying the Nessus log repository
@echo.
@echo.
xcopy /d /e /c /h /y "C:\Program Files\Tenable\Nessus\logs\*.*" 
x:\vulnerability_scanning\logs\
@echo.
@echo.
@echo Finished!  Exiting happens if you
pause

(note:  \\yourserver\yourshare above, is my "x:\" drive, i.e. "net use x: 
\\yourserver\yourshare)

Good luck, hope it helps,
Mike

GIF image

Attachment: XSL_Nessus.zip
Description: Zip archive

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: managing scan reports, Doug Nordwall
Next by Date:  RE: managing scan reports + launching nessus script, Jeff Chapin
Previous by Thread:  managing scan reports, Jeff Chapin
Next by Thread:  managing scan reports + launching nessus script, Albert
Indexes:  [Date] [Thread] [Top] [All Lists]