Tadeusz Pietraszek

© 2004-2007 Tadeusz Pietraszek

«
»

Nessus command line search

I’ve recently tired to do a nessus scan from an X-less gentoo machine. The task is quite simple, but there are a few quirks that are not obvious.

The easy part:

  1. emerge nessus
  2. nessus-mkcert
  3. nessus-user-add
  4. register at nessus website to get the actiovation code for plugin feeds (FYI: #GPL plugins: 1299, #registered plugins: 9575), so unless you register you get a very small subset of (probably outdated) scanners.
  5. nessus-fetch –register <activation-code>
  6. nessus-update-plugins (it probably makes sense to add it to cron).

Ok, now for scanning the most obvious choice is to run a nessus client with GTK interface. If we don’t want to do this we can either:

  • run the graphical console remotely
  • run a command-line interface.

The tricky part: Scanning using command line interface:

nessus -V -q 127.0.0.1 1241 <user> <password> <host file> <output file.nbe>

It works fine although generates a warning that “potentially unsafe plugins have been disabled”. While it makes sense for a big and critical network, you may also want to do the “unsafe” scan occasionally. How to enable it?

The first trick, is that nessus creates a “.nessusrc” file in your home directory. The first try — “safe_checks=no” – doesn’t help. Second, you figure out that there is also a nessus-wide file /etc/nessus/nessusd.conf”, which has the same option (overriding the local one) by default set to “yes”. Unfortuantely, no warning is generated when this happenes. Unfortunately, this doesn’t help either :-(

I found the solution analyzing the config file that was created after using nessus with a GUI (with all the plugins enabled). It turns out that such a file the following entry is being added:

begin(PLUGIN_SET)
 14250 = yes
 15094 = yes
 15185 = yes
...
end(PLUGIN_SET)

So all the plugins are explicitly enabled. Only then AND if both safe_checks in the global and local config files are set to “no”, unsafe plugins are executed. Unfortuantely, I don’t know how to set this option from the command line. Also as the new plugins are being instaled, the list would need to be kept updated (does nessus client do this?).

Another solution can be using Net::Nessus::ScanLite from CPAN (unfortunately it seems a bit outdated ~Dec 2003). I haven’t tried it, but it looks ok, and also it supports reading of plugins (so that we can enable/disable some) and also relieves us from parsing the NBE file. Problem: Net::Nessus::ScanLite uses Net:Nessus::Client, which doesn’t compile (for a number of reasons) and, moreover, is not aware that Nessus uses SSL. Surprisingly enough, ScanLite is aware of this and it somehow works around this. How — I don’t know.

This entry was posted on Wednesday, October 12th, 2005 at 4:59 pm and is filed under Hacking, Security, Tips&Tricks. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

36 Responses to “Nessus command line search”

  1. Spookstaz Says:
    October 28th, 2005 at 4:44 pm

    Try using the option:

    nessus -c …

    Like this:

    nessus -c ~/.nessusrc -V -q 127.0.0.1 1241

  2. Spookstaz Says:
    October 28th, 2005 at 4:54 pm

    Also, you must have in your config file:

    begin(SERVER_PREFS) … … safe_checks=no … … end(SERVER_PREFS)

  3. Pankaj Says:
    October 29th, 2006 at 12:59 pm

    Hi Tadek came to your blog while searching for Nessus CLI. Could you help me a little, I am In India and working on a project to run Nessus and Metasploits from a customised front end so was keen to know how to run both of these thru a CLI and how to connect these commands to a Command button in GTK or Java etc Thanks a lot !! (I am not too good inprogramming so any help will be welcome) C ya Pankaj

  4. chat Says:
    November 11th, 2006 at 9:30 am

    Try using the option:

    nessus -c …

    Like this:

    nessus -c ~/.nessusrc -V -q 127.0.0.1 1241

    Thanks

  5. Sohbet Says:
    November 18th, 2006 at 3:17 pm

    begin(SERVER_PREFS) … … safe_checks=no … … end(SERVER_PREFS)

  6. Kalpyeri Says:
    November 19th, 2006 at 1:56 pm

    Thanks :)

  7. mirc Says:
    November 25th, 2006 at 9:04 pm

    Thanks

  8. Sohbet Says:
    November 26th, 2006 at 4:53 pm

    Surprisingly enough, ScanLite is aware of this and it somehow works around this. How — I don’t know.

  9. Sohbet odaları Says:
    November 27th, 2006 at 9:15 pm

    interesting , good text Thanks !

  10. sohbet Says:
    March 2nd, 2007 at 1:57 pm

    Also, you must have in your config file:

    begin(SERVER_PREFS)

  11. Video Says:
    April 28th, 2007 at 12:51 pm

    Try using the option:

    nessus -c …

    Like this:

    nessus -c ~/.nessusrc -V -q 127.0.0.1 1241

    Thanks

  12. komik Says:
    June 7th, 2007 at 1:41 pm

    Surprisingly enough, ScanLite is aware of this and it somehow works around this. How — I don’t know.

  13. Chat Says:
    October 3rd, 2007 at 11:40 am

    Thanx

  14. chat Says:
    December 10th, 2007 at 12:22 am

    begin(PLUGIN_SET) 14251 = yes 15092 = yes 15183 = yes … end(PLUGIN_SET)

  15. nessus über die konsole bedienen - Linux Forum Says:
    January 7th, 2008 at 1:18 pm

    [...] hilft Dir das hier: http://tadek.pietraszek.org/blog/2005/10/12/nessus-command-line-search/Aber ich sach Dir gleich, sieh zu, dass Du irgendwie an ‘nen X kommst und den Client installieren [...]

  16. Tercüme Says:
    January 8th, 2008 at 11:27 pm

    Thanks..

  17. porno Says:
    January 27th, 2008 at 11:08 am

    So all the plugins are explicitly enabled. Only then AND if both safe_checks in the global and local config files are set to “no”, unsafe plugins are executed. Unfortuantely, I don’t know how to set this option from the command line. Also as the new plugins are being instaled, the list would need to be kept updated (does nessus client do this?). quesiton?

  18. Bedava Says:
    January 30th, 2008 at 12:35 pm

    Surprisingly enough, ScanLite is aware of this and it somehow works around this. How — I don’t know

  19. Komsu.net Says:
    January 30th, 2008 at 12:35 pm

    thanks…. Surprisingly enough, ScanLite is aware of this and it somehow works around this. How — I don’t know

  20. penis büyütme Says:
    February 14th, 2008 at 8:45 pm

    pietraszek.org/blog/2005/10/12/nessus-command-line-search/Aber ich sach Dir gleich, sieh zu, dass Du irgendwie an ‘nen X kommst und den Client installieren

  21. Peter Says:
    April 4th, 2008 at 6:54 am

    Good info. Thanks Tadek.

    Nessus is a great vulnerability scanning solution, running from the command line you can script it and that can increase productivity. :)

  22. kpss Says:
    June 20th, 2008 at 6:35 pm

    Perfect templates. Thanks for the sharing.

  23. blog bloglar Says:
    June 26th, 2008 at 6:23 pm

    Japanese carrier Softbank has announced a range of new phones, and the one that stands out is the 812SH Pantone series by Sharp, if only because it comes in colours other than Black

  24. sohpet Says:
    July 14th, 2008 at 9:12 pm

    thanks a lot.

  25. Cappadocia Says:
    July 17th, 2008 at 11:26 am

    great

  26. Celebrity Pictures Says:
    July 17th, 2008 at 11:27 am

    fine

  27. Disney Movies Says:
    July 17th, 2008 at 11:27 am

    said

  28. Disney Pictures Says:
    July 17th, 2008 at 11:28 am

    pandaaa

  29. football Pictures Says:
    July 17th, 2008 at 11:28 am

    fine goal

  30. Seo Danışmanı Says:
    July 17th, 2008 at 11:31 am

    fine goals

  31. kpss Says:
    July 17th, 2008 at 9:26 pm

    The Urban Monk aims to provide a free companion in your personal development journey inwards into yourself and outwards into the urban world – modern life, entwined with ancient spirituality.

  32. chat Says:
    July 27th, 2008 at 4:58 pm

    tenlssss

  33. SohbeT Says:
    August 28th, 2008 at 9:00 pm

    thanks…

  34. Camfrog Says:
    September 1st, 2008 at 6:24 am

    SpeciaL Thx To Admins

  35. SohbeT Says:
    September 5th, 2008 at 7:30 pm

    thanks. admin

  36. sohbet Says:
    September 10th, 2008 at 4:08 am

    thanks