December 26, 2010
Nessus 4.2 Provides Improved Exploit Availability Information

Back in September, I’ve blogged about a relatively new feature added to Nessus that provides information about the availability of an exploit for vulnerabilities identified during the scan. I wrote then:

This is an incredibly valuable information that will allow you to prioritize your remediation actions. For instance, you could elect to plug critical vulnerabilities for which there is a public exploit then move on to the medium ones for which there is also a public exploit and so on.

This feature has recently improved. The .nessus v2 XML reports tells you now if the exploit is available in Immunity CANVAS and/or Metasploit.

If an exploit is available in CANVAS, the exploit_framework_canvas subnode of the ReportItem XML node will be set to true. Moreover, the canvas_package subnode will tell you in which CANVAS package the exploit can be found.

If an exploit is available in Metasploit, the exploit_framework_metasploit subnode of the ReportItem XML node will be set to true. In case Metasploit has an exploit for the identified vulnerability, the metasploit_name subnode will provide its name. Here is an example:

<metasploit_name>Microsoft ASN.1 Library Bitstring Heap Overflow</metasploit_name>

This is particularly interesting as Metasploit 3.5.x allows you to control Nessus, import the scan results and display only the vulnerabilities for which there is a Metasploit exploit.

9:09am  |   URL: http://blog.upbeat.fr/post/2467152981/nessus-improved-ea
(view comments
FILED UNDER: Nessus CANVAS Metasploit exploit security vulnerability 
September 24, 2010
Checking the Availability of Public Exploits with Nessus 4.2

On September 22, 2010, Renaud Deraison announced on the Tenable Network Security discussion forums the availability of new versions of the Nessus 4.2 Flash interface and Web server. This is yet another reminder that you need to check those discussion forums on a regular basis if you are serious about using Nessus.

With these new versions, Nessus 4.2 adds a new field to the scan report which purpose is to tell whether a public exploit exists for a given vulnerability or not. This is an incredibly valuable information that will allow you to prioritize your remediation actions. For instance, you could elect to plug critical vulnerabilities for which there is a public exploit then move on to the medium ones for which there is also a public exploit and so on.

This new field or, more exactly, subnode of the ReportItem XML node of the .nessus v2 report format is called exploit_available. It is a boolean. For more information on the .nessus v2 report format, please see my Nessus 4.2: .nessus v2 file format for the masses blog post.

Using the Web interface, you can find out which vulnerabilities have a public exploit by checking the Exploits exist checkbox in the Show Filters menu as shown by the screenshot below:

This filter will then show up under the Active Filters section:

Now you can see which vulnerabilities are really worth mitigating ASAP:

11:35pm  |   URL: http://blog.upbeat.fr/post/1180745142/nessus-public-sploit-check
(view comments
(No. OF NOTES: 2)
  
FILED UNDER: Nessus Nessus 4.2 vulnerability public exploit exploit New feature 
Liked posts on Tumblr: More liked posts »