Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

在 Nessus 中导入 Nmap 的扫描结果

wpadmin~August 12, 2018 /InfoSec

在 Nessus 中导入 Nmap 的扫描结果

参考资料

Plugin Spotlight: Import Nmap XML Results Into Nessus
https://www.tenable.com/blog/plugin-spotlight-import-nmap-xml-results-into-nessus

Using Nmap Results With Nessus Batch Scanning
https://www.tenable.com/blog/using-nmap-results-with-nessus-batch-scanning

操作指南

相关文档可能是低版本 Nessus 的,可以直接试试阶段二。

阶段一 添加插件

http://tenablesecurity.com/documentation/nmapxml.nasl
http://static.tenable.com/documentation/nmapxml.nasl

1 将如下文件重命名为 nmapxml.nasl 并复制到 C:\Program Files\Tenable\Nessus\nessus\plugins 目录
2 关闭 nessus 服务 (后面有详细介绍)
3 以特殊参数重启服务 (建议用 -R)

阶段二 正式使用

New Scan > Advanced Scan > Discovery > Port Scanning > Nmap > Import Nmap results

上传 xml 文件即可。

重启服务

Linux

NOTE: Adding New Plugins
When adding plugins that are not part of a plugin update be certain to re-process your plugins. To do this you must first stop the Nessus server (/etc/init.d/nessusd stop on most Unix/Linux systems), then run one of the following commands:

nessusd (no arguments) – Starts nessusd and does not look at each plugin’s timestamp, unless plugin_feed_info.inc has changed.

nessusd -t – Starts nessusd and looks at each plugin’s timestamp. If the plugin’s timestamp is newer than that of the last time plugins were processed, it will process the new plugins.

nessusd -R – Flushes the plugins database, then processes every plugin (i.e., converts them into bytecode) and exits. This option ensures there are no leftovers from previous plugins, even if your clock has drifted backwards.

nessusd -y – Does the same as nessusd -t, but exits once done (instead of starting to listen on port 1241).

Typically, if you do not modify your plugins other than performing the routine plugin update process, you do not need to use these switches. If you manually modify a plugin, then you need to use -t or -y.

/etc/init.d/nessusd stop
nessusd
nessusd -t
nessusd -R # 将 插件数据库中所有插件清空并重新编译,会比较耗时
nessusd -y

Windows

Windows 可以使用 services.msc 来执行操作,将名称为 Tenable Nessus 的服务关闭。

# 或者可以使用 services.msc 停止 nessus 服务
net stop "tenable nessus"
C:\Program Files\Tenable\Nessus\nessusd.exe -R

其他思路

gnmap 结果处理

如果你只是想用 Nmap 做一下主机发现,将主机发现的结果导入 Nessus 的扫描目标中。
可以对 gnmap 文件进行处理
再配合 VS Code 的多行编辑 (Alt + Shift) 处理

nmap -sn -n -vvv -oA webserver_domain 192.168.1.1/24
cat webserver_domain.gnmap | grep "Up" > nmap_up_host.txt

Leave a Reply

Your email address will not be published. Required fields are marked *