Thursday, August 12, 2010

More Fun With Nessus Reports

A common grievance for security professionals dealing with Nessus reports is the organization of the report by host or IP address. This makes it difficult for organizing findings by type of vulnerability. This script is a little more complicated than "nsfix", but probably more useful. Enjoy.

(I reserve the right to be somewhat embarrassed if the Nessus experts come out of the woodwork with an option to do this, too, from the Nessus GUI..)

Wednesday, August 11, 2010

Nessus False Positives Getting Underfoot?

So.. After you've run the scan, you've found yet another false positive in Nessus due to the idiosyncracies of your environment. Here is a script to purge a particular plugin from a Nessus report so you don't have to redo the scan after fixing your scan parameters.

This may work on OpenVAS reports, let me know if it causes a problem. As always, improvements are welcome.

Updated: pauldotcom from Twitter makes an excellent point that this can be achieved using the "Report Filters" interface. I blame my fear of flash guis for not finding this.