NAME
nessus - The client part of the Nessus Security Scanner
SYNOPSIS
nessus [-v] [-h] [-n] [-T
B <type> ] [-q [-pPS] host port user password targets results ]
nessus -i in.[nsr|nbe] -o out.[html|xml|nsr|nbe]
DESCRIPTION
The
Nessus Security Scanner
is a security auditing tool made up of two parts: a server, and a client.
The server,
nessusd
is in charge of the attacks, whereas the client
nessus
provides an interface to the user.
nessus
is an X11 client based on the Gimp ToolKit (GTK).
This man page explains how to use the client.
OPTIONS
I -c <config-file> , --config-file= <config-file>
use another configuration file.
-n, --no-pixmaps
no pixmaps. This is handy if you are running nessus on a remote computer.
-q, --batch-mode
quiet mode or batch mode. Setting this option makes the nessus client
expect all of the following settings.
-p
obtain list of plugins installed on the server.
-P
obtain list of server and plugin preferences.
-S
issue SQL output for -p and -P (experimental).
\host
is the
nessusd
host to whom you will connect.
\port
is the port to which you will connect on the remote
nessusd
host.
\user
is the user name to use to connect to
R nessusd .
\password
is the password associated with this user name.
\targets
is the name of a file containing the target machines.
\results
is the name of the file where the results will be stored at the end of
the test.
I -r <report-file> , --open-report= <report-file>
Using the GUI,
nessus
visualizes a report file from a previous session. Repeating this option,
more files are displayed.
I -T <type> , --output-type= <type>
Save the data as <type>, where <type> can be nbe, html,
html_graph, text, xml, old-xml,
tex or nsr
-V, --verbose
make the batch mode display status messages to the screen.
-x, --dont-check-ssl-cert
do not check SSL certificates.
-v, --version
shows version number and quits
-h, --help
lists the available options
The X11 interface
The nessus client interface is divided in several panels:
"
In this section, you must enter the
nessusd
host to whom you will connect, as well as the port. You must also enter your
nessusd
user name and your password (not the one of the system). Once you are done, you
must click on the Log in button, which will establish the
connection to the
nessusd
host.
Once the connection is established,
nessusd
sends to the client the list of attacks it will perform, as well as the
default preferences to use.
"
In this section, you are required to enter the primary target. A
primary target
may be a single host (e.g. prof.fr.nessus.org), an IP (e.g. 192.168.1.1), a
subnet (e.g. 192.168.1.1/24 or prof.fr.nessus.org), or a list of hosts,
separated by commas (e.g. 192.168.1.1, 192.168.2.1/24, prof.fr.nessus.org,
joyeux.fr.nessus.org).
You can restrict the maximum number of hosts to test using the
Max Hosts entry.
This is a feature that prevents you from scanning too many machines;
or accidentally scanning other machines.
(For instance, if you only plan to test prof.fr.nessus.org and
www.fr.nessus.org, you can safely set this entry to 2).
This panel also allows you to enable the Perform a DNS zone
transfer
option. This option is dangerous and should be enabled with caution.
For instance, if you want to test www.nessus.org, then if this option is set,
nessusd
will attempt to get the list of the hosts in the nessus.org
domain.
This option may be dangerous. For instance, if you enable it and you ask to
test 192.168.1.1/24, then
nessusd
will do a reverse lookup on
every
IP, and will attempt a DNS zone transfer on every domain. That is, if
192.168.1.1 is www.foo.bar, and 192.168.1.10 is mail.bar.foo, then
a DNS zone transfer will be made on the domains foo.bar
and bar.foo.
"
Once you have successfully logged into the remote
nessusd
server,
this section is filed with the list of the attacks that the server will
perform. This panel is divided in two parts: the plugins families, and
the plugins themselves. If you click on the name of a plugin, then
a dialog will appear, showing you which will be the error message
sent by the plugin if the attack is successful.
Report conversion
You can use
nessus
to do conversion between formats used for reports. Nessus can take
any NSR or NBE reports and change them into HTML, XML, NSR or NBE reports.
Please note that the XML report provides usually more information
about the scan itself NSR or NBE formats do not include in the report.
Basically, XML is a merge between the .nbe reports and the .nessusrc
configuration file. You won't get extra verbosity or diagnosis info in
the XML report, but you'll know which plugins (and which version of
these plugins) have been enabled during the scan.
For more information on the report formats please read the files
nsr_file_format.txt
and
nbe_file_format.txt
provided along with the documentation.
ENVIRONMENT VARIABLES
HOME
The path to the user's home directory which will hold the client
configuration cache
R .nessusrc .
The path is referred to as
R ~/ ,
below.
NESSUSHOME
If this environment variable is set, this path is used instead of the
path defined by the
HOME
variable. This path is referred to as
R ~/ ,
below.
% More examples should be included here (jfs)
EXAMPLES
To run a batch scan from a cron job and publish it in a given
web space (
/var/www/html/nessus/
) try the following:
nessus -c /root/nessus/nessus.rc -T html -qx localhost 1241 batch batch1
/root/nessus/target /var/www/html/nessus/results.html
Make sure that paranoia level is
not
set in your
nessus.rc
configuration file, otherwise the scan will not work
FILES
~/.nessusrc
is the client configuration file, which contains the options about which
nessusd
server to connect to, which plugins to activate, and so on. The file is
created automatically if it does not exist.
SEE ALSO
MORE INFORMATION ABOUT THE NESSUS PROJECT
The canonical places where you will find more information
about the Nessus project are:
http://www.nessus.org/
(Official site)
http://cvs.nessus.org/
(Developers site)
AUTHORS
The Nessus Project was started and is being maintained by Renaud Deraison
<deraison@cvs.nessus.org>. The
nessusd
server is mainly Copyright (C) 1998-2001 Renaud Deraison, as well as the
attack modules.
Several other people have been kind enough to send patches and bug reports.
Thanks to them.
ČLÁNKY DO MAILU