|
|
|
|
|
|
|
Nessus 3 Material
The Nessus Mailing Lists
Useful Tenable Blog Entries about Nessus
- Finding Sensitive Data as a Consultant with Nessus August, 2007
- LM/NTLM Hash Support for SMB Credentials June, 2007
- Using the 'nasl' Nessus Command Line Tool June, 2007
- Auditing Anti-Virus Products with Nessus February, 2007
- Advanced Nessus 3 WMI Checks Against Windows Systems February, 2007
- Improper Network Segmentation Testing With Nessus January, 2007
- Detecting Compromised Windows Hosts December, 2006
- Enterprise Software Discovery with Nessus December, 2006
- Limiting the Ports Probed by Nessus Scans September, 2006
- Understanding the Nessus "Safe Checks" Option September, 2006
- Using Nessus to scan hosts behind a firewall August, 2006
Books and Articles about Nessus
 |
"Nessus, Snort and Ethereal Power Tools" is an advanced manual which explains how to configure Nessus, Snort and Ethereal to better suit your needs. Go to Syngress.com for more information.
Table of Contents
Sample Chapter |
 |
"Nessus 2.x kompakt" is a short (120 pages) book written in German which can be used as a quick introduction to Nessus and its related projects. Go to http://www.bomots.de/Nessus for more information. The first three chapters are available on-line.
|
- Introduction to Nessus by Harry Anderson [Part 1] [Part 2] [Part 3]
Harry wrote three very good articles on Nessus at SecurityFocus.com. If you know nothing about Nessus, you should probably start here.
- Nessus Technical Guide by Mike Chapple
Mike Chapple at Search Security wrote a very comprehensive Nessus Technical Guide which is a good introduction to the program.
Scanning with Credentials
- Blended security assessments
Tenable Network Security is uniquely positioned to offer enterprise management of host-based, network-based and passive vulnerability assessment technologies. This paper discusses the advantages and limitations of each technology. The challenges of performing enterprise network vulnerability assessments and how they can be overcome with Tenable Security Center and Nessus. July 2004. 10 page
- Nessus Credentials Checks for UNIX and Windows
Nessus can not only perform remote security checks of Unix hosts and Windows hosts, but it can also log into them (provided you give it the proper credentials) to enumerate the list of missing patches. This document explains how to configure your network and Nessus to perform a complete vulnerability scan.
The .nessus (dot nessus) file format
- NessusClient 3.2 File Format
This document explains how the .nessus file format (which is XML-based) is set up and can help you process .nessus files with your own tools. NessusClient 3 as well as the 'nessus' command line tool in Nessus 3.1.5 (and newer versions) can process and produce .nessus files.
- dot_nessus.xsd
This XML Schema can be use to test custom tools producing the .nessus format
Online Help
- Nessus Bugzilla
If you have found a bug in Nessus, please let us know!
- The Nessus Knowledge Base
Edgeos organized a very nice knowledge base about every configuration option in the Nessus client and the Nessus daemon. If you want to know which option means what, you should definitely look at this page!
- The Nessus Mailing Lists
Miscellaneous
- Using Nmap from within Nessus
Nessus has the ability to launch nmap or to import its results when doing a page. This is done thru a plugin called 'nmap.nasl'. Before downloading this plugin, read this document.
|
| |
|
|
|
