Stack Overflow
Stack Overflow

Questions tagged [nessus]

Nessus is a commercial vulnerability scanner offered by Tenable Security

Nessus is a commercial vulnerability scanner offered by Tenable Security.

Nessus features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs and across physically separate networks

98 questions
5
votes
1 answer

Apache httpd vulnerability on macOS BigSur

I'm on the latest macOS (BigSur 11.4 20F71) and discovered a critical vulnerability in Apache httpd, which is located here /usr/sbin/httpd. I never installed Apache httpd on my mac. /usr/sbin is a Read-Only file system (Protected by SIP "System…
AJ Hurst
  • 358
  • 4
  • 11
4
votes
1 answer

Python XMLRPC Nessus Error

Anyone know why I am getting this error? I am using http://code.google.com/p/nessusxmlrpc/wiki/HowTo root@bt:~/NessusXMLRPC-0.21# python newnessusscan.py Traceback (most recent call last): File "newnessusscan.py", line 6, in scan =…
S-Ns-3
  • 93
  • 5
4
votes
0 answers

Ansible win_package stuck forever

I am using win_package module for installing "Nessus" in Windows 2016 server. But whenever I execute it, it hangs forever without response. Even after waiting for an hour, there is no response. I have already kept Nessus installer in Windows server…
tech_enthusiast
  • 683
  • 3
  • 12
  • 37
4
votes
2 answers

Unable to automate scan with Nessus 7 professional

I am evaluating the product Nessus 7 to perform vulnerability scans on the systems in my network.I am able to perform the scans successfully, but I am unable to automate it with a python Nessrest client. The following error is thrown by the nessrest…
Ranjan
  • 91
  • 8
3
votes
1 answer

how to prevent null byte injection from querystring

The Nessus Vulnerability Scanner was run against a legacy code website. There's a lot of advice about how to prevent null byte injection attacks with PHP but I cannot find anything about fixing this in classic ASP with VBScript. Here's the scanner's…
John Adams
  • 4,773
  • 25
  • 91
  • 131
3
votes
2 answers

Filter xml/nessus scan using python ElementTree

Python beginner needs help filtering .xml files. I've been trying with xml.etree.ElementTree having little success. The xml looks like this: Ipsum lorem etc…
mpace
  • 93
  • 1
  • 6
2
votes
2 answers

How to login to a webpage in Nessus and perform a SecTest?

I am trying to test a webpage using Nessus. I have tested all the stuff about the Server. But now I want to proceed by login to the webpage and test all possible pages behind the login form. But I couldn't achieve it. I gave all(text, password and…
0xmtn
  • 2,625
  • 5
  • 27
  • 53
2
votes
1 answer

How to fix "TLS Version 1.0 Protocol Detection and TLS Version 1.1 Protocol Deprecated" Nessus Scan Vulnerability

We are running our Java Application on RHEL 8.5 OS platform. In our Apache's ssl.conf file, we have enabled only TLSv1.2 protocol. And we are not using TLSv1 and TLSv1.1 protocols in our application. From the below details, it is confirmed that the…
Learner
  • 91
  • 2
  • 9
2
votes
1 answer

Unable to update the tls-cipher-suites for node exporter in openshift 3.11

Im trying to update the tls-cipher-suites for the daemonset.apps/node-exporter of openshift-monitoring namespace using oc edit daemonset.apps/node-exporter -n openshift-monitoring . . . - args: - --secure-listen-address=:9100 -…
Rakesh Kotian
  • 175
  • 3
  • 20
2
votes
2 answers

How do I restrict access to user-defined functions in MySQL

I am new to MySQL and I ran a Nessus scan on one my Servers and encountered a security finding which has a workaround to Restrict access to user-defined functions. Can someone help me please? Update The workaround is to Restrict access to create…
Sabio
  • 21
  • 1
  • 3
1
vote
1 answer

How to debug ECONNRESET with socket.io and express encountered when running a Nessus scan?

I'm encountering ECONNRESET errors that are crashing my node server when I run a Nessus Essentials basic network scan: node:events:505 throw er; // Unhandled 'error' event ^ Error: read ECONNRESET at TCP.onStreamRead…
jonneve
  • 555
  • 4
  • 16
1
vote
2 answers

Downloading custom Nessus scan report using Nessus API

I have python code that successfully downloads a Nessus scan report in csv format, but I need to add some additional fields to the downloaded report. I include parameters in the request payload to include some fields, but the scan that is downloaded…
macai
  • 11
  • 3
1
vote
0 answers

Is libwebp 0.3.0-3 used by pillow on Centos 7 concerned by CVE-2020-36328?

We scanned the same host (a CentOS Linux release 7.6.1810 (Core)) with two vulnerability scanners (Nessus and Rapid7). Rapid7 reported that libwebp-0:0.3.0-7.el7.x86_64 is vulnerable CVE-2020-36328. Nessus did not report a vulnerability, the plugin…
vx3r
  • 295
  • 1
  • 16
1
vote
0 answers

Can someone tell me the difference between having access via SMB vs having access via an admin account

I am basically referring to Vulnerability Scanners(eg.Nessus) and their need for SMB ports to be enabled. If we already have a service account with an admin privileges that can read data in the registry, then why is there a need for SMB protocols…
Tinu
  • 11
  • 1
1
vote
2 answers

How to download Nessus agent using wget using license accept option in Amazon Linux or Redhat machine

I want to download Nessus agent from the Nessus downloads page. But I am unable to directly download due to the License Agreement option in Nessus page Below command only partly downloaded the file wget --no-check-certificate --post-data='accept="I…
Sreenath
  • 47
  • 8
1
2 3 4 5 6 7