You're reading from Network Scanning Cookbook Practical network security using Nmap and Nessus 7

Product type Paperback

Published in Sep 2018

Publisher Packt

ISBN-13 9781789346480

Length 304 pages

Edition 1st Edition

Tools

Nessus

Concepts

Network Security

Author (1):

Sairam Jetty

View More author details

Table of Contents (10) Chapters

Preface

1. Introduction to Network Vulnerability Scanning FREE CHAPTER

2. Understanding Network Scanning Tools

3. Port Scanning

4. Vulnerability Scanning

5. Configuration Audits

6. Report Analysis and Confirmation

7. Understanding the Customization and Optimization of Nessus and Nmap

8. Network Scanning for IoT, SCADA/ICS

9. Other Books You May Enjoy

Leave a review - let other readers know what you think

How to confirm Nessus vulnerabilities using Nmap and other tools

Most of the vulnerabilities reported by Nessus are signature and value-based, which Nessus makes a decision on based on the code present in the plugins. It is required to confirm these vulnerabilities using manual techniques such as Nmap scripts or port-specific open source tools. This will allow the administration team to put their efforts into the mitigation of the actual vulnerabilities instead of false positives. Also, sometimes, Nessus reports vulnerabilities for which workarounds have already been applied as Nessus only checks with respect to the conditions mentioned in the plugin and cannot recognize any other deviations. In this recipe, we will look at sets to verify multiple vulnerabilities reported by Nessus using Nmap and other open source tools.

In order to create this recipe, we will perform a demo basic...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (1)

Jetty

Sairam Jetty has more than 5 years of hands-on experience in many verticals of penetration testing, compliance, digital forensics, and malware research. He is currently working with Paladion Networks, Abu Dhabi, as a senior analyst and team lead. He has assisted and associated with various financial, telecom, and industrial institutions for testing and securing their applications and environments. Sairam has industry-standard certifications, such as OSCP, Digital Forensic Analyst, Digital Forensic Investigator, and Mobile Security Expert. He also specializes in source code review and mobile application security. He has acquired a great knowledge of SCADA/ICS and nuclear security from his corporate experience and self-learning.

See other products by Jetty