Escáner de redes de gratuito, NESSUS.

Nessus es una herramienta para el escaneo de redes y agujeros de seguridad en distintos sistemas operativos. Nessus además de escanear puertos escanea vulnerabilidades utilizando plugins, en constante actualización, escritos en NASL (Nessus Attack Scripting Language, Lenguaje de Scripting de Ataque Nessus por sus siglas en inglés), un lenguaje scripting optimizado para interacciones en redes. Esta compuesto por dos partes cliente y servidor que normalmente se instalan en la misma maquina pero que pueden ser muy útiles por separado para gestión remota de seguridad de redes.
Tiene varias funciones de escaneo en las que se encuentra una muy potente denomina no segura, en la que utiliza diversos exploits esta función pueden causar caídas en sistemas o corromperlos, es recomendable usarla con mucho cuidado. Sus resultados pueden exportarse en mucho formatos, además se incluyen en una base de datos en la que se pueden comparar entre si. Nessus es compatible con los siguientes sistema operativos Linux, FreeBSD, Solaris, Mac OS X y Windows 2000, XP y 2003 (32 bits).

Aquí un ejemplo de un resultado de un escaneo realizado con Nessus:

http (80/tcp)

The remote web server seems to be vulnerable to a format string attack on HTTP 1.0 header value.
An attacker might use this flaw to make it crash or even execute arbitrary code on this host.

Solution: upgrade your software or contact your vendor and inform him of this vulnerability

Risk Factor : High
Plugin ID :

Port is open
Plugin ID :

A web server is running on this port
Plugin ID :

Synopsis :

Remote web server is not or badly configured

Description :

The remote web server seems to have its default welcome page set.
It probably means that this server is not used at all.


Disable this service, as you do not use it

Risk Factor :

None / CVSS Base Score : 0
Plugin ID : 11422

The following directories were discovered:
/cgi-bin, /icons, /manual

While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards

Other references : OWASP:OWASP-CM-006
Plugin ID : 11032

The remote web server type is :

Apache/1.3.33 (Darwin)

Solution: You can set the directive ‘ServerTokens Prod’ to limit the information emanating from the server in its response headers.
Plugin ID : 10107

Synopsis :

The remote Apache server can be used to guess the presence of a given user name on the remote host.

Description :

When configured with the ‘UserDir’ option, requests to URLs containing a tilde followed by a username will redirect the user to a given subdirectory in the user home.

For instance, by default, requesting /~root/ displays the HTML contents from /root/public_html/.

If the username requested does not exist, then Apache will reply with a different error code. Therefore, an attacker may exploit this vulnerability to guess the presence of a given user name on the remote host.


In httpd.conf, set the ‘UserDir’ to ‘disabled’.

Risk Factor :

Low / CVSS Base Score : 2
CVE : CVE-2001-1013
BID : 3335
Plugin ID :

ntp (123/udp)

It is possible to determine a lot of information about the remote host by querying the NTP (Network Time Protocol) variables – these include OS descriptor, and time settings.

It was possible to gather the following information from the remote NTP host :

version=’ntpd 4.1.1@1.786 Sun Mar 20 15:40:56 PST 2005 (1)’,
processor=’Power Macintosh’, system=’Darwin8.9.0′, leap=0, stratum=3,
precision=-18, rootdelay=127.663, rootdispersion=341.525, peer=63308,, reftime=0xc9e1db36.0ad83c6c, poll=13,
clock=0xc9e1ef2f.94560c7c, state=4, offset=15.376, frequency=-12.998,
jitter=93.360, stability=1.789

Quickfix: Set NTP to restrict default access to ignore all info packets: restrict default ignore

Risk Factor : Low
Plugin ID :

imap (143/tcp)

Synopsis :

An IMAP server is running on the remote host.

Description :

An IMAP (Internet Message Access Protocol) server is installed and running on the remote host.

Risk Factor :


Plugin output :

The remote imap server banner is :
* BYE [ALERT] Cannot connect to IMAP server connect error 10061

Plugin ID : 11414

smtp (25/tcp)

The SMTP server on this port answered with a 421 code.
This means that it is temporarily unavailable because it is overloaded or any other reason.

** Nessus tests will be incomplete. You should fix your MTA and
** rerun Nessus, or disable this server if you don’t use it.

Plugin ID : 18528

For some reason, we could not send the file to this MTA
BID : 3027
Plugin ID :


The remote host is running Mac OS X 10.4.9
Plugin ID :

It is possible to crash the remote host by sending it an SCTP packet.

Description :

There is a flaw in the SCTP code included in Linux kernel versions 2.6.16.x that results in a kernel panic when an SCTP packet with an unexpected ECNE chunk is received in a CLOSED state. An attacker can leverage this flaw to crash the remote host with a single, possibly forged, packet.

See Also :


Upgrade to Linux kernel version 2.6.17 or later.

Risk Factor :

Low / CVSS Base Score : 3
CVE : CVE-2006-2271
BID : 17910
Plugin ID : 21560

Fin de ejemplo.

Más información y descarga de Nessus:

Deja un comentario