Skip to content

Instantly share code, notes, and snippets.

@cactaceae21

cactaceae21/pluginID.md

Last active April 23, 2018 10:08
Show Gist options
  • Save cactaceae21/5a4f7b4d872192e0e0841cd96282b66f to your computer and use it in GitHub Desktop.
Save cactaceae21/5a4f7b4d872192e0e0841cd96282b66f to your computer and use it in GitHub Desktop.
Download ZIP
Tenable Nessus Plugin ID's #tenable #nessus #sccv
Raw
pluginID.md

19506 - Displays information about the scan itself

  • The version of the plugin set.
  • The type of scanner (Nessus or Nessus Home).
  • The version of the Nessus Engine.
  • The port scanner(s) used.
  • The port range scanned.
  • Whether credentialed or third-party patch management checks are possible.
  • The date of the scan.
  • The duration of the scan.
  • The number of hosts scanned in parallel.
  • The number of checks done in parallel.

21745

  • Local security checks have been disabled for this host because either the credentials supplied in the scan policy did not allow Nessus to log into it or some other problem occurred.

24786

  • The Nessus scanner testing the remote host has been given SMB credentials to log into the remote host, however these credentials do not have administrative privileges. Typically, when Nessus performs a patch audit, it logs into the remote host and reads the version of the DLLs on the remote host to determine if a given patch has been applied or not. This is the method Microsoft recommends to determine if a patch has been applied. If your Nessus scanner does not have administrative privileges when doing a scan, then Nessus has to fall back to perform a patch audit through the registry which may lead to false positives (especially when using third-party patch auditing tools) or to false negatives (not all patches can be detected through the registry).

10863 - SSL Certificate Information

  • This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.

10902 - Administrators group user list

  • Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of this group have complete access to the remote system.

71246 - Enumerate Local Group Memberships

  • Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.

11936 - OS Identification

  • Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.

66334 - Patch Report

  • The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.

38153 - Microsoft Windows Summary of Missing Patches

  • This plugin summarizes updates for Microsoft Security Bulletins or Knowledge Base (KB) security updates that have not been installed on the remote Windows host based on the results of either a credentialed check using the supplied credentials or a check done using a supported third-party patch management tool.

71246 - Enumerate Local Group Memberships

  • Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.

35730 - Microsoft Windows USB Device Usage Report

  • Using the supplied credentials, this plugin enumerates USB devices that have been connected to the remote Windows host in the past.

64582 - Netstat Connection Information

  • The remote host has listening ports or established connections that Nessus was able to extract from the results of the 'netstat' command.

21643 - SSL Cipher Suites Supported

  • This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.

12634 - Authenticated Check: OS Name and Installed Package Enumeration

  • This plugin logs into the remote host using SSH, RSH, RLOGIN, Telnet, or local commands and extracts the list of installed packages. If using SSH, the scan should be configured with a valid SSH public key and possibly an SSH passphrase (if the SSH public key is protected by a passphrase).

84239 - Debugging Log Report

  • Logs generated by other plugins are reported by this plugin. Plugin debugging must be enabled in the policy in order for this plugin to run.

97737 - MS17-010

  • Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks) (Petya)

97833 - MS17-010

  • Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks) (Petya) (uncredentialed check)

14272 - Netstat Portscanner (SSH) (Works well with Agents)

  • Nessus was able to run 'netstat' on the remote host to enumerate the open ports. See the section 'plugins options' about configuring this plugin. Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.

34220 - Netstat Portscanner (WMI)

  • Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)

  • This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.

64582 - Netstat Connection Information

  • The remote host has listening ports or established connections that Nessus was able to extract from the results of the 'netstat' command.

10456 - Microsoft Windows SMB Service Enumeration

  • This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol, the list of active and inactive services of the remote host. An attacker may use this feature to gain better knowledge of the remote host.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment