Would there be any chance of including the ports and protocols associated with plugins in the kbs?
During a large run, we sometimes have had nessus get hung or had to kill it. It happens to the best of programs. While we could do a restore sessions, that can result in the same problem cropping up (and having to kill the session again). When a session does not run to completion, no output file is generated. If you have been running against a large network, this can be a problem. This made me wonder if there was anyway of pulling out of the kbs the results? I have parsed the kbs files, and the major problem I can see comes down to is the port and protocol not being associated with a plugin's results. For example, the nbe output will show (161/udp) for plugin script id 10264: results|192.168.2|192.168.2.15|snmp (161/udp)|10264|Security Hole|SNMP Agent responded as expected with community name: public\nCVE : CAN-1999-0517\n The kbe file (/usr/local/var/nessus/users/nessus/kbs/192.168.2.15) lists in relation to plugin script id 10264: 1012511244 3 Launched/10264=1 1012511245 1 SentData/10264/HOLE/1=SNMP Agent responded as expected with community name: public 1012511245 1 Success/10264=1 That provides the plugin id and the description but the 161/udp has no association with it. I believe, it's the only piece of information that prevents me from pulling all the information I need out of the kbs. I know the knowledge base was not designed with this in mind and there might be another way of doing this. If not, the knowledge base is so close to allowing reports to be generated from it, I thought it might be worth a consideration. Thanks. -- John.
