If knowledge base saving is enabled, the system will archive the raw scan data in NESSUS_ROOT/var/nessus/users/<user>/kbs/<ip>. The nessusd.messages and nessusd.dump files will often contain information you might consider sensitive. If a scan is killed manually (ie. kill -9), the files left in /tmp/nessus-* also contain the raw scan results in NBE format. If a vulnerability check downloads a file and reports the contents, that data will be mirrored in the kbs directory in the appropriate file for that IP. The files are never stored on the actual filesystem (most plugins can't access the host system in any way).
-HD On Thursday 17 July 2003 12:03 pm, EnergyLad wrote: > When Nessus successfully downloads a file from an ftp server, or some > other source, does the data ever leave nessusd's memory? Does the > transfer ever even complete? Which is to say, I cannot see anywhere > that it might be writing the files, but before deploying this at a > client site it would be nice to know for sure that my scanner won't > become an archiver of customer data. > > Patrick Dennis
