> Hello All,
>
> I'm scanning my employer's network with the hopes of limitting viral outbreaks
> by identifying vulnerable Ms.Windows machines, and denying them dhcp
> service.
> So, is there a way to instruct nessus to only 'attack' hosts which it
> believes are 'Ms.Win*' hosts? Or at least, to not 'attack' hosts which
> it believes are not Ms.Win* hosts?
MAYBE, use some of the ldap or ad tools to poll the ad server for a list
of computers in the ad, than pass that list to nessus as the host list.
a quick start on this (which does miss lots of clients that haven't
connected yet to ad controller) is to get a list of hosts that are in the
ad server's browse list.
You will need to specify the ad controller in /etc/resolv.conf, mark 'list
hosts which are dead' in nessus (just to double check).
Also note that if dhcp server isn't set to force dns entries, than the
browse list (which would be netbios names) might not be the same as the fwd
dns entries.
Here is a script that I wrote that we use here for a
'quickie'. User perl and smbclient from samba suite.
Note: if ad controller is win2003, need newest samba suite.
Maybe someone can come up with a script to pull the computer names out of
ad?
first argument is name of ad controller.
#!/usr/local/bin/perl -w
$pdc = $ARGV[0] || die "must specify AD controller";
$smbclient = join(" ","smbclient -L",$pdc,"-N |");
open(FD,$smbclient);
while(<FD>) {
last if(/--------- -------/);
}
while(<FD>) {
($junk,$detail) = split(/\t/,$_,2);
($host,$junk) = split(/ /,$detail,2);
print $host,"\n" if(/ /);
last if!(/ /);
}
--
Michael Scheidell
SECNAP Network Security
561-368-9561, ext 1131
Now hiring security professionals. See http://www.secnap.com/careers
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
