Penetration Testing
How To Import Nmap XML Results Into Nessus Jan 27 2014 04:07PM
Travis Lee (eelsivart gmail com)
In a typical assessment, an initial port scan is performed on the network
with Nmap to discover hosts and to find open ports and services. This would
be followed by a scan with Nessus to determine if those services contain any
known vulnerabilities.

However, in a standard Nessus scan, Nessus will perform its own host
discovery checks and port scans before performing its vulnerability checks.
This leads to a duplication of effort and amounts to longer scan times
(especially on large target sets), and results in additional port scanning
traffic on the network. Additionally, using Nmap for host discovery and port
scanning is preferable over Nessus as Nmap is a faster, more powerful and
flexible tool for this purpose.

The Nessus Nmap XML Import plugin allows the use of an existing Nmap XML
output file in place of the Nessus port scanner. This decreases the amount
of time to perform a Nessus scan, and reduces the amount of port scanning
traffic being sent on the network. The plugin works with current versions of
Nessus and Nmap (5.2.4 and 6.40, respectively, as of this


This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus