Passive Vulnerability Scanner 3.2.0 Release Notes
Note: Passive Vulnerability Scanner (PVS) is now known as Nessus Network Monitor (NNM).
The following list describes many of the changes that are included in PVS version 3.2.0, the significant issues that have been resolved and notes for upgrading. A PDF file of these release notes is also available here.
As with any application, it is always advisable to perform a backup of the installation before upgrading.
Support is available for Red Hat ES 3, ES 4, ES 5 and CentOS 5 64-bit.
Upgrading from 3.0.x
The command syntax for an RPM upgrade is as follows:
# rpm -Uvh <RPM Package File Name>
- Passive Analysis Scripting Language (PASL)
- OS fingerprinting is now based on SinFP (formerly based on p0f) - uniform with Nessus
- Ability to exclude IP addresses/ranges from being monitored
- Support for non-TCP/non-UDP packet analysis - 21 new protocols supported
- Detect and report external accessibility of vulnerabilities
- New output formats: XML, Nessus and HTML
Passive Analysis Scripting Language (PASL)
PASL is a scripting language (Similar to NASL and TASL) that provides the following functionality over existing PRMs:
- Perform advanced analysis of network packets
- Data processing - i.e., binary and string manipulation, data structures, file I/O, base64 decoding
- Discover and track information that cannot be found with ordinary plugins (PRMs)
- Knowledgebase building and database lookups
- Updated as part of the plugin feed - new functionality added regularly
Sample PASL application:
- NETBIOS detection - extract computer names
- Web agent enumeration - track web browsers being used by a host
- CPE reporting - look up CPE for an application/OS
- ViewState detection - Microsoft .NET passing web session state in an insecure manner
- ActiveX component detection on a web service - extract CLSID, look it up in table and report detailed associated vulnerability
- Default credentials detection - consult database of default credentials for services
- Account monitoring: POP3, MSN, IMAP, SMTP, AIM, Yahoo, Gmail
- Track DNS queries: client lookups, failed lookups, server name resolution
- File and data monitoring: FTP sites, SMB shares, NFS shares, log commands from client to server, maintain list of files being hosted on/downloaded from a server
- Added real-time logging of interactive and encrypted sessions
- Added PASL logging of performance and usage statistics to the pasl.log file located in the logs directory. Additional runtime information such as error messages are written to the pasl_scripts.log file.