Nessus Sample Reports

Here you can find several reports generated using the Nessus vulnerability
scanner. Nessus reports can display vulnerabilities in different ways:

Suggested Remediations Nessus summarizes the actions to take that

address the largest quantity of vulnerabilities on the network. For example,
Nessus will recommend that Taking the following actions across 2 hosts
would resolve 42% of the vulnerabilities on the network and proceed to list
the details of those specific vulnerabilities.

Vulnerabilities Grouped by Plugin Lists each vulnerability found during

your scan and the affected hosts. Systems administrators will find it easy to
read this report and fix the problems that have been identified.

Vulnerabilities Grouped by Host Lists each host found during the scan
and its associated vulnerabilities. Systems administrators will often use this
report to address specific issues with certain hosts, follow-up scans, PCI
scans, and targeted assessments.

Network-based Scans (Uncredentialed)

Exploitable Vulnerabilities:
Using result filtering, Nessus can generate a report that lists only
vulnerabilities for which there is an associated exploit. The following reports
are from network scans showing exploitable vulnerabilities grouped by plugin
and by host:

o By plugin, with suggested remediations

o By host

Hosts Summary, Executive/Management Summary

Summary of a network scan showing host status and vulnerabilities sorted by
severity with suggested remediations

Uncredentialed Windows 2000 Network Scan, Vulnerabilities by Plugin

Uncredentialed Windows 2000 network scan showing details of vulnerabilities
by plugin with suggested remediations

Credentialed Vulnerability Scans

Linux Hosts Summary, Executive/Management Summary

Summary of a Linux host scan showing status and vulnerabilities sorted by
severity with suggested remediations
 Credentialed Windows Hosts Summary, Executive/Management Summary
Summary of a credentialed Windows host scan showing vulnerabilities sorted
by severity

Compliance Audits

MySQL CIS Compliance Audits:

Reports from a single host using both Level 1 and Level 2 CIS MySQL checks
(.audit)

o Executive/management summary showing compliance test

pass/fail/warning status

o By compliance status, detailed findings

Windows CIS Compliance Audits:

Reports from a single host using the Windows CIS audit (.audit)

o Executive/management summary showing compliance test

pass/fail/warning status

o By compliance status, detailed findings

Patch Audits

Linux Host Local Patch Audit:

Linux host scan for missing patches

o Hosts summary, executive/management summary with suggested

remediations

o Vulnerabilities by host, detailed findings with suggested remediations

Windows Host Patch Audit:

Windows host scan for missing patches

o Hosts summary, executive/management summary with suggested

remediations

o Vulnerabilities by host, detailed findings with suggested remediations

Web Application Testing

Web Application Fuzz Testing: Finding previously-unknown web application

vulnerabilities using fuzzing techniques.
Results of fuzz testing a web application
o Hosts summary, executive/management summary

o Vulnerabilities by plugin, detailed findings