DoS your Nessus scanner

February 10th, 2011

I've found that Nessus scanners, I'm working with the 4.4.* variety, can't seem to take the loads that they're famous for dishing out.

For instance, if you scan a full class B, you can expect quite a bit of packet love from Nessus to your devices.

But turn the tables on Nessus and it falls on its face.

Try logging in to the scanner very quickly

  1. Log in, via the XML-RPC API</li>
  2. Request the list of plugins</li>
  3. Log in again via the XML-RPC API</li>
  4. Request the description of a plugin</li>
  5. Repeat steps 3 and 4 until Nessus goes tits up</li>
    </ol>
    Enjoy your 100% CPU utilization and locked up nessusd.

    I don't know why it works, but I suspect it has something to do with all the logging-in that occurs. Nessus may be leaving some connection open or something. The important part is that you want to loop really fast between logins. In my sample scripts I omitted the subsequent logout call but, let's be honest, any software that wants to be enterprise-y should be able to handle an assumed logout.