Importing Nmap Results into Nessus

Learn how to import Nmap scan results into Nessus for a comprehensive security assessment.
by İbrahim Korucuoğlu ( @siberoloji) |
Tags:
Categories:

  4 minute read  

Introduction

Nmap (Network Mapper) is one of the most widely used network scanning tools for discovering hosts and services on a computer network. It provides detailed information about live hosts, open ports, running services, and potential vulnerabilities.

Nessus, on the other hand, is a popular vulnerability scanner developed by Tenable that performs in-depth security assessments of network devices. While Nessus can conduct its own scans, integrating Nmap results allows security professionals to leverage Nmap’s powerful scanning capabilities while utilizing Nessus’s robust vulnerability detection mechanisms.

This guide explains how to import Nmap scan results into Nessus for more comprehensive security assessments.

Why Import Nmap Results into Nessus?

Combining Nmap’s scanning capabilities with Nessus’s vulnerability assessment tools offers several advantages:

  1. Enhanced Discovery: Nmap provides more flexible and granular host and port discovery compared to Nessus.
  2. Faster Initial Scans: Running Nmap scans beforehand reduces the scan time in Nessus by skipping host discovery.
  3. Custom Scan Options: Nmap allows security teams to use custom scanning techniques, such as aggressive scanning or specific script execution, before importing results into Nessus.
  4. More Detailed Network Insights: Using Nmap’s scripts (NSE) can provide additional context before running a vulnerability assessment in Nessus.

Step-by-Step Guide to Importing Nmap Results into Nessus

Step 1: Running an Nmap Scan

To generate results that can be imported into Nessus, you must run an Nmap scan with the correct output format. Nessus supports XML format, so the scan must be saved in .xml format.

Basic Nmap Scan Command

nmap -sS -p- -oX nmap_scan.xml target_ip
  • -sS: Performs a SYN scan (stealthy scan for discovering open ports).
  • -p-: Scans all 65535 ports.
  • -oX nmap_scan.xml: Saves the scan output in XML format.
  • target_ip: Replace this with the actual target IP or domain.

Advanced Nmap Scan with Service and OS Detection

nmap -A -T4 -oX nmap_scan.xml target_ip
  • -A: Enables OS detection, version detection, script scanning, and traceroute.
  • -T4: Sets the timing template for faster scanning.
  • -oX nmap_scan.xml: Saves the scan in XML format.

Step 2: Importing Nmap Results into Nessus

Once the Nmap scan is complete, follow these steps to import the results into Nessus:

  1. Open Nessus: Log into your Nessus web interface.
  2. Create a New Scan:
    • Navigate to ScansNew Scan.
    • Choose Advanced Scan.
  3. Import the Nmap Results:
    • Scroll to the Discovery section.
    • Look for “Nmap (XML) results import”.
    • Click Upload File and select nmap_scan.xml.
  4. Configure Scan Settings:
    • Adjust scan policies as needed.
    • Set exclusions if necessary.
  5. Run the Scan:
    • Click Launch Scan to initiate the vulnerability assessment using the imported Nmap results.

Step 3: Analyzing the Results

Once the Nessus scan is complete, analyze the results by:

  • Reviewing Hosts: Check for live hosts detected by Nmap and analyzed by Nessus.
  • Examining Vulnerabilities: Nessus assigns severity ratings to detected vulnerabilities.
  • Exporting Reports: Save the results in formats like HTML, CSV, or PDF for documentation and remediation planning.

Automating the Process

For large-scale assessments, automating the process can save time. Here’s a simple bash script to run an Nmap scan and import results into Nessus automatically:

#!/bin/bash

# Define target and output file
TARGET="target_ip"
OUTPUT_FILE="nmap_scan.xml"

# Run Nmap scan
nmap -A -T4 -oX $OUTPUT_FILE $TARGET

# Upload to Nessus (using Nessus API)
API_KEY="your_nessus_api_key"
NESSUS_URL="https://your-nessus-server:8834"

curl -k -X POST -H "X-ApiKeys: accessKey=$API_KEY" \
    -F "file=@$OUTPUT_FILE" \
    "$NESSUS_URL/scans/import"

Replace your_nessus_api_key and your-nessus-server:8834 with your actual Nessus API key and server URL.

Troubleshooting Common Issues

1. Nessus Fails to Import Nmap XML File

  • Ensure that the XML file is properly formatted and valid.
  • Check if the file size exceeds Nessus’s upload limit.

2. Scan Results Show Fewer Hosts or Ports

  • Adjust Nmap’s scan aggressiveness and port range.
  • Use -Pn in Nmap to disable ping checks and ensure all hosts are scanned.

3. Nmap Scan Takes Too Long

  • Reduce the number of scanned ports (e.g., use -p1-1000 instead of -p-).
  • Increase scan speed with -T4 or -T5, but beware of false positives.

Conclusion

Importing Nmap results into Nessus is a powerful technique for optimizing vulnerability assessments. Nmap excels in network discovery and port scanning, while Nessus is ideal for identifying security weaknesses. Combining the two allows security professionals to conduct more accurate and efficient security assessments.

By following the steps outlined in this guide, you can enhance your penetration testing workflow and improve network security visibility. Whether for manual assessments or automated scanning, integrating Nmap and Nessus can significantly streamline your vulnerability management process.


< Using Nmap with MetasploitCombining Nmap with Wireshark >