Network Security

Question 3

How many plug-ins are available for Nessus, and is this number identical to the number of unique exploits?

There are 7147 plugins for Nessus. Given that there are 2700 unique CVE ids and 3370 unique Bugtraq IDs, the number of plugins is greater than the number of unique exploits.

  • Several plugins can scan for the same vulnerability. For intance, there are 2 plugins that detect for the Sasser Worm ([i12],[i13])
  • Some plugins only search for information. For instance, [i11] only checks whether vBulletin is installed or not and if so reports the version number. This plugin doesn't check specifically for any vulnerabilities at all.

do we have references for the numbers ?