Introduction

In 2000, Nessus introduced the then experimental Knowledge Base saving feature. The original Nessus Knowledge Base was an in-memory list of data gathered during a vulnerability assessment. With the release of Nessus 1.0.5, however, Nessus servers gained the capability to save the Knowledge Base to disk for use in future scans.

The merits of the Nessus Knowledge Base, or KB, are obvious. As use of the Knowledge Base increases, one almost has to wonder how any scanner could operate without it. The Knowledge Base allows Nessus to use information gleaned from a past scan of a system to enhance and speed the scan being performed. Even more important, though, is that one plugin can use data gathered by a previously running plugin, decreasing the number of interactions with each host and making plugin development easier. A perfect example of this is the current implementation of Microsoft HotFix checks. In the original implementation, each check made a connection to the remote registry to examine its relevant key/value pairs. The Installed Windows Hotfixes check released in 2004 instead makes a single remote registry connection and proceeds to populate the Knowledge Base. Subsequent Nessus Attack Scripting Language (NASL) scripts need only query the local Knowledge Base to glean this information.

The aim of this chapter is to get the reader familiar with the workings of the Nessus Knowledge Base. The chapter highlights how the Knowledge Base works and how you can use it to maximum benefit.

It should also be noted that...