Scanning WannaCry and SMBv1 vulnerabilities in Enterprise Infrastructure
Recently we encountered the scenario where the customer's requirement was to check the patch management for WannaCry effect. There are multiple ways to verify same.
- Running Nessus scan with particular plugin ID enabled
- Running Nmap NSE
- Checking Status report of Patch Management solution (if any)
Now we would look at weaponizing Nessus for same activity. Small google can land on some Nessus reference links which states to enable plugin IDs i.e.; 96982, 97086, 97737, 97833, 99439 and 700099. To perform the scan over entire infrastructure to find patched/unpatched machines.
But this is enough, hence below is extensive list of plugin IDs to be enabled to detected the vulnerabilities precisely.
Hope above information helps in Infosec Consultants life ;)