Netstat Portscanner Update to Use Sockstat (ss) Utility

Summary

The Netstat Portscanner plugin runs during credentialed scans to enumerate open ports. After authenticating to the scan target, the plugin will attempt to run the ‘netstat’ command to identify listening ports. Modern Linux and Unix distributions are providing the 'ss' utility and have removed 'netstat', while 'netstat' is still available on older distributions. The Netstat Portscanner will now attempt to use the ‘ss’ utility if the ‘netstat’ utility is not available. Thus, older distributions will continue to use the ‘netstat’ utility, while newer distributions that do not include ‘netstat’ will use the ‘ss’ utility.

Impact

Customers may notice credentialed scans identify additional open ports. They may also see additional vulnerability plugins and informational plugins triggered in these scans due to the newly identified open ports.

Plugin

Netstat Portscanner (SSH) (14272)

Target Release Date

April 25th, 2023