Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Plugins for scans

from [Christopher J Bidwell] Network Security [Permanent Link]
Subject: Re: Plugins for scans
Date: Thu, 26 Aug 2004 16:36:34 -0600 

This is my profile less the plugins configs:

begin(SCANNER_SET)
 10180 = yes
 10335 = no
 10336 = yes
 10796 = no
 11219 = no
 11840 = no
 14259 = no
end(SCANNER_SET)

begin(SERVER_PREFS)
 max_hosts = 5
 max_checks = 1
 log_whole_attack = no
 cgi_path = /cgi-bin:/scripts
 port_range =
1,3,13,20,21,22,23,25,53,79,80,81,110,111,113,123,135,137,138,139,161,162,389,427,443,445,500,512,513,514,515,554,631,636,777,901,1025,1026,1028,1049,1080,1
214,1243,1352,1433,1434,1730,2049,2701,2702,3128,3531,4444,4661,4662,4899,5000,6112,6346,6588,6881,7100,8080,8888,9874,12345,20270,27015,27374,37852,38293,40053,42510
 optimize_test = yes
 language = english
 checks_read_timeout = 5
 non_simult_ports = 139, 445
 plugins_timeout = 160
 safe_checks = yes
 auto_enable_dependencies = yes
 use_mac_addr = no
 save_knowledge_base = yes
 kb_restore = no
 only_test_hosts_whose_kb_we_dont_have = no
 only_test_hosts_whose_kb_we_have = no
 kb_dont_replay_scanners = no
 kb_dont_replay_info_gathering = no
 kb_dont_replay_attacks = no
 kb_dont_replay_denials = no
 kb_max_age = 864000
 plugin_upload = no
 plugin_upload_suffixes = .nasl, .inc
 slice_network_addresses = yes
 save_session = yes
 save_empty_sessions = yes
 host_expansion = ip
 ping_hosts = yes
 reverse_lookup = no
 detached_scan = no
 continuous_scan = no
 unscanned_closed = no
 diff_scan = no
end(SERVER_PREFS)

begin(PLUGINS_PREFS)
 Login configurations[entry]:FTP account : = anonymous
 Login configurations[password]:FTP password (sent in clear) : =
nessus@nessus.org
 Login configurations[entry]:FTP writeable directory : = /incoming
 Login configurations[checkbox]:Never send SMB credentials in clear text =
yes
 Login configurations[checkbox]:Only use NTLMv2 = no
 Services[entry]:Number of connections done in parallel : = 1
 Services[entry]:Network connection timeout : = 15
 Services[entry]:Network read/write timeout : = 15
 Services[entry]:Wrapped service read timeout : = 30
 Services[radio]:Test SSL based services = All
 Unknown CGIs arguments torture[checkbox]:Send POST requests = no
 NIDS evasion[radio]:TCP evasion technique = none
 NIDS evasion[checkbox]:Send fake RST when establishing a TCP connection =
no
 ftp writeable directories[radio]:How to check if directories are writeable
: = Trust the permissions (drwxrwx---)
 SMTP settings[entry]:Third party domain : = example.com
 SMTP settings[entry]:From address : = nobody@example.com
 SMTP settings[entry]:To address : = postmaster@[AUTO_REPLACED_IP]
 Libwhisker options[radio]:IDS evasion technique: = X (none)
 Brute force login (Hydra)[entry]:Number of simultaneous connections : = 0
 Brute force login (Hydra)[checkbox]:Brute force telnet = no
 Brute force login (Hydra)[checkbox]:Brute force FTP = no
 Brute force login (Hydra)[checkbox]:Brute force POP3 = no
 Brute force login (Hydra)[checkbox]:Brute force IMAP = no
 Brute force login (Hydra)[checkbox]:Brute force cisco = no
 Brute force login (Hydra)[checkbox]:Brute force cisco-enable = no
 Brute force login (Hydra)[checkbox]:Brute force VNC = no
 Brute force login (Hydra)[checkbox]:Brute force SOCKS 5 = no
 Brute force login (Hydra)[checkbox]:Brute force rexec = no
 Brute force login (Hydra)[checkbox]:Brute force NNTP = no
 Brute force login (Hydra)[checkbox]:Brute force HTTP = no
 Brute force login (Hydra)[checkbox]:Brute force ICQ = no
 Brute force login (Hydra)[checkbox]:Brute force PCNFS = no
 Brute force login (Hydra)[checkbox]:Brute force SMB = no
 Brute force login (Hydra)[checkbox]:Brute force LDAP = no
 SMB use host SID to enumerate local users[entry]:Start UID : = 1000
 SMB use host SID to enumerate local users[entry]:End UID : = 1200
 Misc information on News server[entry]:From address : = Nessus
<listme@listme.dsbl.org>
 Misc information on News server[entry]:Test group name regex : =
f[a-z]\.tests?
 Misc information on News server[entry]:Max crosspost : = 7
 Misc information on News server[checkbox]:Local distribution = yes
 Misc information on News server[checkbox]:No archive = no
 SMB use domain SID to enumerate users[entry]:Start UID : = 1000
 SMB use domain SID to enumerate users[entry]:End UID : = 1200
 SMB Scope[checkbox]:Request information about the domain = yes
 Web mirroring[entry]:Number of pages to mirror : = 5
 Web mirroring[entry]:Start page : = /
 HTTP login page[entry]:Login page : = /
 HTTP login page[entry]:Login form fields : = user=%USER%&pass=%PASS%
 HTTP NIDS evasion[checkbox]:Use HTTP HEAD instead of GET = no
 HTTP NIDS evasion[radio]:URL encoding = none
 HTTP NIDS evasion[radio]:Absolute URI type = none
 HTTP NIDS evasion[radio]:Absolute URI host = none
 HTTP NIDS evasion[checkbox]:Double slashes = no
 HTTP NIDS evasion[radio]:Reverse traversal = none
 HTTP NIDS evasion[checkbox]:Self-reference directories = no
 HTTP NIDS evasion[checkbox]:Premature request ending = no
 HTTP NIDS evasion[checkbox]:CGI.pm semicolon separator = no
 HTTP NIDS evasion[checkbox]:Parameter hiding = no
 HTTP NIDS evasion[checkbox]:Dos/Windows syntax = no
 HTTP NIDS evasion[checkbox]:Null method = no
 HTTP NIDS evasion[checkbox]:TAB separator = no
 HTTP NIDS evasion[checkbox]:HTTP/0.9 requests = no
 Ping the remote host[entry]:TCP ping destination port(s) : = built-in
 Ping the remote host[checkbox]:Do a TCP ping = yes
 Ping the remote host[checkbox]:Do an ICMP ping = yes
 Ping the remote host[entry]:Number of retries (ICMP) : = 2
 Ping the remote host[checkbox]:Make the dead hosts appear in the report =
no
 Ping the remote host[checkbox]:Log live hosts in the report = yes
 Nmap[radio]:TCP scanning technique : = SYN scan
 Nmap[checkbox]:UDP port scan = no
 Nmap[checkbox]:RPC port scan = no
 Nmap[checkbox]:Ping the remote host = no
 Nmap[checkbox]:Identify the remote OS = yes
 Nmap[checkbox]:Use hidden option to identify the remote OS = no
 Nmap[checkbox]:Fragment IP packets (bypasses firewalls) = no
 Nmap[checkbox]:Get Identd info = no
 Nmap[radio]:Port range = User specified range
 Nmap[checkbox]:Do not randomize the  order  in  which ports are scanned =
yes
 Nmap[entry]:Source port : = any
 Nmap[radio]:Timing policy : = Normal
 Global variable settings[checkbox]:Enable experimental scripts = no
 Global variable settings[checkbox]:Thorough tests (slow) = no
 Global variable settings[radio]:Report verbosity = Normal
 Global variable settings[radio]:Log verbosity = Normal
 Global variable settings[entry]:Debug level = 0
 HTTP NIDS evasion[checkbox]:Random case sensitivity (Nikto only) = no
 Global variable settings[radio]:Report paranoia = Normal
 Nikto (NASL wrapper)[checkbox]:Force scan all possible CGI directories =
no
 Nikto (NASL wrapper)[checkbox]:Force full (generic) scan = no
 HTTP login page[entry]:Login form : =
 Brute force login (Hydra)[file]:Logins file : =
 Brute force login (Hydra)[file]:Passwords file : =
 Brute force login (Hydra)[entry]:Web page to brute force : =
 Nmap[entry]:Data length : =
 Nmap[entry]:Ports scanned in parallel (max) =
 Nmap[entry]:Host Timeout (ms) : =
 Nmap[entry]:Min RTT Timeout (ms) : =
 Nmap[entry]:Max RTT Timeout (ms) : =
 Nmap[entry]:Initial RTT timeout (ms) =
 Nmap[entry]:Minimum wait between probes (ms) =
 Nmap[file]:File containing nmap's results : =
 Services[file]:SSL certificate : =
 Services[file]:SSL private key : =
 Services[password]:PEM password : =
 Services[file]:CA file : =
 HTTP NIDS evasion[entry]:HTTP User-Agent =
 HTTP NIDS evasion[entry]:Force protocol string : =
 Login configurations[entry]:HTTP account : =
 Login configurations[password]:HTTP password (sent in clear) : =
 Login configurations[entry]:NNTP account : =
 Login configurations[password]:NNTP password (sent in clear) : =
 Login configurations[entry]:POP2 account : =
 Login configurations[password]:POP2 password (sent in clear) : =
 Login configurations[entry]:POP3 account : =
 Login configurations[password]:POP3 password (sent in clear) : =
 Login configurations[entry]:IMAP account : =
 Login configurations[password]:IMAP password (sent in clear) : =
 Login configurations[entry]:SMB account : =
 Login configurations[password]:SMB password : =
 Login configurations[entry]:SMB domain (optional) : =
 Login configurations[entry]:SNMP community (sent in clear) : =
end(PLUGINS_PREFS)
begin(SERVER_INFO)
 server_info_nessusd_version = 2.0.12
 server_info_libnasl_version = 2.0.12
 server_info_libnessus_version = 2.0.12
 server_info_thread_manager = fork
 server_info_os = Linux
 server_info_os_version = 2.4.21-15.ELsmp
end(SERVER_INFO)

Any assistance would be great.

Thanks,
Chris



|---------+---------------------------->
|         |           Michel Arboi     |
|         |           <mikhail@nessus.o|
|         |           rg>              |
|         |                            |
|         |           08/26/2004 04:07 |
|         |           PM               |
|---------+---------------------------->
  

------------------------------------------------------------------------------------------------------------------------------|

  |                                                                             
                                                 |
  |       To:       "Christopher J Bidwell" <cbidwell@usgs.gov>                 
                                                 |
  |       cc:       nessus@list.nessus.org                                      
                                                 |
  |       Subject:  Re: Plugins for scans                                       
                                                 |
  

------------------------------------------------------------------------------------------------------------------------------|





On Thu Aug 26 2004 at 23:22, Christopher J Bidwell wrote:


Anyone know why when I conduct a scan that it executes the same plugin
twice for the same IP being scanned?


find_service forks. You can configure how many children process you
want.


This happens for numerous plugins.


get_kb_item("gizmo") will fork if "gizmo" is a list instead of a
single item.


Just wonder if that's why the state tables on our routers are
filling up.


Maybe find_service, not the other ones. The port scanners are more
dangerous because they are quicker and tests more ports.
Try to use netstat or snmpwalk, or nmap with "polite" timing (if will
be slooooooooow).
Also try to reduce the number of simultaneous tests.




_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Plugins for scans, Michel Arboi
Next by Date:  Re: Plugins for scans, George Theall
Previous by Thread:  Re: Plugins for scans, Michel Arboi
Next by Thread:  Re: Plugins for scans, George Theall
Indexes:  [Date] [Thread] [Top] [All Lists]