Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Nessus nmap.nasl

from [Lalumiere, Matt] Network Security [Permanent Link]
Subject: Nessus nmap.nasl
Date: Mon, 25 Apr 2005 13:20:24 -0400 

Some concerns with the nmap.nasl's scanning mechanisms, efficiencies,
and abilities after reading the following statement from Michel Arboi: 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Nmap can crash broken IP stacks. --- The latest versions of the
nmap.nasl wrapper disable those dangerous options (OS fingerprinting,
TCP stealth scans, UDP scan, aggressive timings) --- [When using
safe_checks()]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

As a suggestion: perhaps the following nmap.nasl plugin preference
should be implemented in order to bypass the default safe_checks()
allowing the use of other common scanning techniques and timings.


Line 48:

script_add_preference(name:"Run Plugin as Safe_Plugin", type:"checkbox",
value: "yes");


....


line 131

safe = script_get_preference("Run Plugin as Safe_Plugin :")
if (safe == yes)
{ 
 safe = safe_checks();
}

....

Matthew Lalumiere

Verisign
www.verisign.com
------------------
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: building my own nessus deb package and translation, mgrd
Next by Date:  Re: Nessus nmap.nasl, Michel Arboi
Previous by Thread:  building my own nessus deb package and translation, Antonio A
Next by Thread:  Re: Nessus nmap.nasl, Michel Arboi
Indexes:  [Date] [Thread] [Top] [All Lists]