I'm looking for a way to scan for vulnerable php-scripts and alike. I'm
trying to scan my domain on my webserver, but I can't quite get Nessus
to do it. It scans the webserver just fine, but it seems it's not able
to scan the vhost running on it.
I've found the mail below in the mailing list archive, and from that I
gather that I should just tell nessus to scan "127.0.0.1[www.foo.bar]"
(with my IP/domain in it), and that's what I've tried. But it still just
scans the webserver itself.
I'm wondering if I'm getting this wrong, and that Nessus arn't able to
do what I want, or if I'm doing something wrong? I hope you guys can
help me out.
-------- Original Message --------
Subject: Re: Testing virtual hosts
Date: Tue, 21 Oct 2003 08:13:46 -0400
From: Renaud Deraison <deraison@nessus.org>
To: nessus@list.nessus.org
References: <Pine.LNX.4.44.0310210936110.9843-100000@courgette.jml.net>
<20031021110726.D102338108@mail.secnap.net>
On Tue, Oct 21, 2003 at 07:07:26AM -0400, Michael Scheidell wrote:
> Perhaps a silly question but a quick search couldn't find the answer. How
> does nessus handle the scanning of a host running a webserver that
> provides serveral virtual hosts?
If you select 'reverse dns' or you use the web server NAME, than all
(most) of the http functions will use http/1.1 calls with the appropriate
headers.
No, you just need to enter the name of the target host and that's it. If
the DNS<->IP has not been done it (ie: because the server has not been
put in production yet) you can force it in Nessus by giving the host
name between brackets. Ie: "127.0.0.1[www.foo.bar]" will test 127.0.0.1
and all the HTTP requests will have the Host: header set to www.foo.bar.
-- Renaud
--
Jesper S. Jensen
Basisnet og Sikkerhed
Uni-C - Århus, Danmark
+45 8937-6666
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
