Re: Testing virtual hosts

Jesper S. Jensen wrote:

> We have a server running a bunch of vhosts, and people have various
> php/pearl/etc. scripts on their websites. We know there are voulnable
> scripts on some of the websites, but Nessus doesn't find those,
> because it's just scanning the web server itself.
>
> I was hoping that the use of ip[domain] would make Nessus able to scan
> the vhosts directly, but as said it didn't quite do that. Am I
> misunderstanding the mail below, or something?
If you know all the (virtual) domain names, provide that list of names
(just names) to Nessus to scan and it _should_ use that information when
testing (so when testing the web server it will send the "Host:" header
with that domain in it)--it always works for me.


--Sullo

-- 

http://www.cirt.net/      |     http://www.osvdb.org/

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus