Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Starting CGI Abuses scans on a subsite

from [George A. Theall] Network Security [Permanent Link]
Subject: Re: Starting CGI Abuses scans on a subsite
Date: Thu, 16 Nov 2006 07:15:23 -0500 
On Thu, Nov 16, 2006 at 11:06:51AM +0700, Steven Haryanto wrote:

Can I configure Nessus to scan CGI Abuses (like vulnerabilities in
Mambo, PHPBB, etc) on a subsite, e.g. www.host.com/sub1? The path
"/sub1" might not be discoverable from the www.host.com, i.e. it has
to be supplied by me for Nessus to know about it.

Maybe. There's a setting in the clients for the path to the CGIs (eg, on the "General" tab in NessusClient). If there's a page under "/sub1" that lists all the apps you want to test, then you just need to include "/sub1" in that setting. If there's no such page but you can enumerate the application paths, you can include those in the setting. If neither applies, you're out of luck.


George
--
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Nessus Digest, Vol 37, Issue 13, summy mittal
Next by Date:  Resume failed scans, Larry Petty
Previous by Thread:  Starting CGI Abuses scans on a subsite, Steven Haryanto
Next by Thread:  Scanning web applications on a subsite?, Steven Haryanto
Indexes:  [Date] [Thread] [Top] [All Lists]