Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Thorough test of a Web server

from [George A. Theall] Network Security [Permanent Link]
Subject: Re: Thorough test of a Web server
Date: Fri, 19 Jan 2007 10:17:33 -0500 
On Fri, Jan 19, 2007 at 02:55:57PM +1100, Arkadi.Kosmynin@csiro.au wrote:

I am using Nessus 3.0.4 on Win XP. I can configure it scan the server,
but I don't think that it does what is expected. The web site has a few
thousand pages, but scan takes only 20-30 minutes (I disable port scans,
except port 80).

Can you point to specific things that Nessus that you feel Nessus has missed? Are these pages written using a scripting language such as PHP or ASP rather than just static pages? And if so, are they linked in from the initial page or in well-known directories?

> The
webmiror plugin is selected too, but I don't think that it does
anything.

Why? That plugin generally won't report anything; instead, it updates the KB with information found with entries such as:

  www/80/content/extensions/html

The question is, how do I enable thorough tests?

If you're using the Nessus 3 client for Windows itself, you do this by editing a new policy and selecting "Thorough tests" under the "General" settings tab.

I found a couple of books describing Nessus, but they talk about Nessus
2. The new Nessus 3 interface is intuitive, but not well documented. 

Have you look at the white papers here:

  http://www.nessus.org/documentation/

Included are two user guides for Nessus 3.0.


George
--
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Plugin ID : 19552 Question, George A. Theall
Next by Date:  RE: SSH Credentials problem, John Scherff
Previous by Thread:  RE: Thorough test of a Web server, Arkadi.Kosmynin
Next by Thread:  RE: Thorough test of a Web server, Arkadi.Kosmynin
Indexes:  [Date] [Thread] [Top] [All Lists]