Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Thorough test of a Web server

from [Arkadi.Kosmynin] Network Security [Permanent Link]
Subject: RE: Thorough test of a Web server
Date: Sat, 20 Jan 2007 19:59:39 +1100 


On Fri, Jan 19, 2007 at 02:55:57PM +1100, Arkadi.Kosmynin@csiro.au

wrote:



I am using Nessus 3.0.4 on Win XP. I can configure it scan the

server,

but I don't think that it does what is expected. The web site has a

few

thousand pages, but scan takes only 20-30 minutes (I disable port

scans,

except port 80).


Can you point to specific things that Nessus that you feel Nessus has
missed?


As I said, the Web site has thousands of pages. A thorough scan would
not finish so fast. 


Are these pages written using a scripting language such as PHP
or ASP rather than just static pages?


Yes, they are. Most of them have .html extensions, but have PHP inserts.
This is an additional interesting question: how can Nessus check for PHP
vulnerabilities if PHP code never leaves the server? 


And if so, are they linked in from
the initial page or in well-known directories?


Yes. May be, not all of them, but most.



 > The

webmiror plugin is selected too, but I don't think that it does
anything.


Why? That plugin generally won't report anything; instead, it updates
the KB with information found with entries such as:

   www/80/content/extensions/html


Because I read in it's description that it creates a local mirror of the
site. I don't see this happening.




The question is, how do I enable thorough tests?


If you're using the Nessus 3 client for Windows itself, you do this by
editing a new policy and selecting "Thorough tests" under the

"General"

settings tab.


Sorry, there is nothing about "Thorough tests" there, nor under other
tabs. The white paper you refer to below also mentions existence of
"Thorough tests" just a few lines away from a screen cap that shows that
there are no "Thorough tests" there.
 

I found a couple of books describing Nessus, but they talk about

Nessus

2. The new Nessus 3 interface is intuitive, but not well documented.


Have you look at the white papers here:

   http://www.nessus.org/documentation/

Included are two user guides for Nessus 3.0.


Sure, I've read these documents. They did not answer my questions.



George
--
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Thorough test of a Web server, Arkadi.Kosmynin
Next by Date:  RE: SSH Credentials problem, John Scherff
Previous by Thread:  Re: Thorough test of a Web server, George A. Theall
Next by Thread:  Re: Thorough test of a Web server, George A. Theall
Indexes:  [Date] [Thread] [Top] [All Lists]