Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

nessus not finding tcp port 443 even though this is definitely active

from [IMAP Oskar] Network Security [Permanent Link]
Subject: nessus not finding tcp port 443 even though this is definitely active
Date: Fri, 30 Nov 2007 20:45:50 +0100 
Nessus is not finding port 443 on a device on which I know it is open, 
but it does find 80..
Verified with nmap and that finds both 80 and 443 on that device.

Anybody any ideas to the why ?

This is the command I'm using:
 /opt/nessus/bin/nessus -c nessusrc  -T nbe -xq 127.0.0.1 1241 {userid} 
{password} {rangefile} {outputfile.nbe}

Below is the nessusrc file I'm using (all plugins are enabled, except 
for the DOS ones, so I've not included those lines).
.
In this nessusrc file I've tried these three options:

Ping the remote host[entry]:TCP ping destination port(s) : = built-in
Ping the remote host[entry]:TCP ping destination port(s) : = extended
Ping the remote host[entry]:TCP ping destination port(s) : = 
"21;22;23;25;53;69;79;80;110;111;113;123;135;137;138;139;143;161;256;259;264;265;389;443;445;497;500;515;548;900;953;981;993;1025;1028;1029;1080;1201;1241;1433;1454;1723;1900;1917;2809;2869;2998;3128;3389;4100;5000;5600;8000;8080;9001;9100;9495;18182;65553"

All give me the exact same results, no port 443.


# This file was automagically created by nessus
nessusd_user = tst
nessusd_host = 127.0.0.1
begin(PLUGIN_PREFS)
 Global variable settings[checkbox]:Enable CGI scanning = yes
 Global variable settings[radio]:Network type = Mixed (use RFC 1918)
 Global variable settings[checkbox]:Enable experimental scripts = no
 Global variable settings[checkbox]:Thorough tests (slow) = no
 Global variable settings[radio]:Report verbosity = Normal
 Global variable settings[radio]:Report paranoia = Normal
 Global variable settings[radio]:Log verbosity = Normal
 Global variable settings[entry]:Debug level = 0
 HTTP NIDS evasion[checkbox]:Use HTTP HEAD instead of GET = no
 HTTP NIDS evasion[radio]:URL encoding = none
 HTTP NIDS evasion[radio]:Absolute URI type = none
 HTTP NIDS evasion[radio]:Absolute URI host = none
 HTTP NIDS evasion[checkbox]:Double slashes = no
 HTTP NIDS evasion[radio]:Reverse traversal = none
 HTTP NIDS evasion[checkbox]:Self-reference directories = no
 HTTP NIDS evasion[checkbox]:Premature request ending = no
 HTTP NIDS evasion[checkbox]:CGI.pm semicolon separator = no
 HTTP NIDS evasion[checkbox]:Parameter hiding = no
 HTTP NIDS evasion[checkbox]:Dos/Windows syntax = no
 HTTP NIDS evasion[checkbox]:Null method = no
 HTTP NIDS evasion[checkbox]:TAB separator = no
 HTTP NIDS evasion[checkbox]:HTTP/0.9 requests = no
 HTTP NIDS evasion[checkbox]:Random case sensitivity (Nikto only) = no
 SNMP settings[entry]:Community name : = public
 SNMP settings[entry]:UDP port : = 161
 Ping the remote host[entry]:TCP ping destination port(s) : = extended
 Ping the remote host[checkbox]:Do a TCP ping = yes
 Ping the remote host[checkbox]:Do an ICMP ping = no
 Ping the remote host[entry]:Number of retries (ICMP) : = 6
 Ping the remote host[checkbox]:Do an applicative UDP ping (DNS,RPC...) = no
 Ping the remote host[checkbox]:Make the dead hosts appear in the report 
= yes
 Ping the remote host[checkbox]:Log live hosts in the report = yes
 Login configurations[checkbox]:Never send SMB credentials in clear text 
= yes
 Login configurations[checkbox]:Only use NTLMv2 = no
 Kerberos configuration[entry]:Kerberos KDC Port : = 88
 Kerberos configuration[radio]:Kerberos KDC Transport : = udp
 SSH settings[entry]:SSH user name : = root
 Services[entry]:Number of connections done in parallel : = 6
 Services[entry]:Network connection timeout : = 5
 Services[entry]:Network read/write timeout : = 5
 Services[entry]:Wrapped service read timeout : = 2
 Services[radio]:Test SSL based services = Known SSL ports
 Unknown CGIs arguments torture[checkbox]:Send POST requests = no
 SMB use host SID to enumerate local users[entry]:Start UID : = 1000
 SMB use host SID to enumerate local users[entry]:End UID : = 1200
 Web mirroring[entry]:Number of pages to mirror : = 200
 Web mirroring[entry]:Start page : = /
 SMB use domain SID to enumerate users[entry]:Start UID : = 1000
 SMB use domain SID to enumerate users[entry]:End UID : = 1200
 Login configurations[entry]:FTP account : = anonymous
 Login configurations[entry]:FTP writeable directory : = /incoming
 SMB Scope[checkbox]:Request information about the domain = yes
Misc information on News server[entry]:Test group name regex : = 
f[a-z]\.tests?
 Misc information on News server[entry]:Max crosspost : = 7
 Misc information on News server[checkbox]:Local distribution = yes
 Misc information on News server[checkbox]:No archive = no
 HTTP login page[entry]:Login page : = /
 HTTP login page[entry]:Login form fields : = user=%USER%&pass=%PASS%
 SMTP settings[entry]:Third party domain : = example.com
 SMTP settings[entry]:From address : = nobody@example.com
 SMTP settings[entry]:To address : = postmaster@[AUTO_REPLACED_IP]
end(PLUGIN_PREFS)

begin(PLUGIN_SET)
...................removed (all yes except for the DOS ones)

end(PLUGIN_SET)

begin(PLUGINS_PREFS)
 Ping the remote host[entry]:TCP ping destination port(s) : = built-in
 SSH settings[password]:Passphrase for SSH key : =
 SSH settings[file]:SSH private key to use : =
 SSH settings[file]:SSH public key to use : =
 SSH settings[password]:SSH password (unsafe!) : =
 Nmap (NASL wrapper)[file]:File containing grepable results : =
 Nmap (NASL wrapper)[entry]:Minimum wait between probes (ms) =
 Nmap (NASL wrapper)[entry]:Ports scanned in parallel (min) =
 Nmap (NASL wrapper)[entry]:Ports scanned in parallel (max) =
 Nmap (NASL wrapper)[entry]:Initial RTT timeout (ms) : =
 Nmap (NASL wrapper)[entry]:Max RTT Timeout (ms) : =
 Nmap (NASL wrapper)[entry]:Min RTT Timeout (ms) : =
 Nmap (NASL wrapper)[entry]:Host Timeout (ms) : =
 Nmap (NASL wrapper)[entry]:Source port : =
 Login configurations[entry]:Additional SMB domain (optional) (3) : =
 Login configurations[password]:Additional SMB password (3) : =
 Login configurations[entry]:Additional SMB account (3) : =
 Login configurations[entry]:Additional SMB domain (optional) (2) : =
 Login configurations[password]:Additional SMB password (2) : =
 Login configurations[entry]:Additional SMB account (2) : =
 Login configurations[entry]:Additional SMB domain (optional) (1) : =
 Login configurations[password]:Additional SMB password (1) : =
 Login configurations[entry]:Additional SMB account (1) : =
 Login configurations[entry]:SMB domain (optional) : =
 Login configurations[password]:SMB password : =
 Login configurations[entry]:SMB account : =
 Login configurations[password]:IMAP password (sent in clear) : =
 Login configurations[entry]:IMAP account : =
 Login configurations[password]:POP3 password (sent in clear) : =
 Login configurations[entry]:POP3 account : =
 Login configurations[password]:POP2 password (sent in clear) : =
 Login configurations[entry]:POP2 account : =
 Login configurations[password]:NNTP password (sent in clear) : =
 Login configurations[entry]:NNTP account : =
 Login configurations[password]:HTTP password (sent in clear) : =
 Login configurations[entry]:HTTP account : =
 Cleartext protocols settings[password]:Password (unsafe!) : =
 Cleartext protocols settings[entry]:User name : =
 Windows File Contents Compliance Checks[file]:Policy file #5 : =
 Windows File Contents Compliance Checks[file]:Policy file #4 : =
 Windows File Contents Compliance Checks[file]:Policy file #3 : =
 Windows File Contents Compliance Checks[file]:Policy file #2 : =
 Windows File Contents Compliance Checks[file]:Policy file #1 : =
 Oracle settings[entry]:Oracle SID : =
 Kerberos configuration[entry]:Kerberos Realm (SSH only) : =
 Kerberos configuration[entry]:Kerberos Key Distribution Center (KDC) : =
 HTTP login page[entry]:Login form : =
 Services[file]:CA file : =
 Services[password]:PEM password : =
 Services[file]:SSL private key : =
 Services[file]:SSL certificate : =
 Web mirroring[entry]:Start page : = /
 Web mirroring[entry]:Number of pages to mirror : = 200
 SSH settings[entry]:SSH user name : = root
 SMTP settings[entry]:To address : = postmaster@[AUTO_REPLACED_IP]
 SMTP settings[entry]:From address : = nobody@example.com
 SMTP settings[entry]:Third party domain : = example.com
 Global variable settings[entry]:HTTP User-Agent = Mozilla/4.0 
(compatible; MSIE 6.0; Windows NT 5.0)
 Global variable settings[entry]:Debug level = 0
 Global variable settings[radio]:Log verbosity = Normal;Quiet;Verbose;Debug
 Global variable settings[radio]:Report paranoia = Normal;Avoid false 
alarms;Paranoid (more false alarms)
 Global variable settings[radio]:Report verbosity = Normal;Quiet;Verbose
 Global variable settings[checkbox]:Thorough tests (slow) = no
 Global variable settings[checkbox]:Enable experimental scripts = no
 Global variable settings[radio]:Network type = Mixed (use RFC 
1918);Private LAN; Public WAN (Internet)
 Global variable settings[checkbox]:Enable CGI scanning = yes
 Global variable settings[checkbox]:Do not log in with user accounts not 
specified in the policy = no
 Nmap (NASL wrapper)[checkbox]:Run dangerous port scans even if safe 
checks are set = no
 Nmap (NASL wrapper)[checkbox]:Do not scan targets not in the file = no
 Nmap (NASL wrapper)[radio]:Timing policy : = Auto (nessus 
specific!);Normal;Insane;Aggressive;Polite;Sneaky;Paranoid;Custom
 Nmap (NASL wrapper)[checkbox]:Do not randomize the  order  in  which 
ports are scanned = no
 Nmap (NASL wrapper)[checkbox]:Get Identd info = no
 Nmap (NASL wrapper)[checkbox]:Fragment IP packets (bypasses firewalls) = no
 Nmap (NASL wrapper)[checkbox]:Use hidden option to identify the remote 
OS = no
 Nmap (NASL wrapper)[checkbox]:Identify the remote OS = no
 Nmap (NASL wrapper)[checkbox]:RPC port scan = no
 Nmap (NASL wrapper)[checkbox]:Service scan = no
 Nmap (NASL wrapper)[checkbox]:UDP port scan = no
 Nmap (NASL wrapper)[radio]:TCP scanning technique : = connect();SYN 
scan;FIN scan;Xmas Tree scan;Null scan
 Login configurations[checkbox]:Only use NTLMv2 = no
 Login configurations[checkbox]:Never send SMB credentials in clear text 
= yes
 Login configurations[radio]:SMB password type : = Password;LM Hash;NTLM 
Hash
 Login configurations[entry]:FTP writeable directory : = /incoming
 Login configurations[password]:FTP password (sent in clear) : = 
nessus@nessus.org
 Login configurations[entry]:FTP account : = anonymous
 SMB use domain SID to enumerate users[entry]:End UID : = 1200
 SMB use domain SID to enumerate users[entry]:Start UID : = 1000
 SMB Scope[checkbox]:Request information about the domain = yes
 SNMP settings[entry]:UDP port : = 161
 SNMP settings[entry]:Community name : = public
 SMB use host SID to enumerate local users[entry]:End UID : = 1200
 SMB use host SID to enumerate local users[entry]:Start UID : = 1000
 Cleartext protocols settings[checkbox]:Try to perform patch level 
checks over rexec = no
 Cleartext protocols settings[checkbox]:Try to perform patch level 
checks over rsh = no
 Cleartext protocols settings[checkbox]:Try to perform patch level 
checks over telnet = no
 Unknown CGIs arguments torture[checkbox]:Send POST requests = no
 Misc information on News server[checkbox]:No archive = no
 Misc information on News server[checkbox]:Local distribution = yes
 Misc information on News server[entry]:Max crosspost : = 7
 Misc information on News server[entry]:Test group name regex : = 
f[a-z]\.tests?
 Misc information on News server[entry]:From address : = Nessus 
<listme@listme.dsbl.org>
 Do not scan fragile devices[checkbox]:Scan Novell Netware hosts = no
 Do not scan fragile devices[checkbox]:Scan Network Printers = no
 Oracle settings[checkbox]:Test default accounts (slow) = no
 Nessus TCP scanner[checkbox]:Network congestion detection = yes
 Nessus TCP scanner[checkbox]:Detect firewall = yes
 Nessus TCP scanner[checkbox]:Detect RST rate limitation = yes
 Nessus TCP scanner[checkbox]:Scan ports in random order = yes
 Kerberos configuration[radio]:Kerberos KDC Transport : = udp;tcp
 Kerberos configuration[entry]:Kerberos KDC Port : = 88
 HTTP login page[entry]:Login form fields : = user=%USER%&pass=%PASS%
 HTTP login page[entry]:Login page : = /
 Services[radio]:Test SSL based services = Known SSL ports;All;None
 Services[entry]:Wrapped service read timeout : = 2
 Services[entry]:Network read/write timeout : = 5
 Services[entry]:Network connection timeout : = 5
 Services[entry]:Number of connections done in parallel : = 6
 Ping the remote host[checkbox]:Test the local Nessus host = yes
 Ping the remote host[checkbox]:Log live hosts in the report = no
 Ping the remote host[checkbox]:Make the dead hosts appear in the report 
= no
 Ping the remote host[checkbox]:Do an applicative UDP ping (DNS,RPC...) = no
 Ping the remote host[entry]:Number of retries (ICMP) : = 6
 Ping the remote host[checkbox]:Do an ICMP ping = no
 Ping the remote host[checkbox]:Do a TCP ping = yes
 Ping the remote host[checkbox]:Do an ARP ping = yes
end(PLUGINS_PREFS)

begin(SERVER_INFO)
 server_info_nessusd_version = 3.0.6
 server_info_os_version = 2.4.27-2-386
 server_info_os = Linux
 server_info_thread_manager = fork
 server_info_libnessus_version = 3.0.6
 server_info_libnasl_version = 3.0.6
end(SERVER_INFO)

begin(RULES)
end(RULES)

begin(SERVER_PREFS)
 server_info_libnasl_version = 3.0.1
 log_whole_attack = yes
 trace_scan = no
 server_info_nessusd_version = 3.0.1
 ntp_detached_sessions = yes
 safe_checks = yes
 unscanned_closed = no
 kb_dont_replay_scanners = no
 kb_max_age = 864000
 only_test_hosts_whose_kb_we_have = no
 server_info_libnessus_version = 3.0.1
 throttle_scan = yes
 ntp_short_status = yes
 auto_update_delay = 24
 slice_network_addresses = no
 ntp_keep_communication_alive = yes
 cgi_path = /cgi-bin:/scripts
 ntp_opt_show_end = yes
 language = english
 only_test_hosts_whose_kb_we_dont_have = no
 plugins_timeout = 320
 kb_dont_replay_info_gathering = no
  kb_dont_replay_denials = no
 checks_read_timeout = 5
 save_knowledge_base = no
 non_simult_ports = 139, 445
 server_info_os = Linux
 optimize_test = yes
 max_hosts = 20
 kb_dont_replay_attacks = no
 reverse_lookup = no
 max_checks = 5
 silent_dependencies = yes
 auto_update = no
 port_range = default
 plugin_upload_suffixes = .nasl, .nasl3, .inc, .inc3, .nbin
 use_mac_addr = no
 server_info_thread_manager = fork
 ntp_client_accepts_notes = yes
 ntp_escape_crlf = yes
 auto_enable_dependencies = yes
 ntp_save_sessions = yes
 server_info_os_version = 2.6.9-5.ELsmp
 plugin_upload = yes
 kb_restore = no
end(SERVER_PREFS)



_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  +SYN and +FIN, Joel Elwell
Next by Date:  Re: nessus not finding tcp port 443 even though this is definitely active, George A. Theall
Previous by Thread:  +SYN and +FIN, Joel Elwell
Next by Thread:  Re: nessus not finding tcp port 443 even though this is definitely active, George A. Theall
Indexes:  [Date] [Thread] [Top] [All Lists]