Is there a way from the command line to turn on the "plug-in" parameter in
order to let the scan report display the attacks (what types of plug-in) were
used in the
port scan?
Thanks again.
Mikhail Utin <mutin@rubos.com> wrote: PenTesting is usually means you are
going to use real exploits. While "safe_check" = no is basically correct, not
all plugins will be exploits. You can do "fuzzy" scanning as well. It means
you identify opened ports first (or have all 64K ports), and next use ALL
plugins against. It creates pretty tuff scanning. However, it takes
significant time even for one host.
Good luck
----- Original Message -----
From: Shuang Zheng
To: nessus@list.nessus.org
Sent: Tuesday, February 26, 2008 1:07 PM
Subject: About penetration test via Nessus
Hi,
I'm new in using the nessus test tool.
I wish to use the nessus for penetration testing in my private network. I
did "Scan the port" with all the built-in plug-ins from either Nessus client
GUI or command line from Linux.
Note: in .nessusrc, the "safe_check" = no, all the plugin IDs are set to
"Yes".
In Linux: the following command is used:
nessus -c /home/arte/.nessus.rc -T html -q localhost 1241 nessus nessus
/usr/bin/target2.txt output
I wonder if the above method for penetration test is right ? What is the
right way to do for Nessus to dislay the penetration result in the report?
(or show the end user what type of plug-ins are used?)
Thank you in advance,
Sue
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it
now.
---------------------------------
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
---------------------------------
Never miss a thing. Make Yahoo your homepage._______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
