Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Scan Troubleshooting How-to or Methodology

from [PacketMagic Lists] Network Security [Permanent Link]
Subject: RE: Scan Troubleshooting How-to or Methodology
Date: Fri, 14 Mar 2008 13:47:57 -0700 
Ron,

Thanks for the info - I appreciate it.  I just posted another message
about Windows StickyKeys.  It is suggest in our environment that Nessus
could be triggering this (hardly tested or confirmed at this point).
So.. If many others aren't seeing this problem it is something specific
to our environment and I'll need to figure out what plugin, etc. is
causing this problem.

Thanks!

Jeff

-----Original Message-----
From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of Ron Gula
Sent: Thursday, March 06, 2008 12:24 PM
To: nessus@list.nessus.org
Subject: Re: Scan Troubleshooting How-to or Methodology


1) I'm wondering what the best practices are for troubleshooting a

scan.

For example, I have noticed people setting max_checks = 1.  Is there a



good how-to or methodology that others are successfully using?  I know



I can manually enable/disable plugins, but with so many plugins that 
seems a bit old-school.  Isn't there some debugging that show exactly 
what is being executed at what time, etc?


With max_checks=1, the Nessus scanner won't execute more than one plugin
against a target host. This is useful if you are trying to debug which
plugin may be interacting with a target at a certain time, but not
ideal.

Also, you didn't specify what you were trying to discover. Did Nessus
miss something? If you are not performing client side audits, using a
sniffer to how Nessus interacts with a host is very informative.


2) I would like to know exactly which plugins were executed against a 
host.  This is the immediate problem I need to solve.  I enabled 
logging and debugging, but I don't see all the plugins listed in the 
debug file that ran.  For example, the MS SQL Server Brute Force 
plugin ran, but no output or information was found in the debug file.


I am always curious why Nessus users need this sort of information for
understanding the output of a scan, or perhaps to show management that
they indeed performed a full audit.

If a plugin didn't get logged, then it didn't run.

The MS SQL Brute Force plugin depends on Hydra and will immediately exit
if Hydra is not configured or available in the path.

If you want to test specific plugins and their settings, I suggest
saving the KB from a Nessus scan and then using the 'nasl' command line
tool to test them out as referenced in this blog entry:

http://blog.tenablesecurity.com/2007/06/using-the-nasl-.html

Ron Gula
Tenable Network Security




_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Nessus: no vulns in Windows95?, Riemer Brouwer
Next by Date:  Windows StickyKeys, PacketMagic Lists
Previous by Thread:  Re: Scan Troubleshooting How-to or Methodology, Ron Gula
Next by Thread:  Verifying latest plugins, Doug V
Indexes:  [Date] [Thread] [Top] [All Lists]