Hi Everyone For some time we have used Nessus as part of a script which performs various NMAP scans, Whisker/Nikto scans etc. I can see a benefit to performing many of these things from within Nessus, so that Nessus can add it to the KB for further tests.
I don't completely understand all of the settings in the .nessusrc file, and have come up with a list of questions. Apologies for so many, but any and all answers greatly appreciated: 1. What are each of the numbers in the scanner_set section of .nessusrc, specifically 10180, 10331, 10335, 10336, 10796, 11219, 11840. I realise similar questions have been asked before, but the meaning of some of these numbers appears to have changed a little over revisions (and reduced in quantity). 2. Do the settings family of plugins require to be edited to configure them, or do they simply read the .nessusrc file to obtain settings? 3. How does Nessus interface with Nikto? Does Nikto need to be in a specific directory? 4. How does Nesssus interface with Hydra? Does Hydra need to be in a specific directory? 5. Can someone explain exactly what the web mirroring feature does? Is the mirror image used by Nessus to reduce network bandwidth, or is it stored for human review? If so where is it stored? 6. In my 2.08a .nessusrc there are multiple instances of the line: HTTP login page [entry]: Login form fields: = user=%USER%&PASS = %PASS% Where do the variables USER and PASS get set and why so many entries (I count four identical entries) Many thanks to the Nessus Gurus! Regards Dave Wray Sec-tec Ltd __________________________________________________________________________ The contents of this e-mail are confidential and are intended solely for the use of the person to whom they are addressed. If you are not the intended recipient of this message please notify the sender and delete it immediately, disclosure of its content to any other person is prohibited and may be unlawful. Sec-Tec does not accept any responsibility for viruses and it is your responsibility to scan the e-mail and attachments. Any liability arising from any third party acting on information contained in this e-mail is hereby excluded. --------------------------------------------------------------------------
