Nessus is a vulnerability scanner, not a brute force cracker. I've used Brutus in the past on FTP and Telnet servers to test password strength, it (Brutus) prolly has a https option as well or you can script your own.
You'll have to nab a dictionary as well. Google for Brutus and you should find it. -----Original Message----- From: George P Boutwell [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 9:33 AM To: [EMAIL PROTECTED] Subject: Web site security Hello, I'm accessing the security of an web-site. I've run Nitko manually (wasn't sure how to get it to run with Nessus). Anyways, It's probably very vulnerable and I found 2 or 3 pages which have authentication. I would like to brute force those pages. What's the best tool for doing that? If nessus can do it, I must be missing something, as I can't seem to get it to brute force authentication attempts. :( George --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.532 / Virus Database: 326 - Release Date: 10/27/2003
