On Thu, 8 Jan 2004, Ravi wrote:
> First, I could not find any options for LibWhisker, is there any
> tool to be downloaded?
For nessus-2.0.8, they are at the bottom of the "Prefs." tab (they
don't show up unless you log in to a nessus server, by the way):
o X (none)
o 1 Random URI encoding (non-UTF8)
o 2 Directory self-reference (/./)
o 3 Premature URL ending
o 4 Prepend long random string
o 5 Fake parameter
o 6 TAB as request spacer
o 7 Random case sensitivity
o 8 Use Windows directory separator (\)
o 9 Session splicing (slow)
You will need to install the nikto utility. It is not part of nessus.
Also, whisker is no longer used.
> Some one describe taking a example of CGI abuses, how you add NIDS
> evasion techniques to this family.
I don't understand this comment/question.
Best regards,
Erik Stephens www.edgeos.com
Managed Vulnerability Assessment Services
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
