Nick Strecker wrote:
Also, I'm curious as to why Nessus has so few (35) of these unpassworded/default unix account checks? A search on google turned up the following link (http://bsrf.org.uk/tutorials/defaultpasswords.html) which, even if I narrow in on just Generic UNIX accounts, includes an additional 125+ default user names/passwords that aren't currently covered by Nessus.
There are actually many more (some probably overlap) if you look at http://www.cirt.net/cgi-bin/passwd.pl
It even provides a CSV export so it could be quite easy to automatically generate NASL plugins for default user/passwords for web, SNMP and telnet remote access based on those. Nessus provides a plugin to hydra, which you could also use by feeding that user/password list to it. Although it might make more sense to running hydra separately if you want to try such an exhaustive list...
Regards
Javier _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
