Hi
All,
When I do a scan,
nmap is being run for all the hosts on all the ports for the port scan and then
for the all the plugins as well. I am scanning ~1000 IPAs and only ~50 of them
are alive. I want to first try and ping the target, and just proceed to the next
target if nessus cannot ping it. What am I doing wrong ? I have selected "All
but Dangerous" plugins.
Here are snippets
from the rc file.
-------------------------------------------------------------------------------------------------------------------------------------------------------------
begin(SERVER_INFO)
server_info_nessusd_version = 2.0.10
server_info_libnasl_version = 2.0.10
server_info_libnessus_version = 2.0.12
server_info_thread_manager = fork
server_info_os = Linux
server_info_os_version = 2.4.22-1.2179.nptl_47.rhfc1.at
end(SERVER_INFO)
server_info_nessusd_version = 2.0.10
server_info_libnasl_version = 2.0.10
server_info_libnessus_version = 2.0.12
server_info_thread_manager = fork
server_info_os = Linux
server_info_os_version = 2.4.22-1.2179.nptl_47.rhfc1.at
end(SERVER_INFO)
-------------------------------------------------------------------------------------------------------------------------------------------------------------
trusted_ca =
/usr/local/com/nessus/CA/cacert.pem
nessusd_host = localhost
nessusd_user = user
paranoia_level = 1
begin(SCANNER_SET)
10180 = yes
10277 = no
10278 = no
10331 = no
10335 = no
10841 = no
10336 = no
10796 = no
11219 = yes
11840 = no
end(SCANNER_SET)
-------------------------------------------------------------------------------------------------------------------------------------------------------------
nessusd_host = localhost
nessusd_user = user
paranoia_level = 1
begin(SCANNER_SET)
10180 = yes
10277 = no
10278 = no
10331 = no
10335 = no
10841 = no
10336 = no
10796 = no
11219 = yes
11840 = no
end(SCANNER_SET)
-------------------------------------------------------------------------------------------------------------------------------------------------------------
begin(SERVER_PREFS)
max_hosts = 8
max_checks = 8
log_whole_attack = yes
cgi_path = /cgi-bin:/scripts
port_range = default
optimize_test = yes
language = english
checks_read_timeout = 5
non_simult_ports = 139, 445
plugins_timeout = 320
safe_checks = yes
auto_enable_dependencies = yes
use_mac_addr = no
save_knowledge_base = no
kb_restore = no
> > kb_dont_replay_scanners = no
kb_dont_replay_info_gathering = no
kb_dont_replay_attacks = no
kb_dont_replay_denials = no
kb_max_age = 864000
plugin_upload = no
plugin_upload_suffixes = .nasl, .inc
slice_network_addresses = no
save_session = yes
save_empty_sessions = yes
host_expansion = ip
ping_hosts = no
reverse_lookup = no
detached_scan = no
continuous_scan = no
unscanned_closed = no
diff_scan = no
max_threads = 50
n_upload = no
end(SERVER_PREFS)
max_hosts = 8
max_checks = 8
log_whole_attack = yes
cgi_path = /cgi-bin:/scripts
port_range = default
optimize_test = yes
language = english
checks_read_timeout = 5
non_simult_ports = 139, 445
plugins_timeout = 320
safe_checks = yes
auto_enable_dependencies = yes
use_mac_addr = no
save_knowledge_base = no
kb_restore = no
> > kb_dont_replay_scanners = no
kb_dont_replay_info_gathering = no
kb_dont_replay_attacks = no
kb_dont_replay_denials = no
kb_max_age = 864000
plugin_upload = no
plugin_upload_suffixes = .nasl, .inc
slice_network_addresses = no
save_session = yes
save_empty_sessions = yes
host_expansion = ip
ping_hosts = no
reverse_lookup = no
detached_scan = no
continuous_scan = no
unscanned_closed = no
diff_scan = no
max_threads = 50
n_upload = no
end(SERVER_PREFS)
-------------------------------------------------------------------------------------------------------------------------------------------------------------
begin(PLUGINS_PREFS)
SMTP settings[entry]:Third party domain : = example.com
SMTP settings[entry]:From address : = [EMAIL PROTECTED]
SMTP settings[entry]:To address : = [EMAIL PROTECTED]]
NIDS evasion[radio]:TCP evasion technique = none
NIDS evasion[checkbox]:Send fake RST when establishing a TCP connection = no
Web mirroring[entry]:Number of pages to mirror : = 20
Web mirroring[entry]:Start page : = /
SMB Scope[checkbox]:Request information about the domain = yes
Login configurations[entry]:FTP account : = anonymous
Login configurations[password]:FTP password (sent in clear) : = [EMAIL PROTECTED]
Login configurations[entry]:FTP writeable directory : = /incoming
Login configurations[checkbox]:Never send SMB credentials in clear text = yes
Login configurations[checkbox]:Only use NTLMv2 = no
HTTP login page[entry]:Login page : = /
HTTP login page[entry]:Login form fields : = user=%USER%&pass=%PASS%
Services[entry]:Number of connections done in parallel : = 5
Services[entry]:Network connection timeout : = 5
Services[entry]:Network read/write timeout : = 5
Services[entry]:Wrapped service read timeout : = 2
Services[radio]:Test SSL based services = All
Services[checkbox]:Quick SOCKS proxy checking = yes
Brute force login (Hydra)[entry]:Number of simultaneous connections : = 5
Brute force login (Hydra)[checkbox]:Brute force telnet = yes
Brute force login (Hydra)[checkbox]:Brute force FTP = no
Brute force login (Hydra)[checkbox]:Brute force POP3 = no
Brute force login (Hydra)[checkbox]:Brute force IMAP = no
Brute force login (Hydra)[checkbox]:Brute force cisco = yes
Brute force login (Hydra)[checkbox]:Brute force cisco-enable = yes
Brute force login (Hydra)[checkbox]:Brute force VNC = no
Brute force login (Hydra)[checkbox]:Brute force SOCKS 5 = no
Brute force login (Hydra)[checkbox]:Brute force rexec = no
Brute force login (Hydra)[checkbox]:Brute force NNTP = no
Brute force login (Hydra)[checkbox]:Brute force HTTP = no
Brute force login (Hydra)[checkbox]:Brute force ICQ = no
Brute force login (Hydra)[checkbox]:Brute force PCNFS = no
Brute force login (Hydra)[checkbox]:Brute force SMB = no
Brute force login (Hydra)[checkbox]:Brute force LDAP = no
Misc information on News server[entry]:From address : = Nessus <[EMAIL PROTECTED]>
Misc information on News server[entry]:Test group name regex : = f[a-z]\.tests?
Misc information on News server[entry]:Max crosspost : = 7
Misc information on News server[checkbox]:Local distribution = yes
Misc information on News server[checkbox]:No archive = no
ftp writeable directories[radio]:How to check if directories are writeable : = Attempt to store a file
SMB use host SID to enumerate local users[entry]:Start UID : = 1000
SMB use host SID to enumerate local users[entry]:End UID : = 1200
HTTP NIDS evasion[checkbox]:Use HTTP HEAD instead of GET = no
HTTP NIDS evasion[radio]:URL encoding = none
HTTP NIDS evasion[radio]:Absolute URI type = none
HTTP NIDS evasion[radio]:Absolute URI host = none
HTTP NIDS evasion[checkbox]:Double slashes = no
HTTP NIDS evasion[radio]:Reverse traversal = none
HTTP NIDS evasion[checkbox]:Self-reference directories = no
HTTP NIDS evasion[checkbox]:Premature request ending = no
HTTP NIDS evasion[checkbox]:CGI.pm semicolon separator = no
HTTP NIDS evasion[checkbox]:Parameter hiding = no
HTTP NIDS evasion[checkbox]:Dos/Windows syntax = no
HTTP NIDS evasion[checkbox]:Null method = no
HTTP NIDS evasion[checkbox]:TAB separator = no
HTTP NIDS evasion[checkbox]:HTTP/0.9 requests = no
SMB use domain SID to enumerate users[entry]:Start UID : = 1000
SMB use domain SID to enumerate users[entry]:End UID : = 1200
Unknown CGIs arguments torture[checkbox]:Send POST requests = no
Libwhisker options[radio]:IDS evasion technique: = X (none)
Ping the remote host[entry]:TCP ping destination port(s) : = built-in
Ping the remote host[checkbox]:Do a TCP ping = yes
Ping the remote host[checkbox]:Do an ICMP ping = yes
Ping the remote host[entry]:Number of retries (ICMP) : = 10
Ping the remote host[checkbox]:Make the dead hosts appear in the report = no
Ping the remote host[checkbox]:Log live hosts in the report = yes
Brute force login (Hydra)[file]:Logins file : = /root/usernames.txt
Brute force login (Hydra)[file]:Passwords file : = /root/passwords.txt
Nmap[radio]:TCP scanning technique : = SYN scan
Nmap[checkbox]:UDP port scan = no
Nmap[checkbox]:RPC port scan = no
Nmap[checkbox]:Ping the remote host = yes
Nmap[checkbox]:Identify the remote OS = yes
Nmap[checkbox]:Use hidden option to identify the remote OS = yes
Nmap[checkbox]:Fragment IP packets (bypasses firewalls) = no
Nmap[checkbox]:Get Identd info = no
Nmap[radio]:Port range = User specified range
Nmap[checkbox]:Do not randomize the order in which ports are scanned = yes
Nmap[entry]:Source port : = any
Nmap[radio]:Timing policy : = Normal
Global variable settings[checkbox]:Enable experimental scripts = no
Global variable settings[checkbox]:Thorough tests (slow) = no
Global variable settings[radio]:Report verbosity = Normal
Global variable settings[radio]:Log verbosity = Normal
Global variable settings[entry]:Debug level = 0
HTTP NIDS evasion[checkbox]:Random case sensitivity (Nikto only) = no
Brute force login (Hydra)[entry]:Web page to brute force : =
Services[file]:SSL certificate : =
Services[file]:SSL private key : =
Services[password]:PEM password : =
Services[file]:CA file : =
Nmap[entry]:Data length : =
Nmap[entry]:Ports scanned in parallel (max) =
Nmap[entry]:Host Timeout (ms) : =
Nmap[entry]:Min RTT Timeout (ms) : =
Nmap[entry]:Max RTT Timeout (ms) : =
Nmap[entry]:Initial RTT timeout (ms) =
Nmap[entry]:Minimum wait between probes (ms) =
Nmap[file]:File containing nmap's results : =
Login configurations[entry]:HTTP account : =
Login configurations[password]:HTTP password (sent in clear) : =
Login configurations[entry]:NNTP account : =
Login configurations[password]:NNTP password (sent in clear) : =
Login configurations[entry]:POP2 account : =
Login configurations[password]:POP2 password (sent in clear) : =
Login configurations[entry]:POP3 account : =
Login configurations[password]:POP3 password (sent in clear) : =
Login configurations[entry]:IMAP account : =
Login configurations[password]:IMAP password (sent in clear) : =
Login configurations[entry]:SMB account : =
Login configurations[password]:SMB password : =
Login configurations[entry]:SMB domain (optional) : =
Login configurations[entry]:SNMP community (sent in clear) : =
HTTP login page[entry]:Login form : =
HTTP NIDS evasion[entry]:HTTP User-Agent =
HTTP NIDS evasion[entry]:Force protocol string : =
end(PLUGINS_PREFS)
SMTP settings[entry]:Third party domain : = example.com
SMTP settings[entry]:From address : = [EMAIL PROTECTED]
SMTP settings[entry]:To address : = [EMAIL PROTECTED]]
NIDS evasion[radio]:TCP evasion technique = none
NIDS evasion[checkbox]:Send fake RST when establishing a TCP connection = no
Web mirroring[entry]:Number of pages to mirror : = 20
Web mirroring[entry]:Start page : = /
SMB Scope[checkbox]:Request information about the domain = yes
Login configurations[entry]:FTP account : = anonymous
Login configurations[password]:FTP password (sent in clear) : = [EMAIL PROTECTED]
Login configurations[entry]:FTP writeable directory : = /incoming
Login configurations[checkbox]:Never send SMB credentials in clear text = yes
Login configurations[checkbox]:Only use NTLMv2 = no
HTTP login page[entry]:Login page : = /
HTTP login page[entry]:Login form fields : = user=%USER%&pass=%PASS%
Services[entry]:Number of connections done in parallel : = 5
Services[entry]:Network connection timeout : = 5
Services[entry]:Network read/write timeout : = 5
Services[entry]:Wrapped service read timeout : = 2
Services[radio]:Test SSL based services = All
Services[checkbox]:Quick SOCKS proxy checking = yes
Brute force login (Hydra)[entry]:Number of simultaneous connections : = 5
Brute force login (Hydra)[checkbox]:Brute force telnet = yes
Brute force login (Hydra)[checkbox]:Brute force FTP = no
Brute force login (Hydra)[checkbox]:Brute force POP3 = no
Brute force login (Hydra)[checkbox]:Brute force IMAP = no
Brute force login (Hydra)[checkbox]:Brute force cisco = yes
Brute force login (Hydra)[checkbox]:Brute force cisco-enable = yes
Brute force login (Hydra)[checkbox]:Brute force VNC = no
Brute force login (Hydra)[checkbox]:Brute force SOCKS 5 = no
Brute force login (Hydra)[checkbox]:Brute force rexec = no
Brute force login (Hydra)[checkbox]:Brute force NNTP = no
Brute force login (Hydra)[checkbox]:Brute force HTTP = no
Brute force login (Hydra)[checkbox]:Brute force ICQ = no
Brute force login (Hydra)[checkbox]:Brute force PCNFS = no
Brute force login (Hydra)[checkbox]:Brute force SMB = no
Brute force login (Hydra)[checkbox]:Brute force LDAP = no
Misc information on News server[entry]:From address : = Nessus <[EMAIL PROTECTED]>
Misc information on News server[entry]:Test group name regex : = f[a-z]\.tests?
Misc information on News server[entry]:Max crosspost : = 7
Misc information on News server[checkbox]:Local distribution = yes
Misc information on News server[checkbox]:No archive = no
ftp writeable directories[radio]:How to check if directories are writeable : = Attempt to store a file
SMB use host SID to enumerate local users[entry]:Start UID : = 1000
SMB use host SID to enumerate local users[entry]:End UID : = 1200
HTTP NIDS evasion[checkbox]:Use HTTP HEAD instead of GET = no
HTTP NIDS evasion[radio]:URL encoding = none
HTTP NIDS evasion[radio]:Absolute URI type = none
HTTP NIDS evasion[radio]:Absolute URI host = none
HTTP NIDS evasion[checkbox]:Double slashes = no
HTTP NIDS evasion[radio]:Reverse traversal = none
HTTP NIDS evasion[checkbox]:Self-reference directories = no
HTTP NIDS evasion[checkbox]:Premature request ending = no
HTTP NIDS evasion[checkbox]:CGI.pm semicolon separator = no
HTTP NIDS evasion[checkbox]:Parameter hiding = no
HTTP NIDS evasion[checkbox]:Dos/Windows syntax = no
HTTP NIDS evasion[checkbox]:Null method = no
HTTP NIDS evasion[checkbox]:TAB separator = no
HTTP NIDS evasion[checkbox]:HTTP/0.9 requests = no
SMB use domain SID to enumerate users[entry]:Start UID : = 1000
SMB use domain SID to enumerate users[entry]:End UID : = 1200
Unknown CGIs arguments torture[checkbox]:Send POST requests = no
Libwhisker options[radio]:IDS evasion technique: = X (none)
Ping the remote host[entry]:TCP ping destination port(s) : = built-in
Ping the remote host[checkbox]:Do a TCP ping = yes
Ping the remote host[checkbox]:Do an ICMP ping = yes
Ping the remote host[entry]:Number of retries (ICMP) : = 10
Ping the remote host[checkbox]:Make the dead hosts appear in the report = no
Ping the remote host[checkbox]:Log live hosts in the report = yes
Brute force login (Hydra)[file]:Logins file : = /root/usernames.txt
Brute force login (Hydra)[file]:Passwords file : = /root/passwords.txt
Nmap[radio]:TCP scanning technique : = SYN scan
Nmap[checkbox]:UDP port scan = no
Nmap[checkbox]:RPC port scan = no
Nmap[checkbox]:Ping the remote host = yes
Nmap[checkbox]:Identify the remote OS = yes
Nmap[checkbox]:Use hidden option to identify the remote OS = yes
Nmap[checkbox]:Fragment IP packets (bypasses firewalls) = no
Nmap[checkbox]:Get Identd info = no
Nmap[radio]:Port range = User specified range
Nmap[checkbox]:Do not randomize the order in which ports are scanned = yes
Nmap[entry]:Source port : = any
Nmap[radio]:Timing policy : = Normal
Global variable settings[checkbox]:Enable experimental scripts = no
Global variable settings[checkbox]:Thorough tests (slow) = no
Global variable settings[radio]:Report verbosity = Normal
Global variable settings[radio]:Log verbosity = Normal
Global variable settings[entry]:Debug level = 0
HTTP NIDS evasion[checkbox]:Random case sensitivity (Nikto only) = no
Brute force login (Hydra)[entry]:Web page to brute force : =
Services[file]:SSL certificate : =
Services[file]:SSL private key : =
Services[password]:PEM password : =
Services[file]:CA file : =
Nmap[entry]:Data length : =
Nmap[entry]:Ports scanned in parallel (max) =
Nmap[entry]:Host Timeout (ms) : =
Nmap[entry]:Min RTT Timeout (ms) : =
Nmap[entry]:Max RTT Timeout (ms) : =
Nmap[entry]:Initial RTT timeout (ms) =
Nmap[entry]:Minimum wait between probes (ms) =
Nmap[file]:File containing nmap's results : =
Login configurations[entry]:HTTP account : =
Login configurations[password]:HTTP password (sent in clear) : =
Login configurations[entry]:NNTP account : =
Login configurations[password]:NNTP password (sent in clear) : =
Login configurations[entry]:POP2 account : =
Login configurations[password]:POP2 password (sent in clear) : =
Login configurations[entry]:POP3 account : =
Login configurations[password]:POP3 password (sent in clear) : =
Login configurations[entry]:IMAP account : =
Login configurations[password]:IMAP password (sent in clear) : =
Login configurations[entry]:SMB account : =
Login configurations[password]:SMB password : =
Login configurations[entry]:SMB domain (optional) : =
Login configurations[entry]:SNMP community (sent in clear) : =
HTTP login page[entry]:Login form : =
HTTP NIDS evasion[entry]:HTTP User-Agent =
HTTP NIDS evasion[entry]:Force protocol string : =
end(PLUGINS_PREFS)
-------------------------------------------------------------------------------------------------------------------------------------------------------------
Thanks for all your
help ...
Keyur
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
