On Fri, Jan 19, 2007 at 02:55:57PM +1100, [EMAIL PROTECTED] wrote:
I am using Nessus 3.0.4 on Win XP. I can configure it scan the server,
but I don't think that it does what is expected. The web site has a few
thousand pages, but scan takes only 20-30 minutes (I disable port scans,
except port 80).
Can you point to specific things that Nessus that you feel Nessus has
missed? Are these pages written using a scripting language such as PHP
or ASP rather than just static pages? And if so, are they linked in from
the initial page or in well-known directories?
> The
webmiror plugin is selected too, but I don't think that it does
anything.
Why? That plugin generally won't report anything; instead, it updates
the KB with information found with entries such as:
www/80/content/extensions/html
The question is, how do I enable thorough tests?
If you're using the Nessus 3 client for Windows itself, you do this by
editing a new policy and selecting "Thorough tests" under the "General"
settings tab.
I found a couple of books describing Nessus, but they talk about Nessus
2. The new Nessus 3 interface is intuitive, but not well documented.
Have you look at the white papers here:
http://www.nessus.org/documentation/
Included are two user guides for Nessus 3.0.
George
--
[EMAIL PROTECTED]
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
