> On Fri, Jan 19, 2007 at 02:55:57PM +1100, [EMAIL PROTECTED] wrote: > > > I am using Nessus 3.0.4 on Win XP. I can configure it scan the server, > > but I don't think that it does what is expected. The web site has a few > > thousand pages, but scan takes only 20-30 minutes (I disable port scans, > > except port 80). > > Can you point to specific things that Nessus that you feel Nessus has > missed?
As I said, the Web site has thousands of pages. A thorough scan would not finish so fast. > Are these pages written using a scripting language such as PHP > or ASP rather than just static pages? Yes, they are. Most of them have .html extensions, but have PHP inserts. This is an additional interesting question: how can Nessus check for PHP vulnerabilities if PHP code never leaves the server? > And if so, are they linked in from > the initial page or in well-known directories? Yes. May be, not all of them, but most. > > > The > > webmiror plugin is selected too, but I don't think that it does > > anything. > > Why? That plugin generally won't report anything; instead, it updates > the KB with information found with entries such as: > > www/80/content/extensions/html Because I read in it's description that it creates a local mirror of the site. I don't see this happening. > > > The question is, how do I enable thorough tests? > > If you're using the Nessus 3 client for Windows itself, you do this by > editing a new policy and selecting "Thorough tests" under the "General" > settings tab. Sorry, there is nothing about "Thorough tests" there, nor under other tabs. The white paper you refer to below also mentions existence of "Thorough tests" just a few lines away from a screen cap that shows that there are no "Thorough tests" there. > > I found a couple of books describing Nessus, but they talk about Nessus > > 2. The new Nessus 3 interface is intuitive, but not well documented. > > Have you look at the white papers here: > > http://www.nessus.org/documentation/ > > Included are two user guides for Nessus 3.0. Sure, I've read these documents. They did not answer my questions. > > > George > -- > [EMAIL PROTECTED] > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
