Everyone: I am working on a web UI for Nessus. At present it does exactly what Gary outlines. I called nessus command line via a servlet. One of my peers called it via Perl. Both those options work well.
Tam -----Original Message----- From: Gary Flynn [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 09, 2002 10:55 AM To: Hugo van der Kooij Cc: '[EMAIL PROTECTED]' Subject: Re: Web Interface for Nessus? Hugo van der Kooij wrote: > > I could think of a PHP script that will run the commandline version. Then > return with a page giving you a URL that might be usefull after an hour or > so. (This highly depends on the the time it takes to run a full scan.) or email the requester with the URL when the scan is complete. > IAnyone know of a simple trick to keep a session open for a > long time on a HTTP server with PHP? You could collect the information needed for the command line and create a job in a queue for a scheduler to pick up later. Then you wouldn't have to maintain anything on the web side. The biggest issue is determining authorization for a given user to scan a given IP address. This issue is different for different sites. -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe
