Although Renaud made some awesome performance improvements to more than
half of the plugin set, a couple plugins which everything else depends on
actually take significantly longer to run due to massive enhancements.
A good example of this is webmirror.nasl. This plugin had a huge set of
changes made to it that allow it to track web site directories and common
misconfigurations as it crawls the site. There was about 10k of new code
added to it between 1.2.6 and 1.2.7. Since many of the web plugins depend
on this plugin to finish before they run, it will actually increase the
total scan time and provide much more accurate results in return.
The DDI_IIS_Compromised plugin has the same issue, it now checks for tons
of new backdoors and actually has a somewhat sane signature model now.
This also adds on to the total scan time. The DDI_Directory_Scanner
plugin is also one of the longer running ones, but the data it gathers
can be critical to the other plugins (webmirror). The total effect is
there are a few plugins that each take a considerable amount of time to
run and must run in a sequential fashion...
If speed is truly an issue (over accuracy), feel free to nop out some of
these scripts, just replace the body code with an exit(0).
If you are sick of nessus trying to connect to closed ports, this speeds
everything up immensely, at the expense of not being able to run scans on
the command-line:
$ perl -pe 'if (/if\(!port\).*port.*=.*[0-9]{1,5}/) { $_ .= "state =
get_kb_item(string(\"Ports/tcp/\", port));\nif(!state) exit(0);\n"}' <
some_slow_plugin.nasl > slightly_less_slow.nasl
Try running a scan on a single host, then taking the nessusd.messages file
(which contains logs for just that one host), and running it through
this:
$ cat nessusd.messages | grep "finished" | awk '{print $13 " " $6 }' |
sort -n
What plugins are taking the longest to finish? Are any of them timing out?
-HD
On Thursday 19 December 2002 23:12, ~Kevin Davis� wrote:
> I did a couple scans recently with 1.2.7 and it actually scanned
> slower.
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
