Thanks.
-- Jared
on 2/16/2005 9:56 AM Jared Breland said the following:
on 2/15/2005 6:49 PM Renaud Deraison said the following:
On Tue, Feb 15, 2005 at 06:28:59PM -0600, Jared Breland wrote:
1. I updated my plugins today, but I'm getting these error messages about missing plugins. Can anyone tell me why I'm missing them, and how to get them?
These plugins are part of the non-GPL plugin feed. Please register your Nessus installation (http://www.nessus.org/register/), run nessus-update-plugins once you use your activation code, and you'll get a full plugin feed.
I forgot to mention that - I did register, and I am using the non-GPL feed. Or, at least I should be. Here's my /etc/nessus/nessus-fetch.rc:
login=xxxxx password=xxxxx
where, xxxxx is the login and password I received after registering. I then update with nessus-update-plugins. Am I doing something wrong? Is there any way to further test this?
3. I want to run nikto against my web servers. I've successfully run it against my desktop in a test, and it worked. However, when trying to run it against an actual webserver, it doesn't produce any output. Can't figure out why. Here's the log entries, can anyone help me out here?
Try to designate the target host by its IP, make sure the remote web server does reply with proper 404 error codes, and make sure that calling 'nikto.pl' directly (and not 'perl nikto.pl') works.
Running this command as root works perfectly: nikto -host s02awes01
I did try using Nessus again with the IP address, and it still failed (well, not failed, but just gave no output). The server does not respond with 404 error pages, but nikto seems to be able to handle this. Here's a snippet from it's output:
+ Server does not respond with '404' for error messages (uses '400').
+ This may increase false-positives.
Anything else I can try? Maybe something I can set directly in .nessusrc?
4. Finally, I'm getting a BUNCH of errors like below. Could someone please explain what's meant by this? I'm assuming they mean that the specified appliction/protocol/os was not found (such as SNMP), but I have several entries in there that don't make sense. This is a Windows server, so most of the SMB/ entries should be valid. Any ideas?
As you can read, these are not errors. It means that it was not possible to enumerate the remote host registry (SMB) so we should move instead of trying one more time. Same thing for SNMP and whatever message you showed.
Ok, I figured that. However, I'm still unsure of why I'm getting some of the errors. For example:
Not launching smb_nt_ms00-047.nasl against s02awes01 because the key SMB/Registry/Enumerated is missing (this is not an error)
This is against a Windows 2000 server, so this should exist. This is really the main part of my confusion - why are some tests being skipped when, as far as I can tell, they should be run? What/where exactly is SMB/Registry/Enumerated?
Thanks for all the help!
-- Jared
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
