On Mon, Apr 04, 2005 at 10:17:16AM +0900, ian acces wrote:
> Having looked at the source of a few of the xss plugins
> and seeing that the required port is 80, I'd like to know
> why these tests are not run against port 443 as well.
It's generally regarded that one of Nessus' strengths is its
ability to detect services running on non-standard ports
(eg, an ssh server on port 80), and the find_service in
particular tries very hard to identify services found on
open ports.
I suspect you're basing your statement on seeing a NASL
statement such as "script_require_ports("Services/www",
80);" in the source. This doesn't mean that the plugin
should only run against port 80 but rather that, if optimize
mode is enabled, the script will run only if port 80 ***or a
port identified as running a web service*** is open. If this
isn't the case, could you provide some details? Also, have
you tried actually running the plugins in question against a
target with a web server on port 443?
George
--
[EMAIL PROTECTED]
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
