Jesper S. Jensen wrote: > We have a server running a bunch of vhosts, and people have various > php/pearl/etc. scripts on their websites. We know there are voulnable > scripts on some of the websites, but Nessus doesn't find those, > because it's just scanning the web server itself. > > I was hoping that the use of ip[domain] would make Nessus able to scan > the vhosts directly, but as said it didn't quite do that. Am I > misunderstanding the mail below, or something? > If you know all the (virtual) domain names, provide that list of names (just names) to Nessus to scan and it _should_ use that information when testing (so when testing the web server it will send the "Host:" header with that domain in it)--it always works for me.
--Sullo -- http://www.cirt.net/ | http://www.osvdb.org/ _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
