I've earlier asked about Nessus ability to scan vhosts on web servers,
but never really got any useful responses. In the mean time I've been
testing Nessus in various ways, and the other day I tried Nessus 3 but
got some rather funky/weird results.
I used NessusClient to set up a scan for www.mydomain.dk (that's of
course not the real domain I scanned!). I selected plugins for CGI
abuses and Web Servers, and tried various nmap/cgi/etc. setting changes
in NessusClient with little change in the result.
Now on to the weird part. When I scan my webserver/vhost some of the
scans are launched against the the vhost, that is including the right
http headers. But way most are launched directly against the webserver/IP.
My question is: How come Nessus does this? Is it only some scripts that
are made for using the correct http headers, or what's going on? Can
Nessus somehow be persuaded to scan the vhosts with the right http headers?
I've tried a couple of other dedicated webserver scanners, such as
Nikto, and it scans the vhost just fine. It's just that I would like to
try Nessus for it, since it's usually the best or one of the best for
"normal" security scanning and I was hoping it was the case here as well.
--
Jesper S. Jensen
Uni-C - Aarhus, Denmark
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
