Hello,
I don't speak english very well and sorry for my bad english.
Nessus is a very good program but a bit difficult to exploit it very
well. There a lot of options and possibilities.
I use Nessus 2.2.7 with plugins updated, NessusClient 1.0.0 RC4 on a
Mandriva 2006 distribution.
I don't have any problems but I have some questions.
1 - Hydra
I've seen in the scripts hydra_xxxxx.nasl (where xxxx represents the
different protocols which Hydra can attack) that if the option
''Thorough Tests'' is not selected then Hydra don't attack the target(s).
Can you confrm me that it's true? And why don't we see that in the
plugin dependencies? Is it possible to integer that in ''dependencies
checks'' or in another menu more ''detailled''.
2 - Thorough tests
I think this option is available for a lots of scripts and, like Hydra,
why don't we see this list. It's not easy to edit each scripts to see if
''Thorough tests'' is needed. I use the command find on linux and I
recover the results in a text file but it's very practical.
I've seen in the script snmp_default_community.nasl, there are 2 types
of configuration:
1 just the community name : public, private, cisco
2 a lots of name
And if ''Thorough tests'' is not enable then just the 1 is used.
So ''Thorough tests'' is an option for certain plugins and must be
activated for others. How can we differentiate that simply.
3 - Snmp
I want to put multiple community name, is it possible in the snmp
settings or do I edit the script snmp_default_community.nasl and write
in with the appropriate syntax (in the second list).
Is it possible in next version to implement an option for snmp, like
Hydra, to select a text file which contains community name or a simple
but multiple syntax in snmp settings (like nmap -p 21,22,80,etc.)
Concerning snmp scanner, I think in earlier version, snmpwalk (includes
in net-snmp-utils) must be installed on host to see snmp scanner in the
scanner options. But now, I see that Nessus includes a snmp scanner,
like TCP scanner, so can you confirm me that it's true.
That's all. I hope that you can understand me
Bye
Sebastien
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
