Hello List Members, I am scanning a web application and have entered a account and password for HTTP login. Since the web application requires a form-based login, I have also entered the appropriate form name (login), URL (/), and username/password field names (username=%USER%&password=%PASS%) in the HTTP login section. I have specified the only ports to scan as 80 and 443.
However, it does not appear Nessus even tries to login to the web application. Certainly it does not produce any web application vulnerabilities at all. Also disconcerting is the fact that Nessus does not run nikto, even though it is in the path. I am running Nessus 2.2.8 on RH Linux FC2. Any ideas as to where the problem is? How can I diagnose this further? Thank You Rui _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
