Hello, I am scanning a web application. I have entered an account and password for HTTP login. The web application requires a form-based login. I have entered the appropriate form name (login), URL (/), and username/password field names (username=%USER%&password=%PASS%) in the HTTP login section. I have specified the only ports to scan as 80 and 443.
However, it does not appear Nessus tries to login to the web application at all. It does not produce any web application vulnerabilities, and the web application has quite a few simple ones. Nessus also does not launch nikto, even though it is in the path. I am running Nessus 2.2.8 on RH Linux FC2. Any ideas as to where the problem is? How can I diagnose this further? - The http_login.nasl and nikto.nasl plugins are being launched launched - The scan does correctly find the HTTP ports - If you manually run 'nikto.pl -host [target]' from the command line, I do receive the desired results. But Nikto does not support form-based logins. - Nothing interesting in the Nessus logs that I can see, just information about plugins being launched. The Nessus dump file is also unhelpfull (log level 1) Thank You Rui Pereira wavefront1 at- shaw dot- ca _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
