On 10/05/07 05:43, Kevin Mc Grath wrote: > I hope someone can enlighten me about the "thorough tests" option. I > have no information on this except that some plugins will work > "harder" when this option is enabled. What else does it do? Why should > this option be enabled?
In addition to what Ron and Michel have said, two other effects of enabling thorough tests are: - Some plugins will look in common locations when checking for CGI applications even if those locations were not detected by other plugins. So if, for example, SquirrelMail is installed under the directory "/webmail", plugin #12647 should identify it even if you didn't add that directory to your list of CGI directories and Nessus failed to find a link to it when scanning for CGI directories. - Some plugins will run additional tests or test for additional issues. For example, plugin #22049 checks for a number of remote file include issues affecting third-party components and modules for Mambo and Joomla, all involving the 'mosConfig_absolute_path' parameter. [Remember when everybody and their brother was posting those last year?] Without thorough tests, the report will stop after it finds the first vulnerable component / module; with it enabled, though, Nessus will check for all such issues we know about and include all that it finds in the report. Finally, Michel mentioned its use by service detection plugins. While it can aid in detection of services running on non-standard ports, it may also cause less robust services to crash. George -- [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
