Hey all, I was trying Nessus 3.0.6.1 Build W321 (and before that 3.0.3) to scan a particular website for scripting vulnerabilities (phpBB and stuff), and I found for this part, Nessus will give you a false sense of security (since it may or may not return results, but mostly NOT). Either I'm really stupid, because I can't get Nessus to scan on hostname, or Nessus developers aren't thinking clearly. Even though I input a hostname to scan, if you do a double check (packet capture on either side), you will see Nesses request pages on "host: resolved IP number". I see no settings on my Windows 2000 Server installation to change this. Obviously, host: IP number works on about 0.00000001% of the webpages, since most webserver host multiple websites and of course will not return files from the requested hostname unless it's the one and only site running on that server. So, is this my fault or have there been millions and millions of useless scanning going around ? Oh, I've tried the IP[hostname] thingy for both localhost and remote website scanning. On all occassions, Nessus is scanning with the host:IP header. Please note, I'm not asking Nessus to scan ALL vhosts, I'm just asking it to scan ONE host (be it local or remote), and I'm even giving the name !
Laterz, da Kimp. -- _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
