Nessus is not finding port 443 on a device on which I know it is open,
but it does find 80..
Verified with nmap and that finds both 80 and 443 on that device.
Anybody any ideas to the why ?
This is the command I'm using:
/opt/nessus/bin/nessus -c nessusrc -T nbe -xq 127.0.0.1 1241 {userid}
{password} {rangefile} {outputfile.nbe}
Below is the nessusrc file I'm using (all plugins are enabled, except
for the DOS ones, so I've not included those lines).
.
In this nessusrc file I've tried these three options:
Ping the remote host[entry]:TCP ping destination port(s) : = built-in
Ping the remote host[entry]:TCP ping destination port(s) : = extended
Ping the remote host[entry]:TCP ping destination port(s) : =
"21;22;23;25;53;69;79;80;110;111;113;123;135;137;138;139;143;161;256;259;264;265;389;443;445;497;500;515;548;900;953;981;993;1025;1028;1029;1080;1201;1241;1433;1454;1723;1900;1917;2809;2869;2998;3128;3389;4100;5000;5600;8000;8080;9001;9100;9495;18182;65553"
All give me the exact same results, no port 443.
# This file was automagically created by nessus
nessusd_user = tst
nessusd_host = 127.0.0.1
begin(PLUGIN_PREFS)
Global variable settings[checkbox]:Enable CGI scanning = yes
Global variable settings[radio]:Network type = Mixed (use RFC 1918)
Global variable settings[checkbox]:Enable experimental scripts = no
Global variable settings[checkbox]:Thorough tests (slow) = no
Global variable settings[radio]:Report verbosity = Normal
Global variable settings[radio]:Report paranoia = Normal
Global variable settings[radio]:Log verbosity = Normal
Global variable settings[entry]:Debug level = 0
HTTP NIDS evasion[checkbox]:Use HTTP HEAD instead of GET = no
HTTP NIDS evasion[radio]:URL encoding = none
HTTP NIDS evasion[radio]:Absolute URI type = none
HTTP NIDS evasion[radio]:Absolute URI host = none
HTTP NIDS evasion[checkbox]:Double slashes = no
HTTP NIDS evasion[radio]:Reverse traversal = none
HTTP NIDS evasion[checkbox]:Self-reference directories = no
HTTP NIDS evasion[checkbox]:Premature request ending = no
HTTP NIDS evasion[checkbox]:CGI.pm semicolon separator = no
HTTP NIDS evasion[checkbox]:Parameter hiding = no
HTTP NIDS evasion[checkbox]:Dos/Windows syntax = no
HTTP NIDS evasion[checkbox]:Null method = no
HTTP NIDS evasion[checkbox]:TAB separator = no
HTTP NIDS evasion[checkbox]:HTTP/0.9 requests = no
HTTP NIDS evasion[checkbox]:Random case sensitivity (Nikto only) = no
SNMP settings[entry]:Community name : = public
SNMP settings[entry]:UDP port : = 161
Ping the remote host[entry]:TCP ping destination port(s) : = extended
Ping the remote host[checkbox]:Do a TCP ping = yes
Ping the remote host[checkbox]:Do an ICMP ping = no
Ping the remote host[entry]:Number of retries (ICMP) : = 6
Ping the remote host[checkbox]:Do an applicative UDP ping (DNS,RPC...) = no
Ping the remote host[checkbox]:Make the dead hosts appear in the report
= yes
Ping the remote host[checkbox]:Log live hosts in the report = yes
Login configurations[checkbox]:Never send SMB credentials in clear text
= yes
Login configurations[checkbox]:Only use NTLMv2 = no
Kerberos configuration[entry]:Kerberos KDC Port : = 88
Kerberos configuration[radio]:Kerberos KDC Transport : = udp
SSH settings[entry]:SSH user name : = root
Services[entry]:Number of connections done in parallel : = 6
Services[entry]:Network connection timeout : = 5
Services[entry]:Network read/write timeout : = 5
Services[entry]:Wrapped service read timeout : = 2
Services[radio]:Test SSL based services = Known SSL ports
Unknown CGIs arguments torture[checkbox]:Send POST requests = no
SMB use host SID to enumerate local users[entry]:Start UID : = 1000
SMB use host SID to enumerate local users[entry]:End UID : = 1200
Web mirroring[entry]:Number of pages to mirror : = 200
Web mirroring[entry]:Start page : = /
SMB use domain SID to enumerate users[entry]:Start UID : = 1000
SMB use domain SID to enumerate users[entry]:End UID : = 1200
Login configurations[entry]:FTP account : = anonymous
Login configurations[entry]:FTP writeable directory : = /incoming
SMB Scope[checkbox]:Request information about the domain = yes
Misc information on News server[entry]:Test group name regex : =
f[a-z]\.tests?
Misc information on News server[entry]:Max crosspost : = 7
Misc information on News server[checkbox]:Local distribution = yes
Misc information on News server[checkbox]:No archive = no
HTTP login page[entry]:Login page : = /
HTTP login page[entry]:Login form fields : = user=%USER%&pass=%PASS%
SMTP settings[entry]:Third party domain : = example.com
SMTP settings[entry]:From address : = [EMAIL PROTECTED]
SMTP settings[entry]:To address : = [EMAIL PROTECTED]
end(PLUGIN_PREFS)
begin(PLUGIN_SET)
...................removed (all yes except for the DOS ones)
end(PLUGIN_SET)
begin(PLUGINS_PREFS)
Ping the remote host[entry]:TCP ping destination port(s) : = built-in
SSH settings[password]:Passphrase for SSH key : =
SSH settings[file]:SSH private key to use : =
SSH settings[file]:SSH public key to use : =
SSH settings[password]:SSH password (unsafe!) : =
Nmap (NASL wrapper)[file]:File containing grepable results : =
Nmap (NASL wrapper)[entry]:Minimum wait between probes (ms) =
Nmap (NASL wrapper)[entry]:Ports scanned in parallel (min) =
Nmap (NASL wrapper)[entry]:Ports scanned in parallel (max) =
Nmap (NASL wrapper)[entry]:Initial RTT timeout (ms) : =
Nmap (NASL wrapper)[entry]:Max RTT Timeout (ms) : =
Nmap (NASL wrapper)[entry]:Min RTT Timeout (ms) : =
Nmap (NASL wrapper)[entry]:Host Timeout (ms) : =
Nmap (NASL wrapper)[entry]:Source port : =
Login configurations[entry]:Additional SMB domain (optional) (3) : =
Login configurations[password]:Additional SMB password (3) : =
Login configurations[entry]:Additional SMB account (3) : =
Login configurations[entry]:Additional SMB domain (optional) (2) : =
Login configurations[password]:Additional SMB password (2) : =
Login configurations[entry]:Additional SMB account (2) : =
Login configurations[entry]:Additional SMB domain (optional) (1) : =
Login configurations[password]:Additional SMB password (1) : =
Login configurations[entry]:Additional SMB account (1) : =
Login configurations[entry]:SMB domain (optional) : =
Login configurations[password]:SMB password : =
Login configurations[entry]:SMB account : =
Login configurations[password]:IMAP password (sent in clear) : =
Login configurations[entry]:IMAP account : =
Login configurations[password]:POP3 password (sent in clear) : =
Login configurations[entry]:POP3 account : =
Login configurations[password]:POP2 password (sent in clear) : =
Login configurations[entry]:POP2 account : =
Login configurations[password]:NNTP password (sent in clear) : =
Login configurations[entry]:NNTP account : =
Login configurations[password]:HTTP password (sent in clear) : =
Login configurations[entry]:HTTP account : =
Cleartext protocols settings[password]:Password (unsafe!) : =
Cleartext protocols settings[entry]:User name : =
Windows File Contents Compliance Checks[file]:Policy file #5 : =
Windows File Contents Compliance Checks[file]:Policy file #4 : =
Windows File Contents Compliance Checks[file]:Policy file #3 : =
Windows File Contents Compliance Checks[file]:Policy file #2 : =
Windows File Contents Compliance Checks[file]:Policy file #1 : =
Oracle settings[entry]:Oracle SID : =
Kerberos configuration[entry]:Kerberos Realm (SSH only) : =
Kerberos configuration[entry]:Kerberos Key Distribution Center (KDC) : =
HTTP login page[entry]:Login form : =
Services[file]:CA file : =
Services[password]:PEM password : =
Services[file]:SSL private key : =
Services[file]:SSL certificate : =
Web mirroring[entry]:Start page : = /
Web mirroring[entry]:Number of pages to mirror : = 200
SSH settings[entry]:SSH user name : = root
SMTP settings[entry]:To address : = [EMAIL PROTECTED]
SMTP settings[entry]:From address : = [EMAIL PROTECTED]
SMTP settings[entry]:Third party domain : = example.com
Global variable settings[entry]:HTTP User-Agent = Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.0)
Global variable settings[entry]:Debug level = 0
Global variable settings[radio]:Log verbosity = Normal;Quiet;Verbose;Debug
Global variable settings[radio]:Report paranoia = Normal;Avoid false
alarms;Paranoid (more false alarms)
Global variable settings[radio]:Report verbosity = Normal;Quiet;Verbose
Global variable settings[checkbox]:Thorough tests (slow) = no
Global variable settings[checkbox]:Enable experimental scripts = no
Global variable settings[radio]:Network type = Mixed (use RFC
1918);Private LAN; Public WAN (Internet)
Global variable settings[checkbox]:Enable CGI scanning = yes
Global variable settings[checkbox]:Do not log in with user accounts not
specified in the policy = no
Nmap (NASL wrapper)[checkbox]:Run dangerous port scans even if safe
checks are set = no
Nmap (NASL wrapper)[checkbox]:Do not scan targets not in the file = no
Nmap (NASL wrapper)[radio]:Timing policy : = Auto (nessus
specific!);Normal;Insane;Aggressive;Polite;Sneaky;Paranoid;Custom
Nmap (NASL wrapper)[checkbox]:Do not randomize the order in which
ports are scanned = no
Nmap (NASL wrapper)[checkbox]:Get Identd info = no
Nmap (NASL wrapper)[checkbox]:Fragment IP packets (bypasses firewalls) = no
Nmap (NASL wrapper)[checkbox]:Use hidden option to identify the remote
OS = no
Nmap (NASL wrapper)[checkbox]:Identify the remote OS = no
Nmap (NASL wrapper)[checkbox]:RPC port scan = no
Nmap (NASL wrapper)[checkbox]:Service scan = no
Nmap (NASL wrapper)[checkbox]:UDP port scan = no
Nmap (NASL wrapper)[radio]:TCP scanning technique : = connect();SYN
scan;FIN scan;Xmas Tree scan;Null scan
Login configurations[checkbox]:Only use NTLMv2 = no
Login configurations[checkbox]:Never send SMB credentials in clear text
= yes
Login configurations[radio]:SMB password type : = Password;LM Hash;NTLM
Hash
Login configurations[entry]:FTP writeable directory : = /incoming
Login configurations[password]:FTP password (sent in clear) : =
[EMAIL PROTECTED]
Login configurations[entry]:FTP account : = anonymous
SMB use domain SID to enumerate users[entry]:End UID : = 1200
SMB use domain SID to enumerate users[entry]:Start UID : = 1000
SMB Scope[checkbox]:Request information about the domain = yes
SNMP settings[entry]:UDP port : = 161
SNMP settings[entry]:Community name : = public
SMB use host SID to enumerate local users[entry]:End UID : = 1200
SMB use host SID to enumerate local users[entry]:Start UID : = 1000
Cleartext protocols settings[checkbox]:Try to perform patch level
checks over rexec = no
Cleartext protocols settings[checkbox]:Try to perform patch level
checks over rsh = no
Cleartext protocols settings[checkbox]:Try to perform patch level
checks over telnet = no
Unknown CGIs arguments torture[checkbox]:Send POST requests = no
Misc information on News server[checkbox]:No archive = no
Misc information on News server[checkbox]:Local distribution = yes
Misc information on News server[entry]:Max crosspost : = 7
Misc information on News server[entry]:Test group name regex : =
f[a-z]\.tests?
Misc information on News server[entry]:From address : = Nessus
<[EMAIL PROTECTED]>
Do not scan fragile devices[checkbox]:Scan Novell Netware hosts = no
Do not scan fragile devices[checkbox]:Scan Network Printers = no
Oracle settings[checkbox]:Test default accounts (slow) = no
Nessus TCP scanner[checkbox]:Network congestion detection = yes
Nessus TCP scanner[checkbox]:Detect firewall = yes
Nessus TCP scanner[checkbox]:Detect RST rate limitation = yes
Nessus TCP scanner[checkbox]:Scan ports in random order = yes
Kerberos configuration[radio]:Kerberos KDC Transport : = udp;tcp
Kerberos configuration[entry]:Kerberos KDC Port : = 88
HTTP login page[entry]:Login form fields : = user=%USER%&pass=%PASS%
HTTP login page[entry]:Login page : = /
Services[radio]:Test SSL based services = Known SSL ports;All;None
Services[entry]:Wrapped service read timeout : = 2
Services[entry]:Network read/write timeout : = 5
Services[entry]:Network connection timeout : = 5
Services[entry]:Number of connections done in parallel : = 6
Ping the remote host[checkbox]:Test the local Nessus host = yes
Ping the remote host[checkbox]:Log live hosts in the report = no
Ping the remote host[checkbox]:Make the dead hosts appear in the report
= no
Ping the remote host[checkbox]:Do an applicative UDP ping (DNS,RPC...) = no
Ping the remote host[entry]:Number of retries (ICMP) : = 6
Ping the remote host[checkbox]:Do an ICMP ping = no
Ping the remote host[checkbox]:Do a TCP ping = yes
Ping the remote host[checkbox]:Do an ARP ping = yes
end(PLUGINS_PREFS)
begin(SERVER_INFO)
server_info_nessusd_version = 3.0.6
server_info_os_version = 2.4.27-2-386
server_info_os = Linux
server_info_thread_manager = fork
server_info_libnessus_version = 3.0.6
server_info_libnasl_version = 3.0.6
end(SERVER_INFO)
begin(RULES)
end(RULES)
begin(SERVER_PREFS)
server_info_libnasl_version = 3.0.1
log_whole_attack = yes
trace_scan = no
server_info_nessusd_version = 3.0.1
ntp_detached_sessions = yes
safe_checks = yes
unscanned_closed = no
kb_dont_replay_scanners = no
kb_max_age = 864000
only_test_hosts_whose_kb_we_have = no
server_info_libnessus_version = 3.0.1
throttle_scan = yes
ntp_short_status = yes
auto_update_delay = 24
slice_network_addresses = no
ntp_keep_communication_alive = yes
cgi_path = /cgi-bin:/scripts
ntp_opt_show_end = yes
language = english
only_test_hosts_whose_kb_we_dont_have = no
plugins_timeout = 320
kb_dont_replay_info_gathering = no
kb_dont_replay_denials = no
checks_read_timeout = 5
save_knowledge_base = no
non_simult_ports = 139, 445
server_info_os = Linux
optimize_test = yes
max_hosts = 20
kb_dont_replay_attacks = no
reverse_lookup = no
max_checks = 5
silent_dependencies = yes
auto_update = no
port_range = default
plugin_upload_suffixes = .nasl, .nasl3, .inc, .inc3, .nbin
use_mac_addr = no
server_info_thread_manager = fork
ntp_client_accepts_notes = yes
ntp_escape_crlf = yes
auto_enable_dependencies = yes
ntp_save_sessions = yes
server_info_os_version = 2.6.9-5.ELsmp
plugin_upload = yes
kb_restore = no
end(SERVER_PREFS)
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
