> 1) I'm wondering what the best practices are for troubleshooting a scan. > For example, I have noticed people setting max_checks = 1. Is there a > good how-to or methodology that others are successfully using? I know I > can manually enable/disable plugins, but with so many plugins that seems > a bit old-school. Isn't there some debugging that show exactly what is > being executed at what time, etc?
With max_checks=1, the Nessus scanner won't execute more than one plugin against a target host. This is useful if you are trying to debug which plugin may be interacting with a target at a certain time, but not ideal. Also, you didn't specify what you were trying to discover. Did Nessus miss something? If you are not performing client side audits, using a sniffer to how Nessus interacts with a host is very informative. > 2) I would like to know exactly which plugins were executed against a > host. This is the immediate problem I need to solve. I enabled logging > and debugging, but I don't see all the plugins listed in the debug file > that ran. For example, the MS SQL Server Brute Force plugin ran, but no > output or information was found in the debug file. I am always curious why Nessus users need this sort of information for understanding the output of a scan, or perhaps to show management that they indeed performed a full audit. If a plugin didn't get logged, then it didn't run. The MS SQL Brute Force plugin depends on Hydra and will immediately exit if Hydra is not configured or available in the path. If you want to test specific plugins and their settings, I suggest saving the KB from a Nessus scan and then using the 'nasl' command line tool to test them out as referenced in this blog entry: http://blog.tenablesecurity.com/2007/06/using-the-nasl-.html Ron Gula Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
