These cookies ensure basic functionalities and security features of the website, anonymously. As for Nmap results, sometimes other people will run Nmap scans and want to enumerate vulnerabilities, and other times you may run Nmap yourself and decide later that a vulnerability scan is required, so the ability to import the results avoids duplication of effort.Necessary cookies are absolutely essential for the website to function properly. Use caution when enabling Nikto and Hydra to run scans against large networks, as they will add time to your scans. Extending Nessus scans can come in handy when performing targeted scans against a small number of hosts. ConclusionīackTrack 5 will save you some time by including all of the popular tools by default, which is quicker than downloading, installing and configuring all the tools yourself. Be certain that you check "Always enable Hydra (slow)" in the Nessus configuration or Hydra will not run. You can find some sample word dictionaries in the "/pentest/dictionaries" directory on the BackTrack 5 distribution. You will need to supply your own username and password dictionaries. Menu options to configure Hydra exists in the Nessus preferences when a policy is configured: Click for larger image
Hydra is already installed in the system path, which means it is available to Nessus "out-of-the-box" in BackTrack 5. When you configure a policy, Nikto will be available in the preferences: Click for larger image The final step is to re-index the Nessus plugins (/opt/nessus/sbin/nessusd -y) and restart the Nessus service (/etc/init.d/nessusd restart).
This will update the path for all services run on the host, which means when you start Nessus, will be in the path. Next, add "/pentest/web/nikto" to the system path: Click for larger image This allows you to run the "" command from outside of the /pentest/web/nikto directory. The first step to enable Nikto is to modify "/pentest/web/nikto/" and change the "configfile" variable to "/pentest/web/nikto/nf": Click for larger image You can download Nikto from the CIRT web site. Nikto is a web application scanning tool that searches for misconfigurations, openly accessible web directories and a host of web application vulnerabilities. When using this configuration, keep in mind that Nessus will only test the hosts and services reported by Nmap, even if you've specified additional targets when creating the scan. For more information, see the article Using Nmap Within Nessus and the blog post Plugin Spotlight: Import Nmap XML Results Into Nessus.
0 kommentar(er)
