Ethical Hacking and Penetration Testing Guide
Yüklə 22,44 Mb. Pdf görüntüsü
|
|
Port Range
By default, nessus will perform a scan from ports 1–1024, but this, in my opinion, should not be set to default, because lots of administrative consoles and web services run on ports higher than 1024, This may lead to missing many vulnerabilities. So it’s recommended you check for all ports by changing the “default” keyword to “all”. This process may take more time, but will help in finding additional vulnerabilities. Credentials On the left sidebar, you will see “Credentials” options, which allow you to specify OS IDs, SMB, FTP, HTTP, and other credentials. This can help you perform an in-depth analysis with Nessus. Most of the time, you would not have access to these credentials, unless you are in a corporate environment. Plug-Ins The third option that you will see is for “plug-ins,” which will tell nessus what type of vulnerabili- ties it shall look for. The plug-ins are coded in “Nessus Attack Scripting Language.” Learning it will help you code your own plug-ins or modify existing ones. 130 ◾ Ethical Hacking and Penetration Testing Guide From this screenshot, you can clearly see that nessus contains a huge list of plug-ins. However, we want to disable the “Denial of service” plug-in, since we don’t want to knock targets offline while performing the scan. Also, I would recommend you to be specific about the plug-ins and deselect certain checks that may not be useful for scanning. For example, if you are scanning against a Windows machine, you don’t need Fedora, Freebsd, and other checks enabled. Preferences There are a lot of preferences in Nessus that you can customize to handle different types of contents. The “Nessus User Guide” lists the important preferences you should be using. Once you are done with it, click on the “Submit” button. This will save your policy. Yüklə 22,44 Mb. Dostları ilə paylaş:
|