![]() ![]() Use caution when enabling Nikto and Hydra to run scans against large networks, as they will add time to your scans. Extending Nessus scans can come in handy when performing targeted scans against a small number of hosts. ConclusionīackTrack 5 will save you some time by including all of the popular tools by default, which is quicker than downloading, installing and configuring all the tools yourself. Be certain that you check "Always enable Hydra (slow)" in the Nessus configuration or Hydra will not run. ![]() You can find some sample word dictionaries in the "/pentest/dictionaries" directory on the BackTrack 5 distribution. You will need to supply your own username and password dictionaries. ![]() Menu options to configure Hydra exists in the Nessus preferences when a policy is configured: ![]() Hydra is already installed in the system path, which means it is available to Nessus "out-of-the-box" in BackTrack 5. When you configure a policy, Nikto will be available in the preferences: The final step is to re-index the Nessus plugins (/opt/nessus/sbin/nessusd -y) and restart the Nessus service (/etc/init.d/nessusd restart). This will update the path for all services run on the host, which means when you start Nessus, will be in the path. Next, add "/pentest/web/nikto" to the system path: This allows you to run the "" command from outside of the /pentest/web/nikto directory. The first step to enable Nikto is to modify "/pentest/web/nikto/" and change the "configfile" variable to "/pentest/web/nikto/nf": You can download Nikto from the CIRT web site. Nikto is a web application scanning tool that searches for misconfigurations, openly accessible web directories and a host of web application vulnerabilities. When using this configuration, keep in mind that Nessus will only test the hosts and services reported by Nmap, even if you've specified additional targets when creating the scan. For more information, see the article Using Nmap Within Nessus and the blog post Plugin Spotlight: Import Nmap XML Results Into Nessus. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |