Manualshelf

Installation guide

ManualsBrandsAbit ManualsComputer equipmentLicense Scanner
61626364656667686970
68
Automated login page
search
Gives Nessus the option to parse the login page for form options and attempt to log in
based on detected fields. This option works in conjunction with the HTTP cookies
import (plugin 42893) to simplify form-based authentication.
If more than one form is available on a web page (uncommon), use the
manual login form parameters specified above instead.
Re-authenticate delay
(seconds)
The time delay between authentication attempts. This is useful to avoid triggering brute
force lockout mechanisms.
Check authentication on
page
The URL of a protected web page that requires authentication, to better assist Nessus
in determining authentication status.
Follow 30x redirections (#
of levels)
If a 30x redirect code is received from a web server, this directs Nessus to follow the
link provided or not.
Authenticated regex
A regex pattern to look for on the login page. Simply receiving a 200 response code is
not always sufficient to determine session state. Nessus can attempt to match a given
string such as “Authentication successful!”
Invert test (disconnected if
regex matches)
A regex pattern to look for on the login page, that if found, tells Nessus authentication
was not successful (e.g., “Authentication failed!”).
Match regex on HTTP
headers
Rather than search the body of a response, Nessus can search the HTTP response
headers for a given regex pattern to better determine authentication state.
Case insensitive regex
The regex searches are case sensitive by default. This instructs Nessus to ignore
case.
Abort web application tests
if login fails
If authentication fails to the web page, further actions by the plugin will be halted.
IBM iSeries Credentials (plugin 57861) accepts a login name and password for authentication to IBM’s iSeries systems.
The ICCP/COTP TSAP Addressing (plugin 23812) menu deals specifically with SCADA checks. It determines a
Connection Oriented Transport Protocol (COTP) Transport Service Access Points (TSAP) value on an ICCP server by
trying possible values. The start and stop values are set to “8” by default.
LDAP ‘Domain Admins’ Group Membership Enumeration (plugin 58038) allows for the entry of an LDAP user and
password to be used to attempt to enumerate the members of the ‘Domain Admins’ group on an LDAP server search
base, which is identified using the LDAP Crafted Search Request Server Information Disclosure plugin (25701). The Max
Results setting limits the enumeration of users to the number entered (1,000 by default).
Login configurations (plugin 10870) allows the Nessus scanner to use credentials when testing HTTP, NNTP, FTP,
POP2, POP3 or IMAP. By supplying credentials, Nessus may have the ability to do more extensive checks to determine
vulnerabilities. HTTP credentials supplied here will be used for Basic and Digest authentication only. For configuring
credentials for a custom web application (e.g., form-based login), use the “HTTP login page” pull-down menu. Two
checkboxes are available on this page: “Never send SMB credentials in clear text” and “Only use NTLMv2”. Both of these
settings affect the security of credentials sent out during Nessus scans.
Using cleartext credentials in any fashion is not recommended! If the credentials are sent remotely, via a
Nessus scan or e-mailing a policy to another administrator, the credentials could be intercepted by anyone
with access to the network. Use encrypted authentication mechanisms whenever possible.