Installation guide
75
VMware vCenter SOAP API Settings (plugin 63060) provides Nessus with the credentials required to authenticate to
VMware vCenter management systems via their own SOAP API. The API is intended to audit vCenter, not the virtual
machines running on the hosts. This authentication method can be used to perform credentialed scans or perform
compliance audits.
Wake-on-LAN (plugin 52616) controls what hosts to send WOL magic packets to before performing a scan and how long
to wait (in minutes) for the systems to boot. The list of MAC addresses for WOL is entered using an uploaded text file with
one host MAC address per line.
For example:
00:11:22:33:44:55
aa:bb:cc:dd:ee:ff
…
Web Application Tests Settings (plugin 39471) tests the arguments of the remote CGIs (Common Gateway Interface)
discovered in the web mirroring process by attempting to pass common CGI programming errors such as cross-site
scripting, remote file inclusion, command execution, traversal attacks, and SQL injection. Enable this option by selecting
the “Enable web applications tests” checkbox. These tests are dependent on the following NASL plugins:
11139, 42424, 42479, 42426, 42427, 43160 – SQL Injection (CGI abuses)
39465, 44967 – Command Execution (CGI abuses)
39466, 47831, 42425, 46193, 49067 – Cross-Site Scripting (CGI abuses: XSS)
39467, 46195, 46194 – Directory Traversal (CGI abuses)
39468 – HTTP Header Injection (CGI abuses: XSS)
39469, 42056, 42872 –File Inclusion (CGI abuses)
42055 – Format String (CGI abuses)
42423, 42054 – Server Side Includes (CGI abuses)
44136 – Cookie Manipulation (CGI abuses)
46196 – XML Injection (CGI abuses)
40406, 48926, 48927 – Error Messages
47830, 47832, 47834, 44134 – Additional attacks (CGI abuses)
Note: This list of web application related plugins is updated frequently and may not be complete. Additional plugins may
be dependent on the settings in this preference option.