Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How do VA scans work technically

From: Killy <killfactory () gmail com>
Date: Wed, 9 Jul 2008 01:37:23 -0400
Nessus can ne configured to perform safe scans. It will still for blank root, as and administrator passwords under that config. 

So, it depends on your definition of exploit :)
Nessus can also be configured to prrerform brute force attacks using a hydra plugin/module 

You also perform thorough tests/scans.
I have feeling that you are wanting to if nessus and qualys operate like metasploit, canvas or other exploit frameworks.
I would say no. But nessusbis very flexible and you can customize It and create your own plugin to do just about anything. 

There is plenty of documentation and help online.

Sent from my iPod

On Jul 8, 2008, at 4:02 PM, "Aseem Kumar" <kumaraseem () gmail com> wrote:


Hey,

Can someone tell me (any weblink , any ebook, or direct answers) as to
how the VA scans like those of Qualys or Nessus work?
How do they find the vulnerabilities of a system without ever exploiting it? 

Regards
Aseem
--- --------------------------------------------------------------------- 
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
--- --------------------------------------------------------------------- 



------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in Securing Web Applications 
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: