My Pentest Log -20 — (A Little Tip in Nessus)

1 year ago 104
BOOK THIS SPACE FOR AD
ARTICLE AD

Greetings to all from Porte Drungari,

In this article, I would like to tell you about a small difficulty and solution I encountered on the Nessus tool.

1. The automated processes of an application belonging to the “private” company were given to me by our project manager.

2. First, I tried to observe whether the required addresses were standing by verifying the scope form, and I separated the ones that were standing and those that were not, and added them to my notes.

3. The client wanted only port 22 to be scanned on the relevant target. From this point of view, I had to configure the Nessus side to work only on port 22, but the process was not that easy.

Period:

Under normal circumstances, to scan only port 22 on Nessus, select “Basic or Advanced Scan”, then enter “Port Scanning” under the “Discovery” heading, type “22” in the “Port Scan Range” section, and then enter “Local Port Enumerators”. It was enough to select the “SSH” option on the section, but unfortunately this did not work on the relevant target (private.com).

Unfortunately, when I followed these steps and activated the Nessus scan, the scan was not happening. I started to think about what I can do and do various researches.

* I rewinded the process and noted what I wanted to do:

Scanning port 22 only

* In response to the question of what could be the problem, I created and noted the following explanation:

I only want to scan port 22, but when I did what I described in the process header, Nessus stopped working.

As a result of my research, I could not get anything clear, but I came to the following conclusion:

I clicked on the “Settigs” title under “New Scan / Advanced Scan”, then I tried to perform the scanning process for port 22 again by pulling each of the titles under “Assessment” to the “offmode one by one.

Conclusion :

As a result of this process, when I pulled the “Web Applications” header to the “off mode”, I realized that I could test the 22nd port of the relevant target without any problems.

4. I started the necessary reporting process by completing the specified Scan process without any problems by turning the “Scan Web Applications” feature to “OFF” mode.

In summary:

Sometimes we may not be able to come to a conclusion by researching the difficulties we encounter on the tools we use for automated processes, and in such cases, we can try to reach the result by trial and error method.

Read Entire Article