Nessus扫描设置

本文描述的是关于Nessus的扫描设置,是基于Nessus官方文档进行的翻译,仅包含New Scan--Advanced Scan中的选项。

本文基于Nessus8.4的Home版本,官方文档原文链接:https://docs.tenable.com/nessus/Content/GettingStarted.htm

 

Basic基础设置
General常规设置
   
Setting Default Value Description
Targets目标 None Specifies one or more targets to be scanned. If you select a target group or upload a targets file, you are not required to specify additional targets.
Targets can be specified using a number of different formats.
Tip: You can force Nessus to use a given host name for a server during a scan by using the hostname[ip] syntax (e.g., www.example.com[192.168.1.1]).
指定要扫描的一个或多个目标。如果选择目标组或上载目标文件,则无需指定其他目标。
可以使用多种不同格式指定目标。
提示:您可以使用hostname [ip]语法(例如,www.example.com [192.168.1.1])强制Nessus在扫描期间使用服务器的给定主机名。
Upload Targets
上传目标文件
None Uploads a text file that specifies targets.
The targets file must be formatted in the following manner:
    ASCII file format
    Only one target per line
    No extra spaces at the end of a line
    No extra lines following the last target
Note: Unicode/UTF-8 encoding is not supported.
上传指定目标的文本文件。
目标文件必须按以下方式格式化:
    ASCII文件格式
    每行只有一个目标
    一行末尾没有多余的空格
    最后一个目标后没有额外的行
注意:不支持Unicode / UTF-8编码。
     
DISCOVERY探索
Host Discovery主机探索
   
Setting Default Value Description
Ping the remote host
Ping远程主机
  On This option enables Nessus to ping remote hosts on multiple ports to determine if they are alive. When set to On, General Settings and Ping Methods appear.
Note: To scan VMware guest systems, Ping the remote host must be set to Off.
此选项使Nessus能够对多个端口上的远程主机执行ping操作,以确定它们是否处于活动状态。设置为“开”时,将显示“常规设置”和“Ping方法”。
注意:要扫描VMware guest虚拟机系统,必须将Ping远程主机设置为Off。
Use Fast Network Discovery
使用快速网络发现
Disabled If a host responds to ping, Nessus attempts to avoid false positives, performing additional tests to verify the response did not come from a proxy or load balancer. Fast network discovery bypasses those additional tests.
如果主机响应ping,Nessus会尝试避免误报,执行其他测试以验证响应不是来自代理或负载均衡器。快速网络发现绕过了这些额外的测试。
ARP Enabled Ping a host using its hardware address via Address Resolution Protocol (ARP). This only works on a local network.
通过地址解析协议(ARP)使用其硬件地址对主机进行Ping操作。这仅适用于本地网络。
TCP Enabled Ping a host using TCP.
使用TCP ping主机。
Destination ports (TCP) Built-In Destination ports can be configured to use specific ports for TCP ping. This specifies the list of ports that are checked via TCP ping.
可以将此项配置为使用特定端口进行TCP ping。这指定了通过TCP ping检查的端口列表。
ICMP Enabled Ping a host using the Internet Control Message Protocol (ICMP).
使用Internet控制消息协议(ICMP)ping主机。
Assume ICMP unreachable from the gateway means the host is down
假设从网关无法访问ICMP意味着主机已关闭
Disabled Assume ICMP unreachable from the gateway means the host is down When a ping is sent to a host that is down, its gateway may return an ICMP unreachable message. When this option is enabled, when Nessus receives an ICMP Unreachable message, it considers the targeted host dead. This is to help speed up discovery on some networks.
Note: Some firewalls and packet filters use this same behavior for hosts that are up, but connected to a port or protocol that is filtered. With this option enabled, this leads to the scan considering the host is down when it is indeed up.
假设从网关无法访问ICMP,意味着当ping发送到已关闭的主机时主机已关闭,其网关可能会返回ICMP Unreachable消息。启用此选项后,当Nessus收到ICMP Unreachable消息时,它会认为目标主机已关闭。这有助于加速某些网络的发现。
注意:某些防火墙和数据包筛选器对已启动但连接到已过滤的端口或协议的主机使用相同的行为。启用此选项后,会导致扫描器认为主机已经关闭,即使主机是确实启动的。
Maximum number of retries
最大重试次数
2 Specifies the number of attempts to retry pinging the remote host.
指定重试ping远程主机的尝试次数。
UDP Disabled Ping a host using the User Datagram Protocol (UDP).
UDP is a stateless protocol, meaning that communication is not performed with handshake dialogues. UDP-based communication is not always reliable, and because of the nature of UDP services and screening devices, they are not always remotely detectable.
使用用户数据报协议(UDP)ping主机。
UDP是无状态协议,意味着不使用握手对话进行通信。基于UDP的通信并不总是可靠的,并且由于UDP服务和筛选设备的性质,它们并不总是可远程检测到的。
Scan Network Printers
扫描网络打印机
Disabled When enabled, Nessus scans network printers.
启用后,Nessus会扫描网络打印机。
Scan Novell Netware hosts
扫描Novell Netware主机
Disabled When enabled, Nessus scans Novell NetWare hosts.
启用后,Nessus将扫描Novell NetWare主机。
Scan Operational Technology devices
扫描操作技术设备
Disabled When enabled, Nessus performs a full scan of Operational Technology (OT) devices such as programmable logic controllers (PLCs) and remote terminal units (RTUs) that monitor environmental factors and the activity and state of machinery. When disabled, Nessus uses ICS/SCADA Smart Scanning to cautiously identify OT devices and stops scanning them once they are discovered.
启用后,Nessus会对可操作技术(OT)设备进行全面扫描,例如可编程逻辑控制器(PLC)和远程终端设备(RTU),用于监控环境因素以及机器的活动和状态。禁用时,Nessus使用ICS / SCADA智能扫描小心的识别OT设备,并在发现OT设备后停止扫描。
List of MAC Addresses
MAC地址列表
None The Wake-on-LAN (WOL) menu controls which hosts to send WOL magic packets to before performing a scan.
Hosts that you want to start prior to scanning are provided by uploading a text file that lists one MAC address per line.
For example:
33:24:4C:03:CC:C7
FF:5C:2C:71:57:79
Wake-on-LAN(WOL)菜单控制在执行扫描之前将WOL magic packets发送到哪个主机。
通过上载每行列出一个MAC地址的文本文件来提供要在扫描之前启动的主机。
例如:
33:24:4C:03:CC:C7
FF:5C:2C:71:57:79
Boot time wait (in minutes)
启动时间等待(以分钟为单位)
5 The amount of time to wait for hosts to start before performing the scan.
在执行扫描之前等待主机启动的时间。
     
DISCOVERY探索
Port Scanning端口扫描
   
Consider Unscanned Ports as Closed
将未扫描端口视为已关闭
Disabled If a port is not scanned with a selected port scanner (for example, the port falls outside of the specified range), Nessus considers it closed.
如果使用选定的端口扫描程序没有扫描这些端口(例如,端口超出指定范围),Nessus会认为它已关闭。
Port Scan Range
端口扫描范围
Default Two keywords can be typed into the Port scan range box.
    default instructs Nessus to scan approximately 4,790 commonly used ports. The list of ports can be found in the nessus-services file.
    all instructs Nessus to scan all 65,536 ports, including port 0.
Additionally, you can type a custom range of ports by using a comma-delimited list of ports or port ranges. For example, 21,23,25,80,110 or 1-1024,8080,9000-9200. If you wanted to scan all ports excluding port 0, you would type 1-65535.
The custom range specified for a port scan is applied to the protocols you have selected in the Network Port Scanners group of settings.
If scanning both TCP and UDP, you can specify a split range specific to each protocol. For example, if you want to scan a different range of ports for TCP and UDP in the same policy, you would type T:1-1024,U:300-500.
You can also specify a set of ports to scan for both protocols, as well as individual ranges for each separate protocol. For example, 1-1024,T:1024-65535,U:1025.
可以在“端口扫描范围”框中键入两个关键字。
    default表示Nessus扫描大约4,790个常用端口。可以在nessus-services文件中找到端口列表。
    all表示Nessus扫描所有65,536个端口,包括端口0。
此外,您可以使用逗号分隔的端口或端口范围列表来键入自定义端口范围。例如,21,23,25,80,110或1-1024,8080,9000-9200。如果要扫描除端口0之外的所有端口,请键入1-65535。
为端口扫描指定的自定义范围将应用于您在“网络端口扫描程序”设置组中选择的协议。
如果同时扫描TCP和UDP,则可以指定特定于每个协议的分割范围。例如,如果要在同一策略中扫描TCP和UDP的不同端口范围,则应键入T:1-1024,U:300-500。
您还可以指定一组端口来扫描这两种协议,以及每个单独协议的各个范围。例如,1-1024,T:1024-65535,U:1025。
SSH (netstat) Enabled This option uses netstat to check for open ports from the local machine. It relies on the netstat command being available via an SSH connection to the target. This scan is intended for Linux-based systems and requires authentication credentials.
此选项使用netstat检查本地计算机的开放端口。它依赖于通过SSH连接到目标的netstat命令。此扫描适用于基于Linux的系统,需要身份验证凭据。
WMI (netstat) Enabled A WMI-based scan uses netstat to determine open ports.
Note: If enabled, any custom range typed in the Port Scan Range box is ignored.
If any port enumerator (netstat or SNMP) is successful, the port range becomes all. Nessus still treats unscanned ports as closed if the Consider unscanned ports as closed check box is selected.
基于WMI的扫描使用netstat来确定开放端口。
注意:如果启用,则会忽略在“端口扫描范围”框中键入的任何自定义范围。
如果任何端口枚举器(netstat或SNMP)成功,则端口范围将变为全部。如果选中“将未扫描的端口视为已关闭”复选框,则Nessus仍会将未扫描的端口视为已关闭。
SNMP Enabled When enabled, if the appropriate credentials are provided by the user, Nessus can better test the remote host and produce more detailed audit results. For example, there are many Cisco router checks that determine the vulnerabilities present by examining the version of the returned SNMP string. This information is necessary for these audits.
启用后,如果用户提供了相应的凭据,Nessus可以更好地测试远程主机并生成更详细的审计结果。例如,有许多Cisco路由器检查通过检查返回的SNMP字符串的版本来确定存在的漏洞。这些信息对于这些审核是必要的。
Only run network port scanners if local port enumeration failed
如果本地端口枚举失败,则仅运行网络端口扫描程序
Enabled Rely on local port enumeration first before relying on network port scans.
在依赖网络端口扫描之前,首先依靠本地端口枚举。
Verify open TCP ports found by local port enumerators
验证本地端口枚举器找到的开放TCP端口
Disabled If a local port enumerator (e.g., WMI or netstat) finds a port, Nessus also verifies that it is open remotely. This helps determine if some form of access control is being used (e.g., TCP wrappers, firewall).
如果本地端口枚举器(例如,WMI或netstat)找到端口,Nessus还会验证它是否是远程打开的。这有助于确定是否正在使用某种形式的访问控制(例如,TCP包装器,防火墙)。
SYN Enabled Use the Nessus SYN scanner to identify open TCP ports on the target hosts. SYN scans are generally considered to be less intrusive than TCP scans depending on the security monitoring device, such as a firewall or Intrusion Detection System (IDS). The scanner sends a SYN packet to the port, waits for SYN-ACK reply, and determines the port state based on a reply or lack of reply.
使用Nessus SYN扫描程序识别目标主机上的开放TCP端口。根据安全监控设备(例如防火墙或入侵检测系统(IDS)),SYN扫描通常被认为比TCP扫描侵入的更少。扫描器向端口发送SYN数据包,等待SYN-ACK应答,并根据回复或没有回复确定端口状态。
Override automatic firewall detection
覆盖自动防火墙检测
Disabled When enabled, this setting overrides automatic firewall detection.
This setting has three options:
    Use aggressive detection attempts to run plugins even if the port appears to be closed. It is recommended that this option not be used on a production network.
    Use soft detection disables the ability to monitor how often resets are set and to determine if there is a limitation configured by a downstream network device.
    Disable detection disables the Firewall detection feature.
This description also applies to the Override automatic firewall detection setting that is available following SYN.
启用后,此设置将覆盖自动防火墙检测。
此设置有三个选项:
    Use aggressive detection即使端口似乎已关闭,也要使用积极的检测尝试来运行插件。建议不要在生产网络上使用此选项。
   
Use soft detection使用软检测会禁用监视重置设置频率的能力,并确定下游网络设备是否配置了限制。
   
Disable detection禁用检测会禁用防火墙检测功能。
此说明也适用于SYN之后可用的覆盖自动防火墙检测设置。
UDP Disabled This option engages Nessus built-in UDP scanner to identify open UDP ports on the targets.
Due to the nature of the protocol, it is generally not possible for a port scanner to tell the difference between open and filtered UDP ports. Enabling the UDP port scanner may dramatically increase the scan time and produce unreliable results. Consider using the netstat or SNMP port enumeration options instead if possible.
由于协议的性质,端口扫描程序通常不可能分辨打开和过滤的UDP端口之间的区别。启用UDP端口扫描程序可能会大大增加扫描时间并产生不可靠的结果。如果可能,请考虑使用netstat或SNMP端口枚举选项。
     
DISCOVERY探索
Service Discovery服务探索
   
Probe all ports to find services
探测所有端口以查找服务
Enabled Attempts to map each open port with the service that is running on that port.
Caution: In some rare cases, probing might disrupt some services and cause unforeseen side effects.
尝试使用该端口上运行的服务映射每个打开的端口。
注意:在极少数情况下,探测可能会破坏某些服务并导致无法预料的副作用。
Search for SSL based services
搜索基于SSL的服务
On Controls how Nessus will test SSL-based services.
Caution: Testing for SSL capability on all ports may be disruptive for the tested host.
控制Nessus如何测试基于SSL的服务。
注意:在所有端口上测试SSL功能可能会对测试主机造成破坏。
Search for SSL/TLS on Known SSL/TLS ports This setting has two options:
    Known SSL/TLS ports
    All ports
Identify certificates expiring within x days
识别在x天内到期的证书
60 Identifies SSL and TLS certificates that are within the specified number of days of expiring.
标识在到期的指定天数内的SSL和TLS证书。
Enumerate all SSL ciphers
枚举所有SSL密码
TRUE When enabled, Nessus ignores the list of ciphers advertised by SSL/TLS services and enumerates them by attempting to establish connections using all possible ciphers.
启用后,Nessus会忽略SSL / TLS服务公布的密码列表,并通过尝试使用所有可能的密码建立连接来枚举它们。
Enable CRL checking (connects to internet)
启用CRL检查(连接到Internet)
FALSE When enabled, Nessus checks that none of the identified certificates have been revoked.
启用后,Nessus会检查是否已撤消所有已标识的证书。
     
Assessment评估
General常规设置
   
Override normal Accuracy
覆盖正常的准确度
Disabled In some cases, Nessus cannot remotely determine whether a flaw is present or not. If report paranoia is set to Show potential false alarms then a flaw is reported every time, even when there is a doubt about the remote host being affected. Conversely, a paranoia setting of Avoid potential false alarms causes Nessus to not report any flaw whenever there is a hint of uncertainty about the remote host. Not enabling Override normal accuracy is a middle ground between these two settings.
在某些情况下,Nessus无法远程确定是否存在缺陷。如果将报告设置为显示潜在的错误警报,则每次都会报告一个缺陷,即使对远程主机受到影响存在疑问也是如此。相反,避免潜在误报的设置会导致Nessus在远程主机存在一些不确定性时不报告任何缺陷。不启用覆盖正常精度是这两个设置之间的中间环节。
Perform thorough tests (may disrupt your network or impact scan speed)
执行全面测试(可能会破坏您的网络或影响扫描速度)
Disabled Causes various plugins to work harder. For example, when looking through SMB file shares, a plugin can analyze 3 directory levels deep instead of 1. This could cause much more network traffic and analysis in some cases. By being more thorough, the scan is more intrusive and is more likely to disrupt the network, while potentially providing better audit results.
使各种插件更加努力工作。例如,在查看SMB文件共享时,插件可以深入分析3个目录级别而不是1。在某些情况下,这可能会导致更多的网络流量和分析。扫描更彻底,更具侵入性,更有可能破坏网络,同时可能提供更好的审计结果。
Antivirus definition grace period (in days)
防病毒定义宽限期(以天为单位)
0 Configure the delay of the Antivirus software check for a set number of days (0-7). The Antivirus Software Check menu allows you to direct Nessus to allow for a specific grace time in reporting when antivirus signatures are considered out of date. By default, Nessus considers signatures out of date regardless of how long ago an update was available (e.g., a few hours ago). This can be configured to allow for up to 7 days before reporting them out of date.
配置防病毒软件检查的延迟天数(0-7)。 “防病毒软件检查”菜单允许您指示Nessus在报告防病毒签名过期时允许特定的宽限时间。默认情况下,Nessus认为签名已过期,无论多久以前有可用的更新(例如,几小时前)。这可以配置为允许最多7天,然后报告它们过期。
Third party domain
第三方域名
  Nessus attempts to send spam through each SMTP device to the address listed in this field. This third party domain address must be outside the range of the site being scanned or the site performing the scan. Otherwise, the test may be aborted by the SMTP server.
Nessus尝试通过每个SMTP设备将垃圾邮件发送到此字段中列出的地址。此第三方域地址必须在扫描的站点范围或执行扫描的站点之外。否则,SMTP服务器可能会中止测试。
From address   The test messages sent to the SMTP server(s) appear as if they originated from the address specified in this field.
发送到SMTP服务器的测试邮件看起来好像来自此字段中指定的地址。
To address   Nessus attempts to send messages addressed to the mail recipient listed in this field. The postmaster address is the default value since it is a valid address on most mail servers.
Nessus尝试发送发送到此字段中列出的邮件收件人的邮件。邮局主管地址是默认值,因为它是大多数邮件服务器上的有效地址。
     
Assessment评估
Brute Force暴力破解
   
Only use credentials provided by the user
仅使用用户提供的凭据
Enabled In some cases, Nessus can test default accounts and known default passwords. This can cause the account to be locked out if too many consecutive invalid attempts trigger security protocols on the operating system or application. By default, this setting is enabled to prevent Nessus from performing these tests.
在某些情况下,Nessus可以测试默认帐户和已知的默认密码。如果连续多次无效尝试触发操作系统或应用程序上的安全协议,则可能导致帐户被锁定。默认情况下,启用此设置以阻止Nessus执行这些测试。
Test default accounts (slow)
测试默认帐户(慢)
Disabled Test for known default accounts in Oracle software.
测试Oracle软件中的已知默认帐户。
Hydra(可以设置,现在没展示)   Hydra选项仅在Hydra与扫描仪或执行扫描的代理程序安装在同一台计算机上时出现。
     
Assessment评估
Web ApplicationsWeb应用程序
   
Use a custom User-Agent
使用自定义用户代理
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Specifies which type of web browser Nessus impersonates while scanning.
指定Nessus在扫描时模拟的Web浏览器类型。
Start crawling from
从哪儿开始抓取
/ The URL of the first page that is tested. If multiple pages are required, use a colon delimiter to separate them (e.g., /:/php4:/base).
测试的第一个页面的URL。如果需要多个页面,请使用冒号分隔符将它们分开(例如,/:/ php4:/ base)。
Excluded pages (regex)
排除页面(正则表达式)
/server_privileges\.php <> log out Specifies portions of the web site to exclude from being crawled. For example, to exclude the /manual directory and all Perl CGI, set this field to: (^/manual) <> (\.pl(\?.*)?$).
Nessus supports POSIX regular expressions for string matching and handling, as well as Perl-compatible regular expressions (PCRE).
指定要从中进行爬网的部分网站。例如,要排除/ manual目录和所有Perl CGI,请将此字段设置为:(^ / manual)<>(\ .pl(\?。*)?$)。
Nessus支持用于字符串匹配和处理的POSIX正则表达式,以及与Perl兼容的正则表达式(PCRE)。
Maximum pages to crawl
要抓取的最大页面数
1000 The maximum number of pages to crawl.
要爬网的最大页数。
Maximum depth to crawl
最大爬行深度
6 Limit the number of links Nessus follows for each start page.
限制Nessus为每个起始页面所遵循的链接数量。
Follow dynamic pages
关注动态页面
Disabled If selected, Nessus follows dynamic links and may exceed the parameters set above.
如果选中,Nessus将遵循动态链接,并且可能超出上面设置的参数。
Enable generic web application tests
启用通用Web应用程序测试
Disabled Enables the options listed below.
启用下面列出的选项。
Abort web application tests if HTTP login fails
如果HTTP登录失败,则中止Web应用程序测试
Disabled If Nessus cannot log in to the target via HTTP, then do not run any web application tests.
如果Nessus无法通过HTTP登录目标,则不要运行任何Web应用程序测试。
Try all HTTP methods
尝试所有HTTP方法
Disabled This option instructs Nessus to also use POST requests for enhanced web form testing. By default, the web application tests only use GET requests, unless this option is enabled. Generally, more complex applications use the POST method when a user submits data to the application. This setting provides more thorough testing, but may considerably increase the time required. When selected, Nessus tests each script or variable with both GET and POST requests. This setting provides more thorough testing, but may considerably increase the time required.
此选项指示Nessus还使用POST请求进行增强的Web表单测试。默认情况下,Web应用程序仅测试使用GET请求,除非启用此选项。通常,当用户向应用程序提交数据时,更复杂的应用程序使用POST方法。此设置提供更全面的测试,但可能会大大增加所需的时间。选中后,Nessus会使用GET和POST请求测试每个脚本或变量。此设置提供更全面的测试,但可能会大大增加所需的时间。
Attempt HTTP Parameter Pollution
尝试HTTP参数污染
Disabled When performing web application tests, attempt to bypass filtering mechanisms by injecting content into a variable while also supplying the same variable with valid content. For example, a normal SQL injection test may look like /target.cgi?a='&b=2. With HTTP Parameter Pollution (HPP) enabled, the request may look like /target.cgi?a='&a=1&b=2.
执行Web应用程序测试时,尝试通过将内容注入变量并同时向同一变量提供有效内容来绕过过滤机制。例如,正常的SQL注入测试可能看起来像/target.cgi?a='&b=2。启用HTTP参数污染(HPP)后,请求可能看起来像/target.cgi?a='&a=1&b=2。
Test embedded web servers
测试嵌入式Web服务器
Disabled Embedded web servers are often static and contain no customizable CGI scripts. In addition, embedded web servers may be prone to crash or become non-responsive when scanned. Tenable recommends scanning embedded web servers separately from other web servers using this option.
嵌入式Web服务器通常是静态的,不包含可自定义的CGI脚本。此外,嵌入式Web服务器在扫描时可能容易崩溃或无响应。 Tenable建议使用此选项将嵌入式Web服务器与其他Web服务器分开扫描。
Test more than one parameter at a time per form
每个表单一次测试多个参数--详细翻译在下面
Disabled This setting manages the combination of argument values used in the HTTP requests. The default, without checking this option, is testing one parameter at a time with an attack string, without trying non-attack variations for additional parameters. For example, Nessus would attempt
/test.php?arg1=XSS&b=1&c=1, where b and c allow other values, without testing each combination. This is the quickest method of testing with the smallest result set generated.
This setting has four options:
    Test random pairs of parameters: This form of testing randomly checks a combination of random pairs of parameters. This is the fastest way to test multiple parameters.
    Test all pairs of parameters (slow): This form of testing is slightly slower but more efficient than the one value test. While testing multiple parameters, it tests an attack string, variations for a single variable and then use the first value for all other variables. For example, Nessus would attempt /test.php?a=XSS&b=1&c=1&d=1 and then cycle through the variables so that one is given the attack string, one is cycled through all possible values (as discovered during the mirror process) and any other variables are given the first value. In this case, Nessus would never test for /test.php?a=XSS&b=3&c=3&d=3 when the first value of each variable is 1.
    Test random combinations of three or more parameters (slower): This form of testing randomly checks a combination of three or more parameters. This is more thorough than testing only pairs of parameters. Increasing the amount of combinations by three or more increases the web application test time.
    Test all combinations of parameters (slowest): This method of testing checks all possible combinations of attack strings with valid input to variables. Where all pairs testing seeks to create a smaller data set as a tradeoff for speed, all combinations makes no compromise on time and uses a complete data set of tests. This testing method may take a long time to complete.
上面的翻译 上面的翻译 此设置管理HTTP请求中使用的参数值的组合。默认情况下,不选择此选项,是使用攻击字符串一次测试一个参数,而不尝试其他参数的非攻击变体。例如,Nessus会尝试/test.php?arg1=XSS&b=1&c=1,其中b和c允许其他值,而不测试每个组合。这是使用生成的最小结果集进行测试的最快方法。
此设置有四个选项:
    Test random pairs of parameters测试随机参数对:这种形式的测试随机检查随机参数对的组合。这是测试多个参数的最快方法。
    Test all pairs of parameters (slow)测试所有参数对(慢):这种形式的测试比单值测试稍慢但效率更高。在测试多个参数时,它会测试攻击字符串,单个变量的变体,然后对所有其他变量使用第一个值。例如,Nessus将尝试/test.php?a=XSS&b=1&c=1&d=1然后循环遍历变量,以便为一个人提供攻击字符串,一个循环遍历所有可能的值(在镜像过程中发现)并且任何其他变量都给出第一个值。在这种情况下,当每个变量的第一个值为1时,Nessus永远不会测试/test.php?a=XSS&b=3&c=3&d=3。
    Test random combinations of three or more parameters (slower)测试三个或更多参数的随机组合(较慢):这种测试形式随机检查三个或更多参数的组合。这比仅测试成对参数更彻底。将组合数量增加三个或更多会增加Web应用程序的测试时间。
    Test all combinations of parameters (slowest)测试所有参数组合(最慢):这种测试方法检查所有可能的攻击字符串组合以及对变量的有效输入。如果所有对测试都试图创建一个较小的数据集作为速度的权衡,那么所有组合都不会在时间上妥协,并使用完整的测试数据集。该测试方法可能需要很长时间才能完成。
Do not stop after first flaw is found per web page
每个网页发现第一个漏洞后不要停止
Disabled This setting determines when a new flaw is targeted. This applies at the script level. Finding an XSS flaw does not disable searching for SQL injection or header injection, but unless otherwise specified, there is at most one report for each type on a given port. Note that several flaws of the same type (e.g., XSS, SQLi, etc.) may be reported if they were caught by the same attack.
This setting has three options:
    Stop after one flaw is found per web server (fastest): As soon as a flaw is found on a web server by a script, Nessus stops and switches to another web server on a different port.
    Stop after one flaw is found per parameter (slow): As soon as one type of flaw is found in a parameter of a CGI (e.g., XSS), Nessus switches to the next parameter of the same CGI, the next known CGI, or to the next port or server.
    Look for all flaws (slowest): Perform extensive tests regardless of flaws found. This option can produce a very verbose report and is not recommend in most cases.
此设置决定何时确定新的缺陷。这适用于脚本级别。查找XSS缺陷不会禁用搜索SQL注入或标头注入,但除非另有说明,否则给定端口上的每种类型最多只有一个报告。请注意,如果相同的攻击捕获了相同类型的几个缺陷(例如,XSS,SQLi等),则可能会报告这些缺陷。
此设置有三个选项:
    Stop after one flaw is found per web server (fastest)在每个Web服务器发现一个缺陷后停止(最快):一旦脚本在Web服务器上发现缺陷,Nessus就会停止并切换到另一个端口上的另一个Web服务器。
    Stop after one flaw is found per parameter (slow)在每个参数找到一个缺陷后停止(慢):只要在CGI的参数中找到一种类型的缺陷(例如,XSS),Nessus就切换到相同CGI的下一个参数,即下一个已知的CGI,或者到下一个端口或服务器。
    Look for all flaws (slowest)寻找所有缺陷(最慢):无论发现什么缺陷,都要进行大量测试。此选项可以生成非常详细的报告,在大多数情况下不建议使用。
URL for Remote File Inclusion
远程文件包含的URL
http://rfi.nessus.org/rfi.txt During Remote File Inclusion (RFI) testing, this setting specifies a file on a remote host to use for tests. By default, Nessus uses a safe file hosted by Tenable, Inc. for RFI testing. If the scanner cannot reach the internet, you can use an internally hosted file for more accurate RFI testing.
If the target(s) being scanned cannot reach the Internet, the default URL can be replaced by an internally hosted file. The file must contain PHP source code that displays "NessusCodeExecTest" when executed.
在远程文件包含(RFI)测试期间,此设置指定远程主机上用于测试的文件。默认情况下,Nessus使用Tenable,Inc。托管的安全文件进行RFI测试。如果扫描仪无法访问互联网,您可以使用内部托管的文件进行更准确的RFI测试。
如果正在扫描的目标无法访问Internet,则可以使用内部托管文件替换默认URL。该文件必须包含PHP源代码,在执行时显示“NessusCodeExecTest”。
Maximum run time (min)
最长运行时间(分钟)
5 This option manages the amount of time in minutes spent performing web application tests. This option defaults to 60 minutes and applies to all ports and CGIs for a given website. Scanning the local network for web sites with small applications typically completes in under an hour, however web sites with large applications may require a higher value.
This limit refers to the maximum amount of time spent attempting each individual generic web attack type (e.g., XSS, SQL injection).
此选项管理执行Web应用程序测试所花费的时间(以分钟为单位)。此选项默认为60分钟,适用于给定网站的所有端口和CGI。扫描本地网络以寻找具有小型应用程序的网站通常在一小时内完成,但是具有大型应用程序的网站可能需要更高的值。
此限制是指尝试每个通用Web攻击类型(例如,XSS,SQL注入)所花费的最长时间。
     
Assessment评估
Windows
   
Request information about the SMB Domain
请求有关SMB域的信息
Enabled If enabled, domain users are queried instead of local users.
如果启用,则会查询域用户而不是本地用户。
Start UID 1000 The beginning of a range of IDs where Nessus attempts to enumerate domain users.
Nessus尝试枚举域用户的一系列ID的开头。
End UID 1200 The end of a range of IDs where Nessus attempts to enumerate domain users.
Nessus尝试枚举域用户的一系列ID的结尾。
Start UID 1000 The beginning of a range of IDs where Nessus attempts to enumerate local users.
Nessus尝试枚举本地用户的一系列ID的开头。
End UID 1200 The end of a range of IDs where Nessus attempts to enumerate local users.
Nessus尝试枚举本地用户的一系列ID的结尾。
     
Assessment评估
Malware恶意软件
   
Disable DNS resolution
禁用DNS解析
Disabled Checking this option prevents Nessus from using the cloud to compare scan findings against known malware.
选中此选项可防止Nessus使用云将扫描结果与已知恶意软件进行比较。
Custom Netstat IP Threat List
自定义Netstat IP威胁列表
None A text file that contains a list of known bad IP addresses that you want to detect.
Each line in the file must begin with an IPv4 address. Optionally, you can add a description by adding a comma after the IP address, followed by the description. You can also use hash-delimited comments (e.g., #) in addition to comma-delimited comments.
一个包含你要检测的已知错误IP地址列表的文本文件。
文件中的每一行必须以IPv4地址开头。 (可选)您可以通过在IP地址后添加逗号来添加说明,然后添加说明。除了逗号分隔的注释之外,您还可以使用散列分隔的注释(例如#)。
Provide your own list of known bad MD5 hashes
提供您自己的已知坏MD5哈希列表
None Additional known bad MD5 hashes can be uploaded via a text file that contains one MD5 hash per line. Optionally, you can include a description for a hash by adding a comma after the hash, followed by the description. If any matches are found when scanning a target, the description appears in the scan results. Hash-delimited comments (e.g., #) can also be used in addition to the comma-delimited ones.
可以通过每行包含一个MD5哈希的文本文件上载其他已知的坏MD5哈希值。 (可选)您可以通过在哈希后添加逗号来包含哈希的描述,然后是描述。如果在扫描目标时找到任何匹配项,则说明将显示在扫描结果中。除了以逗号分隔的注释之外,还可以使用散列分隔的注释(例如,#)。
Provide your own list of known good MD5 hashes
提供您自己的已知良好MD5哈希列表
None Additional known good MD5 hashes can be uploaded via a text file that contains one MD5 hash per line. It is possible to (optionally) add a description for each hash in the uploaded file. This is done by adding a comma after the hash, followed by the description. If any matches are found when scanning a target, and a description was provided for the hash, the description appears in the scan results. Standard hash-delimited comments (e.g., # ) can optionally be used in addition to the comma-delimited ones.
可以通过每行包含一个MD5哈希的文本文件上载其他已知的良好MD5哈希值。可以(可选)为上载文件中的每个哈希添加描述。这是通过在哈希之后添加逗号,然后是描述来完成的。如果在扫描目标时找到任何匹配项,并且已为散列提供说明,则说明将显示在扫描结果中。除了逗号分隔的注释之外,可以可选地使用标准的散列分隔的注释(例如,#)。
Hosts file whitelist
主机文件白名单
None Nessus checks system hosts files for signs of a compromise (e.g., Plugin ID 23910 titled Compromised Windows System (hosts File Check)). This option allows you to upload a file containing a list of IPs and hostnames to be ignored by Nessus during a scan. Include one IP and one hostname (formatted identically to your hosts file on the target) per line in a regular text file.
Nessus检查系统主机文件是否存在危害迹象(例如,标题为Compromised Windows System的插件ID 23910(主机文件检查))。此选项允许您上载包含Nessus在扫描期间忽略的IP和主机名列表的文件。在常规文本文件中每行包含一个IP和一个主机名(格式与目标上的主机文件格式相同)。
Yara Rules File
Yara规则文件
None A .yar file containing the YARA rules to be applied in the scan. You can only upload one file per scan, so include all rules in a single file. For more information, see yara.readthedocs.io.
包含要在扫描中应用的YARA规则的.yar文件。每次扫描只能上传一个文件,因此请在一个文件中包含所有规则。有关更多信息,请参阅yara.readthedocs.io。
Scan file system
扫描文件系统
Off Turning on this option allows you to scan system directories and files on host computers.
Caution: Enabling this setting in scans targeting 10 or more hosts could result in performance degradation.
启用此选项可以扫描主机上的系统目录和文件。
警告:在针对10个或更多主机的扫描中启用此设置可能会导致性能下降。
Scan %Systemroot% Off Enables file system scanning to scan %Systemroot%.
启用文件系统扫描以扫描%Systemroot%。
Scan %ProgramFiles% Off Enables file system scanning to scan %ProgramFiles%.
启用文件系统扫描以扫描%ProgramFiles%。
Scan %ProgramFiles(x86)% Off Enables file system scanning to scan %ProgramFiles(x86)%.
允许文件系统扫描扫描%ProgramFiles(x86)%。
Scan %ProgramData% Off Enables file system scanning to scan %ProgramData%.
启用文件系统扫描以扫描%ProgramData%。
Scan User Profiles Off Enables file system scanning to scan user profiles.
启用文件系统扫描以扫描用户配置文件。
Custom Filescan Directories None A custom file that lists directories to be scanned by malware file scanning. List each directory on one line.
一个自定义文件,列出要通过恶意软件文件扫描进行扫描的目录。每一行列出一个目录。
     
Report报告    
Override normal verbosity
覆盖正常的详细程度
Disabled This setting has two options:
    I have limited disk space. Report as little information as possible: Provides less information about plugin activity in the report to minimize impact on disk space.
    Report as much information as possible: Provides more information about plugin activity in the report.
此设置有两个选项:
    我的磁盘空间有限。报告尽可能少的信息:提供有关报告中插件活动的较少信息,以最大限度地减少对磁盘空间的影响。
    尽可能多地报告信息:在报告中提供有关插件活动的更多信息。
Show missing patches that have been superseded
显示已被取代的缺失补丁
Enabled If enabled, includes superseded patch information in the scan report.
如果启用,则在扫描报告中包含已取代的修补程序信息。
Hide results from plugins initiated as a dependency
隐藏作为依赖项启动的插件的结果
Enabled If enabled, the list of dependencies is not included in the report. If you want to include the list of dependencies in the report, disable this setting.
如果启用,则依赖项列表不包含在报告中。如果要在报告中包含依赖项列表,请禁用此设置。
Allow users to edit scan results
允许用户编辑扫描结果
Enabled When enabled, allows users to delete items from the report. When performing a scan for regulatory compliance or other types of audits, disable the setting to show that the scan was not tampered with.
启用后,允许用户从报告中删除项目。执行符合法规要求的扫描或其他类型的审核时,请禁用该设置以显示扫描未被篡改。
Designate hosts by their DNS name
按DNS名称指定主机
Disabled Uses the host name rather than IP address for report output.
使用主机名而不是IP地址进行报告输出。
Display hosts that respond to ping
显示响应ping的主机
Disabled Reports hosts that successfully respond to a ping.
报告成功响应ping的主机。
Display unreachable hosts
显示无法访问的主机
Disabled When enabled, hosts that did not reply to the ping request are included in the security report as dead hosts. Do not enable this option for large IP blocks.
启用后,未响应ping请求的主机将作为死主机包含在安全报告中。不要为大型IP块启用此选项。
     
Advanced高级设置    
Enable Safe Checks
启用安全检查
Enabled When enabled, disables all plugins that may have an adverse effect on the remote host.
启用后,禁用可能对远程主机产生负面影响的所有插件。
Stop scanning hosts that become unresponsive during the scan
停止扫描在扫描期间无响应的主机
Disabled When enabled, Nessus stops scanning if it detects that the host has become unresponsive. This may occur if users turn off their PCs during a scan, a host has stopped responding after a denial of service plugin, or a security mechanism (for example, an IDS) has started to block traffic to a server. Normally, continuing scans on these machines sends unnecessary traffic across the network and delay the scan.
启用后,如果Nessus检测到主机没有响应,则停止扫描。如果用户在扫描期间关闭其PC,主机在拒绝服务插件后停止响应,或者安全机制(例如,IDS)已开始阻止到服务器的流量,则可能发生这种情况。通常,在这些计算机上继续扫描会在网络上发送不必要的流量并延迟扫描。
Scan IP addresses in a random order
以随机顺序扫描IP地址
Disabled By default, Nessus scans a list of IP addresses in sequential order. When enabled, Nessus scans the list of hosts in a random order across the entire target IP space. This is typically useful in helping to distribute the network traffic during large scans.
默认情况下,Nessus按顺序扫描IP地址列表。启用后,Nessus会在整个目标IP空间中以随机顺序扫描主机列表。这通常有助于在大型扫描期间分发网络流量。
Slow down the scan when network congestion is detected
检测到网络拥塞时减慢扫描速度
Disabled This enables Nessus to detect when it is sending too many packets and the network pipe is approaching capacity. If detected, Nessus throttles the scan to accommodate and alleviate the congestion. Once the congestion has subsided, Nessus automatically attempts to use the available space within the network pipe again.
这使Nessus能够检测何时发送过多数据包,何时网络管道正在接近最大容量。如果检测到,Nessus会限制扫描以适应和缓解拥塞。一旦拥塞消退,Nessus会自动尝试再次使用网络管道中的可用空间。
Network timeout (in seconds)
网络超时(以秒为单位)
5 Specifies the time that Nessus waits for a response from a host unless otherwise specified within a plugin. If you are scanning over a slow connection, you may want to set this to a higher number of seconds.
指定Nessus等待来自主机的响应的时间,除非插件中另有指定。如果您通过慢速连接进行扫描,则可能需要将其设置为更高的秒数。
Max simultaneous checks per host
每台主机最多同时检查
5 Specifies the maximum number of checks a Nessus scanner will perform against a single host at one time.
指定Nessus扫描程序一次对单个主机执行的最大检查数。
Max simultaneous hosts per scan
每次扫描最多同时主机数
80 Specifies the maximum number of hosts that a Nessus scanner will scan at the same time.
指定Nessus扫描程序将同时扫描的最大主机数。
Max number of concurrent TCP sessions per host
每个主机的最大并发TCP会话数
none Specifies the maximum number of established TCP sessions for a single host.
This TCP throttling option also controls the number of packets per second the SYN scanner sends, which is 10 times the number of TCP sessions. E.g., if this option is set to 15, the SYN scanner sends 150 packets per second at most.
指定单个主机的已建立TCP会话的最大数量。
此TCP限制选项还控制SYN扫描程序每秒发送的数据包数,这是TCP会话数的10倍。例如,如果此选项设置为15,则SYN扫描器最多每秒发送150个数据包。
Max number of concurrent TCP sessions per scan
每次扫描的最大并发TCP会话数
none This setting limits the maximum number of established TCP sessions for the entire scan, regardless of the number of hosts being scanned.
无论扫描的主机数是多少,此设置都会限制整个扫描建立的最大TCP会话数。
Custom filepath exclusions for Unix find command
自定义Unix find命令的要排除的文件路径
none A plain text file containing a list of filepaths to exclude from all plugins that search using the find command on Unix systems.
In the file, enter one filepath per line, formatted per patterns allowed by the Unix find command -path argument. For more information, see the find command man page.
一个纯文本文件,包含要在Unix系统上使用find命令进行搜索的所有插件中要排除的文件路径列表。
在该文件中,每行输入一个文件路径,按Unix find命令-path参数允许的格式进行格式化。有关更多信息,请参阅find命令手册页。
Custom filesystem exclusions for Unix find command
自定义Unix find命令的要排除的文件系统
none A plain text file containing a list of filesystems to exclude from all plugins that search using the find command on Unix systems.
In the file, enter one filesystem per line, using filesystem types supported by the Unix find command -fstype argument. For more information, see the find command man page.
一个纯文本文件,包含要在Unix系统上使用find命令进行搜索的所有插件中要排除的文件系统列表。
在该文件中,使用Unix find命令-fstype参数支持的文件系统类型,每行输入一个文件系统。有关更多信息,请参阅find命令手册页。
Log scan details
记录扫描细节
Disabled Logs the start and finish time for each plugin used during a scan to nessusd.messages.
将扫描期间使用的每个插件的开始和结束时间记录到nessusd.messages。
Enable plugin debugging
启用插件调试
Disabled Attaches available debug logs from plugins to the vulnerability output of this scan.
将可用的调试日志从插件附加到此扫描的漏洞输出。
Audit Trail Verbosity
审计跟踪详细程度
All audit trail data Control verbosity of the plugin audit trail. If set to 'partial', scans will not include trails providing the reason why plugins were not included in the scan.
控制插件审计跟踪的详细程度。如果设置为“部分”,扫描将不包括插件没被包含在扫描中的原因。
Enumerate launched plugins
枚举已启动的插件
Disabled Adds a list of plugins that were launched during the scan
添加扫描期间启动的插件列表

你可能感兴趣的:(Nessus,WEB安全,安全测试,渗透测试,安全扫描)