Mailing List Archive

Application Fingerprint
How does nessus find out what application is
running.Since it has to know this information in order
to launch an exploit. And exactly how much information
does nessus need to launch an exploit. I mean the full
application name and version number is necessary or
the service name is also sufficient in many cases?

Ive seen it sending the "get" probe but I was confused
about wherther it would be able to find an application
uniquely on the basis of this probe.

So what is actually doing ?
1. Is it just matching a banner
2.does it have a database of responses for each
application like maybe nmap does.
3.It is fingerprinting the application in some other
way.






__________________________________
Do you Yahoo!?
Yahoo! Mail SpamGuard - Read only the mail you want.
http://antispam.yahoo.com/tools