Hello,
I've been trying to figure out if there is a way of controlling
which port scanner is to be invoked when scanning a remote system.
This, by the way, with a client talking directly to nessusd.
For example, let's say 'nmap' exists (and nmap_wrapper plugin is
available), and is complemented by the availability of the
nmap_tcp_connect plugin, as well as the synscan plugin.
Which scanner is going to run? I haven't found any logic yet
that determines which scanner is the scanner of choice, nor
any way of saying "use this one" short of simply knowing
which scanners are available, and simply excluding ALL but
the ID of choice when specifying the "plugin_set" command.
A secondary question of less importance - why would the
labrea.nasl script not be executed before the port scanner?
If the system is truly a labrea tarpit, shouldn't this script
take precedence over all others? In practice, I've seen this
script be executed after the portscan, which seems less than
optimal.
Thomas
I've been trying to figure out if there is a way of controlling
which port scanner is to be invoked when scanning a remote system.
This, by the way, with a client talking directly to nessusd.
For example, let's say 'nmap' exists (and nmap_wrapper plugin is
available), and is complemented by the availability of the
nmap_tcp_connect plugin, as well as the synscan plugin.
Which scanner is going to run? I haven't found any logic yet
that determines which scanner is the scanner of choice, nor
any way of saying "use this one" short of simply knowing
which scanners are available, and simply excluding ALL but
the ID of choice when specifying the "plugin_set" command.
A secondary question of less importance - why would the
labrea.nasl script not be executed before the port scanner?
If the system is truly a labrea tarpit, shouldn't this script
take precedence over all others? In practice, I've seen this
script be executed after the portscan, which seems less than
optimal.
Thomas