Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. devel
testing for common/default passwords
bill.petersen at alcatel
Sep 27, 2005, 6:09 AM
Post #1 of 2 (2185 views)
Permalink
I would like to run a simple test against a group of systems.
I want to only test for
1. No passwords for ids like root, oracle, mysql, etc.
2. Default userid & passwords

Is there any easy way to tell nessus to JUST do this type of test?


By going to a site like
http://www.cirt.net/cgi-bin/passwd.pl?method=csv
I can get a list of common default user ids and passwords.

I would like nessus to use this list of ids and passwords in its tests.
Is that possible? (with some reformatting I assume)



--
Bill Petersen, CISSP
Senior Information Security Analyst
Alcatel North America Information Security
Bill.Petersen@alcatel.com
Voice: 972-519-4249
Fax: 972-477-5300
Re: testing for common/default passwords [ In reply to ]
theall at tenablesecurity
Sep 27, 2005, 7:27 PM
Post #2 of 2 (2063 views)
Permalink
On Tue, Sep 27, 2005 at 08:09:31AM -0500, Bill Petersen wrote:

You'll reach a wider audience with this type of question by sending to
nessus@list.nessus.org; nessus-devel focuses on development.

> I would like to run a simple test against a group of systems.
> I want to only test for
> 1. No passwords for ids like root, oracle, mysql, etc.
> 2. Default userid & passwords
>
> Is there any easy way to tell nessus to JUST do this type of test?

Why not just use THC-Hydra / Nikto? If you want to do it with Nessus,
then use the corresponding plugins.

George
--
theall@tenablesecurity.com

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal