Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. users
List SSL ciphers
david at ombrepixel
Dec 8, 2008, 9:57 AM
Post #1 of 2 (4080 views)
Permalink
Dear All,

I can't find a reliable way to use the "Supported SSL Ciphers Suites
plugin" against a https:443 webserver
http://www.nessus.org/plugins/index.php?view=single&id=21643

Please note I'm a nessus newbie

First, I understood that the plugin is not executed if the port
scanner doesn't detect the 443 port.
And this is the start of my nightmare

I only activated the plugin (21643)

Port scanner range : 443
Consider unscanned ports as closed : unchecked
Nessus TCP scanner : Checked
Ping the remote host : Checked

This didn't work, in fact, port scanner range was not taken into account.

The only way I got the scanner to detect port 443 was to check Syn
Scan box. Then, once again, the port scanner range is not taken into
account, but a huge number of ports are scanned (including 443!). The
plugin worked then.

This is a Windows nessus 3.2.1.1 with the plugins updated today.

Do you have an idea about what is my problem, I'd like to use it
without this scan port thant includes a huge number of ports.

Thanks,

David
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Re: List SSL ciphers [ In reply to ]
rgula at tenablesecurity
Dec 8, 2008, 10:56 AM
Post #2 of 2 (3908 views)
Permalink
Hi David,

I followed this procedure and got the SSL plugin to work as expected:

- Used the NessusClient to connect to to my Nessus scanner
- Created a new scan policy named SSL Cipher Scan
- Under "Options" of the scan policy I changed the port scanner range to 443
also checked the 'Consider unscanned ports as closed checkbox.
- Under "Plugin Selection" I disabled all plugins and made sure that
"Enabled dependencies at runtime" and "Silent dependencies" were also
checked.

I'm running a scan now and only getting results for my SSL servers on
port 443 from my local test network.

Perhaps you did not enable dependencies when you selected the SSL cipher
plugin.

Ron Gula
Tenable Network Security

David ROBERT wrote:
> Dear All,
>
> I can't find a reliable way to use the "Supported SSL Ciphers Suites
> plugin" against a https:443 webserver
> http://www.nessus.org/plugins/index.php?view=single&id=21643
>
> Please note I'm a nessus newbie
>
> First, I understood that the plugin is not executed if the port
> scanner doesn't detect the 443 port.
> And this is the start of my nightmare
>
> I only activated the plugin (21643)
>
> Port scanner range : 443
> Consider unscanned ports as closed : unchecked
> Nessus TCP scanner : Checked
> Ping the remote host : Checked
>
> This didn't work, in fact, port scanner range was not taken into account.
>
> The only way I got the scanner to detect port 443 was to check Syn
> Scan box. Then, once again, the port scanner range is not taken into
> account, but a huge number of ports are scanned (including 443!). The
> plugin worked then.
>
> This is a Windows nessus 3.2.1.1 with the plugins updated today.
>
> Do you have an idea about what is my problem, I'd like to use it
> without this scan port thant includes a huge number of ports.
>
> Thanks,
>
> David
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal