Nicolas Gregoire <ngregoireat_private> writes: > You should perhaps add the TCP ports used by SAP R/3 (3200, 3300, > 3600). I only put ports that are used as default in Nessus plugins, in fact. Currently, Renaud does not like this scanner much, for very good reasons in fact (we should rather use pre-defined lists of ports for other scanners, we already have too many of them) > By the way, how could we add a SAP R/3 login checker to Nessus, given > the fact that the API used (nammed RFC for Remote Functions Calls) is > proprietary and licensed. Reverse-engineering from packet capture ? Two ways: 1. Reverse-engineering. 2. or link Nessus with the API if it is available (configure can do that) and add a couple of NASL functions. Solution (1) is the best one to do it, but it can be painful. (2) is simpler, but it would lead to a tool that would be able to scan many softwares... Provided you have the licence. Definitely not great, but maybe an interesting temporary feature? I thought of this solution for databases.
This archive was generated by hypermail 2b30 : Fri Apr 25 2003 - 01:44:20 PDT