On Mon, Feb 06, 2006 at 04:12:11PM +0100, Andrea Governatori wrote: > 1) I would to know if in my Nessus (2.2.6) already exist some > + dictionary list that can i use to entry password and userid > + on my script. There's no general list per se. Most plugins use a highly targetted list of usernames / passwords (say, known default credentials) rather than trying to brute-force logins. There is, though, a collection of plugins for running Hydra against various services (eg, hydra*.nasl), and they allow a user to specify a list of usernames and passwords to work with. You might try building your plugin around those. > 2) How is the nasl function to provide at the nessus client > + the possibility to set some parameter that my script can > + use at the scanning moment ? In the script description block, you call script_add_preference() to make it available in the client; and when the script runs, you call script_get_preference() to retrieve the value. Take a look at hydra_options.nasl as an example. George -- theall@private _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Tue Feb 07 2006 - 04:41:40 PST