Mailing List Archive: Nessus: devel

testing for common/default passwords

Index | Next | Previous | View Threaded

bill.petersen at alcatel

Sep 27, 2005, 6:09 AM

Post #1 of 2 (1466 views)
Permalink

testing for common/default passwords

I would like to run a simple test against a group of systems.
I want to only test for
1. No passwords for ids like root, oracle, mysql, etc.
2. Default userid & passwords

Is there any easy way to tell nessus to JUST do this type of test?

By going to a site like
http://www.cirt.net/cgi-bin/passwd.pl?method=csv
I can get a list of common default user ids and passwords.

I would like nessus to use this list of ids and passwords in its tests.
Is that possible? (with some reformatting I assume)

--
Bill Petersen, CISSP
Senior Information Security Analyst
Alcatel North America Information Security
Bill.Petersen [at] alcatel
Voice: 972-519-4249
Fax: 972-477-5300

theall at tenablesecurity

Sep 27, 2005, 7:27 PM

Post #2 of 2 (1352 views)
Permalink

Re: testing for common/default passwords [In reply to]

On Tue, Sep 27, 2005 at 08:09:31AM -0500, Bill Petersen wrote:

You'll reach a wider audience with this type of question by sending to
nessus [at] list; nessus-devel focuses on development.

> I would like to run a simple test against a group of systems.
> I want to only test for
> 1. No passwords for ids like root, oracle, mysql, etc.
> 2. Default userid & passwords
>
> Is there any easy way to tell nessus to JUST do this type of test?

Why not just use THC-Hydra / Nikto? If you want to do it with Nessus,
then use the corresponding plugins.

George
--
theall [at] tenablesecurity

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads