Discover Malware and Botnet Hosts paul shared This policy enables plugins associated with discovering malware, backdoors, viruses and hosts participating in a botnet. Please remember to enter credentials for your targets for full coverage within your specific environment(s). use_mac_addr no throttle_scan yes listen_address 0.0.0.0 slice_network_addresses no non_simult_ports 139, 445 max_checks 5 stop_scan_on_disconnect no report_crashes yes name Discover Malware and Botnet Hosts description This policy enables plugins associated with discovering malware, backdoors, viruses and hosts participating in a botnet. Please remember to enter credentials for your targets for full coverage within your specific environment(s). optimize_test yes log_whole_attack no ssl_cipher_list strong cgi_path /cgi-bin:/scripts save_knowledge_base no use_kernel_congestion_detection no listen_port 32767 auto_update yes checks_read_timeout 5 plugins_timeout 320 auto_enable_dependencies yes safe_checks yes stop_scan_on_hang no visibility shared max_hosts 80 reduce_connections_on_congestion no silent_dependencies yes port_range default plugin_upload yes plugin_upload_suffixes .nasl, .nasl3, .nasl4, .inc, .inc3, .nbin, .nlib, .audit xmlrpc_listen_port 32768 feed_type ProFeed Unix Compliance Checks 21157 Unix Compliance Checks[file]:Policy file #1 : Policy file #1 : file Unix Compliance Checks 21157 Unix Compliance Checks[file]:Policy file #2 : Policy file #2 : file Unix Compliance Checks 21157 Unix Compliance Checks[file]:Policy file #3 : Policy file #3 : file Unix Compliance Checks 21157 Unix Compliance Checks[file]:Policy file #4 : Policy file #4 : file Unix Compliance Checks 21157 Unix Compliance Checks[file]:Policy file #5 : Policy file #5 : file Hydra: LDAP 15877 Hydra: LDAP[entry]:DN : DN : entry Web mirroring 10662 Web mirroring[entry]:Number of pages to mirror : Number of pages to mirror : entry 1000 Web mirroring 10662 Web mirroring[entry]:Maximum depth : Maximum depth : entry 6 Web mirroring 10662 Web mirroring[entry]:Start page : Start page : entry / Web mirroring 10662 Web mirroring[entry]:Excluded items regex : Excluded items regex : entry /server_privileges\.php|logout Web mirroring 10662 Web mirroring[checkbox]:Follow dynamic pages : Follow dynamic pages : checkbox no News Server (NNTP) Information Disclosure 11033 News Server (NNTP) Information Disclosure[entry]:From address : From address : entry Nobody <nobody@example.com> News Server (NNTP) Information Disclosure 11033 News Server (NNTP) Information Disclosure[entry]:Test group name regex : Test group name regex : entry f[a-z]\.tests? News Server (NNTP) Information Disclosure 11033 News Server (NNTP) Information Disclosure[entry]:Max crosspost : Max crosspost : entry 7 News Server (NNTP) Information Disclosure 11033 News Server (NNTP) Information Disclosure[checkbox]:Local distribution Local distribution checkbox yes News Server (NNTP) Information Disclosure 11033 News Server (NNTP) Information Disclosure[checkbox]:No archive No archive checkbox no PCI DSS compliance 33929 PCI DSS compliance[checkbox]:Check for PCI-DSS compliance Check for PCI-DSS compliance checkbox no Hydra: SAP R3 15883 Hydra: SAP R3[entry]:Client ID (between 0 and 99) : Client ID (between 0 and 99) : entry Oracle Settings 22076 Oracle Settings[entry]:Oracle SID : Oracle SID : entry Oracle Settings 22076 Oracle Settings[checkbox]:Test default accounts (slow) Test default accounts (slow) checkbox no SSH settings 14273 SSH settings[entry]:SSH user name : SSH user name : entry root SSH settings 14273 SSH settings[password]:SSH password (unsafe!) : SSH password (unsafe!) : password SSH settings 14273 SSH settings[file]:SSH public key to use : SSH public key to use : file SSH settings 14273 SSH settings[file]:SSH private key to use : SSH private key to use : file SSH settings 14273 SSH settings[password]:Passphrase for SSH key : Passphrase for SSH key : password SSH settings 14273 SSH settings[radio]:Elevate privileges with : Elevate privileges with : radio Nothing;sudo;su;su+sudo;dzdo;pbrun;Cisco 'enable' SSH settings 14273 SSH settings[entry]:su login : su login : entry SSH settings 14273 SSH settings[entry]:Escalation account : Escalation account : entry root SSH settings 14273 SSH settings[password]:Escalation password : Escalation password : password SSH settings 14273 SSH settings[file]:SSH known_hosts file : SSH known_hosts file : file SSH settings 14273 SSH settings[entry]:Preferred SSH port : Preferred SSH port : entry 22 SSH settings 14273 SSH settings[entry]:Client version : Client version : entry OpenSSH_5.0 SSH settings 14273 SSH settings[entry]:Additional SSH user name (1) : Additional SSH user name (1) : entry SSH settings 14273 SSH settings[password]:Additional SSH password (1) : Additional SSH password (1) : password SSH settings 14273 SSH settings[entry]:Additional SSH user name (2) : Additional SSH user name (2) : entry SSH settings 14273 SSH settings[password]:Additional SSH password (2) : Additional SSH password (2) : password SSH settings 14273 SSH settings[entry]:Additional SSH user name (3) : Additional SSH user name (3) : entry SSH settings 14273 SSH settings[password]:Additional SSH password (3) : Additional SSH password (3) : password SSH settings 14273 SSH settings[entry]:Additional SSH user name (4) : Additional SSH user name (4) : entry SSH settings 14273 SSH settings[password]:Additional SSH password (4) : Additional SSH password (4) : password SSH settings 14273 SSH settings[entry]:Additional SSH user name (5) : Additional SSH user name (5) : entry SSH settings 14273 SSH settings[password]:Additional SSH password (5) : Additional SSH password (5) : password SNMP settings 19762 SNMP settings[entry]:Community name : Community name : entry public SNMP settings 19762 SNMP settings[entry]:Community name (1) : Community name (1) : entry SNMP settings 19762 SNMP settings[entry]:Community name (2) : Community name (2) : entry SNMP settings 19762 SNMP settings[entry]:Community name (3) : Community name (3) : entry SNMP settings 19762 SNMP settings[entry]:UDP port : UDP port : entry 161 SNMP settings 19762 SNMP settings[entry]:SNMPv3 user name : SNMPv3 user name : entry SNMP settings 19762 SNMP settings[password]:SNMPv3 authentication password : SNMPv3 authentication password : password SNMP settings 19762 SNMP settings[radio]:SNMPv3 authentication algorithm : SNMPv3 authentication algorithm : radio MD5;SHA1 SNMP settings 19762 SNMP settings[password]:SNMPv3 privacy password : SNMPv3 privacy password : password SNMP settings 19762 SNMP settings[radio]:SNMPv3 privacy algorithm : SNMPv3 privacy algorithm : radio DES Nessus SYN scanner 11219 Nessus SYN scanner[radio]:Firewall detection : Firewall detection : radio Automatic (normal);Disabled (softer);Do not detect RST rate limitation (soft);Ignore closed ports (aggressive) VMware SOAP API Settings 57395 VMware SOAP API Settings[entry]:VMware user name : VMware user name : entry VMware SOAP API Settings 57395 VMware SOAP API Settings[password]:VMware password : VMware password : password VMware SOAP API Settings 57395 VMware SOAP API Settings[checkbox]:Ignore SSL Certificate : Ignore SSL Certificate : checkbox no Patch Management: SCCM Server Settings 57029 Patch Management: SCCM Server Settings[entry]:SCCM Server : SCCM Server : entry Patch Management: SCCM Server Settings 57029 Patch Management: SCCM Server Settings[entry]:SCCM Domain : SCCM Domain : entry Patch Management: SCCM Server Settings 57029 Patch Management: SCCM Server Settings[entry]:SCCM Username : SCCM Username : entry Patch Management: SCCM Server Settings 57029 Patch Management: SCCM Server Settings[password]:SCCM Password : SCCM Password : password Hydra: HTTP 15873 Hydra: HTTP[entry]:Web page : Web page : entry SMTP settings 11038 SMTP settings[entry]:Third party domain : Third party domain : entry example.com SMTP settings 11038 SMTP settings[entry]:From address : From address : entry nobody@example.com SMTP settings 11038 SMTP settings[entry]:To address : To address : entry postmaster@[AUTO_REPLACED_IP] IBM iSeries Credentials 57861 IBM iSeries Credentials[entry]:Login : Login : entry IBM iSeries Credentials 57861 IBM iSeries Credentials[password]:Password : Password : password Patch Management: IBM Tivoli Endpoint Manager Server Settings 62558 Patch Management: IBM Tivoli Endpoint Manager Server Settings[entry]:Web Reports Server : Web Reports Server : entry Patch Management: IBM Tivoli Endpoint Manager Server Settings 62558 Patch Management: IBM Tivoli Endpoint Manager Server Settings[entry]:Web Reports Port : Web Reports Port : entry Patch Management: IBM Tivoli Endpoint Manager Server Settings 62558 Patch Management: IBM Tivoli Endpoint Manager Server Settings[entry]:Web Reports Username : Web Reports Username : entry Patch Management: IBM Tivoli Endpoint Manager Server Settings 62558 Patch Management: IBM Tivoli Endpoint Manager Server Settings[password]:Web Reports Password : Web Reports Password : password Patch Management: IBM Tivoli Endpoint Manager Server Settings 62558 Patch Management: IBM Tivoli Endpoint Manager Server Settings[checkbox]:SSL : SSL : checkbox no Patch Management: IBM Tivoli Endpoint Manager Server Settings 62558 Patch Management: IBM Tivoli Endpoint Manager Server Settings[checkbox]:Verify SSL Certificate : Verify SSL Certificate : checkbox no Port scanners settings 33812 Port scanners settings[checkbox]:Check open TCP ports found by local port enumerators Check open TCP ports found by local port enumerators checkbox no Port scanners settings 33812 Port scanners settings[checkbox]:Only run network port scanners if local port enumeration failed Only run network port scanners if local port enumeration failed checkbox yes Hydra: Cisco enable 15870 Hydra: Cisco enable[entry]:Logon password : Logon password : entry Cleartext protocols settings 21744 Cleartext protocols settings[entry]:User name : User name : entry Cleartext protocols settings 21744 Cleartext protocols settings[password]:Password (unsafe!) : Password (unsafe!) : password Cleartext protocols settings 21744 Cleartext protocols settings[checkbox]:Try to perform patch level checks over telnet Try to perform patch level checks over telnet checkbox no Cleartext protocols settings 21744 Cleartext protocols settings[checkbox]:Try to perform patch level checks over rsh Try to perform patch level checks over rsh checkbox no Cleartext protocols settings 21744 Cleartext protocols settings[checkbox]:Try to perform patch level checks over rexec Try to perform patch level checks over rexec checkbox no HTTP cookies import 42893 HTTP cookies import[file]:Cookies file : Cookies file : file LDAP 'Domain Admins' Group Membership Enumeration 58038 LDAP 'Domain Admins' Group Membership Enumeration[entry]:LDAP user : LDAP user : entry LDAP 'Domain Admins' Group Membership Enumeration 58038 LDAP 'Domain Admins' Group Membership Enumeration[password]:LDAP password : LDAP password : password LDAP 'Domain Admins' Group Membership Enumeration 58038 LDAP 'Domain Admins' Group Membership Enumeration[entry]:Max results : Max results : entry 1000 Malicious Process Detection 59275 Malicious Process Detection[file]:Additional MD5 hashes (optional) : Additional MD5 hashes (optional) : file IBM iSeries Compliance Checks 57860 IBM iSeries Compliance Checks[file]:Policy file #1 : Policy file #1 : file IBM iSeries Compliance Checks 57860 IBM iSeries Compliance Checks[file]:Policy file #2 : Policy file #2 : file IBM iSeries Compliance Checks 57860 IBM iSeries Compliance Checks[file]:Policy file #3 : Policy file #3 : file IBM iSeries Compliance Checks 57860 IBM iSeries Compliance Checks[file]:Policy file #4 : Policy file #4 : file IBM iSeries Compliance Checks 57860 IBM iSeries Compliance Checks[file]:Policy file #5 : Policy file #5 : file Database Compliance Checks 33814 Database Compliance Checks[file]:Policy file #1 : Policy file #1 : file Database Compliance Checks 33814 Database Compliance Checks[file]:Policy file #2 : Policy file #2 : file Database Compliance Checks 33814 Database Compliance Checks[file]:Policy file #3 : Policy file #3 : file Database Compliance Checks 33814 Database Compliance Checks[file]:Policy file #4 : Policy file #4 : file Database Compliance Checks 33814 Database Compliance Checks[file]:Policy file #5 : Policy file #5 : file Cisco IOS Compliance Checks 46689 Cisco IOS Compliance Checks[radio]:IOS Config File To Audit : IOS Config File To Audit : radio Saved/(show config);Running/(show running);Startup/(show startup) Cisco IOS Compliance Checks 46689 Cisco IOS Compliance Checks[file]:Policy file #1 : Policy file #1 : file Cisco IOS Compliance Checks 46689 Cisco IOS Compliance Checks[file]:Policy file #2 : Policy file #2 : file Cisco IOS Compliance Checks 46689 Cisco IOS Compliance Checks[file]:Policy file #3 : Policy file #3 : file Cisco IOS Compliance Checks 46689 Cisco IOS Compliance Checks[file]:Policy file #4 : Policy file #4 : file Cisco IOS Compliance Checks 46689 Cisco IOS Compliance Checks[file]:Policy file #5 : Policy file #5 : file Modbus/TCP Coil Access 23817 Modbus/TCP Coil Access[entry]:Start reg : Start reg : entry 0 Modbus/TCP Coil Access 23817 Modbus/TCP Coil Access[entry]:End reg : End reg : entry 16 Patch Management: WSUS Server Settings 57031 Patch Management: WSUS Server Settings[entry]:WSUS Server : WSUS Server : entry Patch Management: WSUS Server Settings 57031 Patch Management: WSUS Server Settings[entry]:WSUS Port : WSUS Port : entry Patch Management: WSUS Server Settings 57031 Patch Management: WSUS Server Settings[entry]:WSUS Username : WSUS Username : entry Patch Management: WSUS Server Settings 57031 Patch Management: WSUS Server Settings[password]:WSUS Password : WSUS Password : password Patch Management: WSUS Server Settings 57031 Patch Management: WSUS Server Settings[checkbox]:SSL : SSL : checkbox no Patch Management: WSUS Server Settings 57031 Patch Management: WSUS Server Settings[checkbox]:Verify SSL Certificate : Verify SSL Certificate : checkbox no Hydra: HTTP proxy 15874 Hydra: HTTP proxy[entry]:Web site (optional) : Web site (optional) : entry ADSI Settings 60024 ADSI Settings[entry]:Domain Controller : Domain Controller : entry ADSI Settings 60024 ADSI Settings[entry]:Domain : Domain : entry ADSI Settings 60024 ADSI Settings[entry]:Domain Username : Domain Username : entry ADSI Settings 60024 ADSI Settings[password]:Domain Password : Domain Password : password ADSI Settings 60024 ADSI Settings[entry]:Domain Controller 2: Domain Controller 2: entry ADSI Settings 60024 ADSI Settings[entry]:Domain 2: Domain 2: entry ADSI Settings 60024 ADSI Settings[entry]:Domain Username 2: Domain Username 2: entry ADSI Settings 60024 ADSI Settings[password]:Domain Password 2: Domain Password 2: password ADSI Settings 60024 ADSI Settings[entry]:Domain Controller 3: Domain Controller 3: entry ADSI Settings 60024 ADSI Settings[entry]:Domain 3: Domain 3: entry ADSI Settings 60024 ADSI Settings[entry]:Domain Username 3: Domain Username 3: entry ADSI Settings 60024 ADSI Settings[password]:Domain Password 3: Domain Password 3: password ADSI Settings 60024 ADSI Settings[entry]:Domain Controller 4: Domain Controller 4: entry ADSI Settings 60024 ADSI Settings[entry]:Domain 4: Domain 4: entry ADSI Settings 60024 ADSI Settings[entry]:Domain Username 4: Domain Username 4: entry ADSI Settings 60024 ADSI Settings[password]:Domain Password 4: Domain Password 4: password ADSI Settings 60024 ADSI Settings[entry]:Domain Controller 5: Domain Controller 5: entry ADSI Settings 60024 ADSI Settings[entry]:Domain 5: Domain 5: entry ADSI Settings 60024 ADSI Settings[entry]:Domain Username 5: Domain Username 5: entry ADSI Settings 60024 ADSI Settings[password]:Domain Password 5: Domain Password 5: password HTTP login page 11149 HTTP login page[entry]:Login page : Login page : entry / HTTP login page 11149 HTTP login page[entry]:Login form : Login form : entry HTTP login page 11149 HTTP login page[entry]:Login form fields : Login form fields : entry user=%USER%&pass=%PASS% HTTP login page 11149 HTTP login page[radio]:Login form method : Login form method : radio POST;GET HTTP login page 11149 HTTP login page[checkbox]:Automated login page search Automated login page search checkbox no HTTP login page 11149 HTTP login page[entry]:Re-authenticate delay (seconds) : Re-authenticate delay (seconds) : entry HTTP login page 11149 HTTP login page[entry]:Check authentication on page : Check authentication on page : entry HTTP login page 11149 HTTP login page[entry]:Follow 30x redirections (# of levels) : Follow 30x redirections (# of levels) : entry 2 HTTP login page 11149 HTTP login page[entry]:Authenticated regex : Authenticated regex : entry HTTP login page 11149 HTTP login page[checkbox]:Invert test (disconnected if regex matches) Invert test (disconnected if regex matches) checkbox no HTTP login page 11149 HTTP login page[checkbox]:Match regex on HTTP headers Match regex on HTTP headers checkbox no HTTP login page 11149 HTTP login page[checkbox]:Case insensitive regex Case insensitive regex checkbox no HTTP login page 11149 HTTP login page[checkbox]:Abort web application tests if login fails Abort web application tests if login fails checkbox no Kerberos configuration 17351 Kerberos configuration[entry]:Kerberos Key Distribution Center (KDC) : Kerberos Key Distribution Center (KDC) : entry Kerberos configuration 17351 Kerberos configuration[entry]:Kerberos KDC Port : Kerberos KDC Port : entry 88 Kerberos configuration 17351 Kerberos configuration[radio]:Kerberos KDC Transport : Kerberos KDC Transport : radio udp;tcp Kerberos configuration 17351 Kerberos configuration[entry]:Kerberos Realm (SSH only) : Kerberos Realm (SSH only) : entry Juniper Junos Compliance Checks 62680 Juniper Junos Compliance Checks[file]:Policy file #1 : Policy file #1 : file Juniper Junos Compliance Checks 62680 Juniper Junos Compliance Checks[file]:Policy file #2 : Policy file #2 : file Juniper Junos Compliance Checks 62680 Juniper Junos Compliance Checks[file]:Policy file #3 : Policy file #3 : file Juniper Junos Compliance Checks 62680 Juniper Junos Compliance Checks[file]:Policy file #4 : Policy file #4 : file Juniper Junos Compliance Checks 62680 Juniper Junos Compliance Checks[file]:Policy file #5 : Policy file #5 : file Do not scan fragile devices 22481 Do not scan fragile devices[checkbox]:Scan Network Printers Scan Network Printers checkbox no Do not scan fragile devices 22481 Do not scan fragile devices[checkbox]:Scan Novell Netware hosts Scan Novell Netware hosts checkbox no Wake-on-LAN 52616 Wake-on-LAN[file]:List of MAC addresses for Wake-on-LAN: List of MAC addresses for Wake-on-LAN: file Wake-on-LAN 52616 Wake-on-LAN[entry]:Time to wait (in minutes) for the systems to boot: Time to wait (in minutes) for the systems to boot: entry 5 Palo Alto Networks PAN-OS Compliance Checks 64095 Palo Alto Networks PAN-OS Compliance Checks[file]:Policy file #1 : Policy file #1 : file Palo Alto Networks PAN-OS Compliance Checks 64095 Palo Alto Networks PAN-OS Compliance Checks[file]:Policy file #2 : Policy file #2 : file Palo Alto Networks PAN-OS Compliance Checks 64095 Palo Alto Networks PAN-OS Compliance Checks[file]:Policy file #3 : Policy file #3 : file Palo Alto Networks PAN-OS Compliance Checks 64095 Palo Alto Networks PAN-OS Compliance Checks[file]:Policy file #4 : Policy file #4 : file Palo Alto Networks PAN-OS Compliance Checks 64095 Palo Alto Networks PAN-OS Compliance Checks[file]:Policy file #5 : Policy file #5 : file Hydra: SMB 15884 Hydra: SMB[radio]:Check local / domain accounts Check local / domain accounts radio Local accounts; Domain Accounts; Either Hydra: SMB 15884 Hydra: SMB[checkbox]:Interpret passwords as NTLM hashes Interpret passwords as NTLM hashes checkbox no Patch Management: VMware Go Server Settings 57026 Patch Management: VMware Go Server Settings[entry]:Host : Host : entry services.shavlik.com Patch Management: VMware Go Server Settings 57026 Patch Management: VMware Go Server Settings[entry]:Port : Port : entry 443 Patch Management: VMware Go Server Settings 57026 Patch Management: VMware Go Server Settings[entry]:Username : Username : entry Patch Management: VMware Go Server Settings 57026 Patch Management: VMware Go Server Settings[password]:Password : Password : password Patch Management: VMware Go Server Settings 57026 Patch Management: VMware Go Server Settings[entry]:Domain : Domain : entry Patch Management: VMware Go Server Settings 57026 Patch Management: VMware Go Server Settings[entry]:API path : API path : entry /api/authenticationbroker/account/httpIssue.svc/ Patch Management: VMware Go Server Settings 57026 Patch Management: VMware Go Server Settings[entry]:Authentication realm : Authentication realm : entry https://services.shavlik.com/api/dataservices/v1r1/default.aspx Patch Management: VMware Go Server Settings 57026 Patch Management: VMware Go Server Settings[entry]:Service path : Service path : entry /api/dataservices/v1r1/OData.svc/ SMB Use Host SID to Enumerate Local Users 10860 SMB Use Host SID to Enumerate Local Users[entry]:Start UID : Start UID : entry 1000 SMB Use Host SID to Enumerate Local Users 10860 SMB Use Host SID to Enumerate Local Users[entry]:End UID : End UID : entry 1200 Global variable settings 12288 Global variable settings[checkbox]:Probe services on every port Probe services on every port checkbox yes Global variable settings 12288 Global variable settings[checkbox]:Do not log in with user accounts not specified in the policy Do not log in with user accounts not specified in the policy checkbox no Global variable settings 12288 Global variable settings[checkbox]:Enable CGI scanning Enable CGI scanning checkbox no Global variable settings 12288 Global variable settings[radio]:Network type Network type radio Mixed (use RFC 1918);Private LAN;Public WAN (Internet) Global variable settings 12288 Global variable settings[checkbox]:Enable experimental scripts Enable experimental scripts checkbox no Global variable settings 12288 Global variable settings[checkbox]:Thorough tests (slow) Thorough tests (slow) checkbox no Global variable settings 12288 Global variable settings[radio]:Report verbosity Report verbosity radio Normal;Quiet;Verbose Global variable settings 12288 Global variable settings[radio]:Report paranoia Report paranoia radio Normal;Avoid false alarms;Paranoid (more false alarms) Global variable settings 12288 Global variable settings[entry]:HTTP User-Agent HTTP User-Agent entry Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Global variable settings 12288 Global variable settings[file]:SSL certificate to use : SSL certificate to use : file Global variable settings 12288 Global variable settings[file]:SSL CA to trust : SSL CA to trust : file Global variable settings 12288 Global variable settings[file]:SSL key to use : SSL key to use : file Global variable settings 12288 Global variable settings[password]:SSL password for SSL key : SSL password for SSL key : password Nmap (XML file importer) 33818 Nmap (XML file importer)[file]:File containing XML results : File containing XML results : file ICCP/COTP TSAP Addressing Weakness 23812 ICCP/COTP TSAP Addressing Weakness[entry]:Start COTP TSAP : Start COTP TSAP : entry 8 ICCP/COTP TSAP Addressing Weakness 23812 ICCP/COTP TSAP Addressing Weakness[entry]:Stop COTP TSAP : Stop COTP TSAP : entry 8 Hydra (NASL wrappers options) 15868 Hydra (NASL wrappers options)[checkbox]:Always enable Hydra (slow) Always enable Hydra (slow) checkbox no Hydra (NASL wrappers options) 15868 Hydra (NASL wrappers options)[file]:Logins file : Logins file : file Hydra (NASL wrappers options) 15868 Hydra (NASL wrappers options)[file]:Passwords file : Passwords file : file Hydra (NASL wrappers options) 15868 Hydra (NASL wrappers options)[entry]:Number of parallel tasks : Number of parallel tasks : entry 16 Hydra (NASL wrappers options) 15868 Hydra (NASL wrappers options)[entry]:Timeout (in seconds) : Timeout (in seconds) : entry 30 Hydra (NASL wrappers options) 15868 Hydra (NASL wrappers options)[checkbox]:Try empty passwords Try empty passwords checkbox yes Hydra (NASL wrappers options) 15868 Hydra (NASL wrappers options)[checkbox]:Try login as password Try login as password checkbox yes Hydra (NASL wrappers options) 15868 Hydra (NASL wrappers options)[checkbox]:Exit as soon as an account is found Exit as soon as an account is found checkbox no Hydra (NASL wrappers options) 15868 Hydra (NASL wrappers options)[checkbox]:Add accounts found by other plugins to login file Add accounts found by other plugins to login file checkbox yes Apple Profile Manager API Settings 60032 Apple Profile Manager API Settings[entry]:Apple Profile Manager server : Apple Profile Manager server : entry Apple Profile Manager API Settings 60032 Apple Profile Manager API Settings[entry]:Apple Profile Manager port : Apple Profile Manager port : entry 443 Apple Profile Manager API Settings 60032 Apple Profile Manager API Settings[entry]:Apple Profile Manager username : Apple Profile Manager username : entry Apple Profile Manager API Settings 60032 Apple Profile Manager API Settings[password]:Apple Profile Manager password : Apple Profile Manager password : password Apple Profile Manager API Settings 60032 Apple Profile Manager API Settings[checkbox]:SSL : SSL : checkbox yes Apple Profile Manager API Settings 60032 Apple Profile Manager API Settings[checkbox]:Verify SSL Certificate : Verify SSL Certificate : checkbox no Apple Profile Manager API Settings 60032 Apple Profile Manager API Settings[checkbox]:Force Device Updates : Force Device Updates : checkbox yes Apple Profile Manager API Settings 60032 Apple Profile Manager API Settings[entry]:Device Update Timeout (Minutes) : Device Update Timeout (Minutes) : entry 5 SMB Use Domain SID to Enumerate Users 10399 SMB Use Domain SID to Enumerate Users[entry]:Start UID : Start UID : entry 1000 SMB Use Domain SID to Enumerate Users 10399 SMB Use Domain SID to Enumerate Users[entry]:End UID : End UID : entry 1200 VMware vCenter SOAP API Settings 63060 VMware vCenter SOAP API Settings[entry]:VMware vCenter host : VMware vCenter host : entry VMware vCenter SOAP API Settings 63060 VMware vCenter SOAP API Settings[entry]:VMware vCenter port : VMware vCenter port : entry 443 VMware vCenter SOAP API Settings 63060 VMware vCenter SOAP API Settings[entry]:VMware vCenter user name : VMware vCenter user name : entry VMware vCenter SOAP API Settings 63060 VMware vCenter SOAP API Settings[password]:VMware vCenter password : VMware vCenter password : password VMware vCenter SOAP API Settings 63060 VMware vCenter SOAP API Settings[checkbox]:SSL : SSL : checkbox yes VMware vCenter SOAP API Settings 63060 VMware vCenter SOAP API Settings[checkbox]:Verify SSL Certificate : Verify SSL Certificate : checkbox no Windows File Contents Compliance Checks 24760 Windows File Contents Compliance Checks[file]:Policy file #1 : Policy file #1 : file Windows File Contents Compliance Checks 24760 Windows File Contents Compliance Checks[file]:Policy file #2 : Policy file #2 : file Windows File Contents Compliance Checks 24760 Windows File Contents Compliance Checks[file]:Policy file #3 : Policy file #3 : file Windows File Contents Compliance Checks 24760 Windows File Contents Compliance Checks[file]:Policy file #4 : Policy file #4 : file Windows File Contents Compliance Checks 24760 Windows File Contents Compliance Checks[file]:Policy file #5 : Policy file #5 : file Database settings 33815 Database settings[entry]:Login : Login : entry Database settings 33815 Database settings[password]:Password : Password : password Database settings 33815 Database settings[radio]:DB Type : DB Type : radio Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL Database settings 33815 Database settings[entry]:Database SID : Database SID : entry Database settings 33815 Database settings[entry]:Database port to use : Database port to use : entry Database settings 33815 Database settings[radio]:Oracle auth type: Oracle auth type: radio NORMAL;SYSOPER;SYSDBA Database settings 33815 Database settings[radio]:SQL Server auth type: SQL Server auth type: radio Windows;SQL Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Enable Nikto Enable Nikto checkbox no Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Disable if server never replies 404 Disable if server never replies 404 checkbox yes Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[entry]:Root directory Root directory entry Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[entry]:Pause between tests (s) Pause between tests (s) entry Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[radio]:Scan CGI directories Scan CGI directories radio User supplied;All;None Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Display: 1 Show redirects Display: 1 Show redirects checkbox no Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Display: 2 Show cookies received Display: 2 Show cookies received checkbox no Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Display: 3 Show all 200/OK responses Display: 3 Show all 200/OK responses checkbox no Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Display: 4 Show URLs which require authentication Display: 4 Show URLs which require authentication checkbox no Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Display: V Verbose Output Display: V Verbose Output checkbox no Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Tuning: 1 Interesting File / Seen in logs Tuning: 1 Interesting File / Seen in logs checkbox no Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Tuning: 2 Misconfiguration / Default File Tuning: 2 Misconfiguration / Default File checkbox no Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Tuning: 3 Information Disclosure Tuning: 3 Information Disclosure checkbox no Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Tuning: 4 Injection (XSS/Script/HTML) Tuning: 4 Injection (XSS/Script/HTML) checkbox no Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Tuning: 5 Remote File Retrieval - Inside Web Root Tuning: 5 Remote File Retrieval - Inside Web Root checkbox no Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Tuning: 6 Denial of Service Tuning: 6 Denial of Service checkbox no Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Tuning: 7 Remote File Retrieval - Server Wide Tuning: 7 Remote File Retrieval - Server Wide checkbox no Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Tuning: 8 Command Execution / Remote Shell Tuning: 8 Command Execution / Remote Shell checkbox no Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Tuning: 9 SQL Injection Tuning: 9 SQL Injection checkbox no Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Tuning: 0 File Upload Tuning: 0 File Upload checkbox no Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Tuning: a Authentication Bypass Tuning: a Authentication Bypass checkbox no Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Tuning: b Software Identification Tuning: b Software Identification checkbox no Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Tuning: c Remote Source Inclusion Tuning: c Remote Source Inclusion checkbox no Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Tuning: x Reverse Tuning Options (i.e., include all except specified) Tuning: x Reverse Tuning Options (i.e., include all except specified) checkbox no Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Mutate: 1 Test all files with all root directories Mutate: 1 Test all files with all root directories checkbox no Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Mutate: 2 Guess for password file names Mutate: 2 Guess for password file names checkbox no Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Mutate: 3 Enumerate user names via Apache (/~user type requests) Mutate: 3 Enumerate user names via Apache (/~user type requests) checkbox no Nikto (NASL wrapper) 14260 Nikto (NASL wrapper)[checkbox]:Mutate: 4 Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests) Mutate: 4 Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests) checkbox no Hydra: PostgreSQL 18660 Hydra: PostgreSQL[entry]:Database name (optional) : Database name (optional) : entry Patch Management: Red Hat Satellite Server Settings 57063 Patch Management: Red Hat Satellite Server Settings[entry]:Red Hat Satellite server(s) [separated w/ semicolons] : Red Hat Satellite server(s) [separated w/ semicolons] : entry Patch Management: Red Hat Satellite Server Settings 57063 Patch Management: Red Hat Satellite Server Settings[entry]:Red Hat Satellite port(s) : Red Hat Satellite port(s) : entry 443 Patch Management: Red Hat Satellite Server Settings 57063 Patch Management: Red Hat Satellite Server Settings[checkbox]:Verify SSL certificates : Verify SSL certificates : checkbox no Patch Management: Red Hat Satellite Server Settings 57063 Patch Management: Red Hat Satellite Server Settings[entry]:Red Hat Satellite username(s) : Red Hat Satellite username(s) : entry Patch Management: Red Hat Satellite Server Settings 57063 Patch Management: Red Hat Satellite Server Settings[password]:Red Hat Satellite password(s) : Red Hat Satellite password(s) : password Windows Compliance Checks 21156 Windows Compliance Checks[file]:Policy file #1 : Policy file #1 : file Windows Compliance Checks 21156 Windows Compliance Checks[file]:Policy file #2 : Policy file #2 : file Windows Compliance Checks 21156 Windows Compliance Checks[file]:Policy file #3 : Policy file #3 : file Windows Compliance Checks 21156 Windows Compliance Checks[file]:Policy file #4 : Policy file #4 : file Windows Compliance Checks 21156 Windows Compliance Checks[file]:Policy file #5 : Policy file #5 : file Web Application Tests Settings 39471 Web Application Tests Settings[checkbox]:Enable web applications tests Enable web applications tests checkbox no Web Application Tests Settings 39471 Web Application Tests Settings[entry]:Maximum run time (min) : Maximum run time (min) : entry 60 Web Application Tests Settings 39471 Web Application Tests Settings[checkbox]:Try all HTTP methods Try all HTTP methods checkbox no Web Application Tests Settings 39471 Web Application Tests Settings[radio]:Combinations of arguments values Combinations of arguments values radio one value;some pairs;all pairs (slower but efficient);some combinations;all combinations (extremely slow) Web Application Tests Settings 39471 Web Application Tests Settings[checkbox]:HTTP Parameter Pollution HTTP Parameter Pollution checkbox no Web Application Tests Settings 39471 Web Application Tests Settings[radio]:Stop at first flaw Stop at first flaw radio per CGI;per port (quicker);per parameter (slow);look for all flaws (slower) Web Application Tests Settings 39471 Web Application Tests Settings[checkbox]:Test embedded web servers Test embedded web servers checkbox no Web Application Tests Settings 39471 Web Application Tests Settings[entry]:URL for Remote File Inclusion : URL for Remote File Inclusion : entry http://rfi.nessus.org/rfi.txt SMB Scope 10917 SMB Scope[checkbox]:Request information about the domain Request information about the domain checkbox yes Ping the remote host 10180 Ping the remote host[entry]:TCP ping destination port(s) : TCP ping destination port(s) : entry built-in Ping the remote host 10180 Ping the remote host[checkbox]:Do an ARP ping Do an ARP ping checkbox yes Ping the remote host 10180 Ping the remote host[checkbox]:Do a TCP ping Do a TCP ping checkbox yes Ping the remote host 10180 Ping the remote host[checkbox]:Do an ICMP ping Do an ICMP ping checkbox yes Ping the remote host 10180 Ping the remote host[entry]:Number of retries (ICMP) : Number of retries (ICMP) : entry 2 Ping the remote host 10180 Ping the remote host[checkbox]:Do an applicative UDP ping (DNS,RPC...) Do an applicative UDP ping (DNS,RPC...) checkbox no Ping the remote host 10180 Ping the remote host[checkbox]:Make the dead hosts appear in the report Make the dead hosts appear in the report checkbox no Ping the remote host 10180 Ping the remote host[checkbox]:Log live hosts in the report Log live hosts in the report checkbox no Ping the remote host 10180 Ping the remote host[checkbox]:Test the local Nessus host Test the local Nessus host checkbox yes Ping the remote host 10180 Ping the remote host[checkbox]:Fast network discovery Fast network discovery checkbox no Service Detection 22964 Service Detection[radio]:Test SSL based services Test SSL based services radio Known SSL ports;All;None Palo Alto Networks PAN-OS Settings 64286 Palo Alto Networks PAN-OS Settings[entry]:Palo Alto Username : Palo Alto Username : entry Palo Alto Networks PAN-OS Settings 64286 Palo Alto Networks PAN-OS Settings[password]:Palo Alto Password : Palo Alto Password : password Palo Alto Networks PAN-OS Settings 64286 Palo Alto Networks PAN-OS Settings[entry]:Palo Alto Port : Palo Alto Port : entry 443 Palo Alto Networks PAN-OS Settings 64286 Palo Alto Networks PAN-OS Settings[checkbox]:Verify SSL Certificate : Verify SSL Certificate : checkbox no Nessus TCP scanner 10335 Nessus TCP scanner[radio]:Firewall detection : Firewall detection : radio Automatic (normal);Disabled (softer);Do not detect RST rate limitation (soft);Ignore closed ports (aggressive) Login configurations 10870 Login configurations[entry]:HTTP account : HTTP account : entry Login configurations 10870 Login configurations[password]:HTTP password (sent in clear) : HTTP password (sent in clear) : password Login configurations 10870 Login configurations[entry]:NNTP account : NNTP account : entry Login configurations 10870 Login configurations[password]:NNTP password (sent in clear) : NNTP password (sent in clear) : password Login configurations 10870 Login configurations[entry]:FTP account : FTP account : entry anonymous Login configurations 10870 Login configurations[password]:FTP password (sent in clear) : FTP password (sent in clear) : password nessus@nessus.org Login configurations 10870 Login configurations[entry]:FTP writeable directory : FTP writeable directory : entry /incoming Login configurations 10870 Login configurations[entry]:POP2 account : POP2 account : entry Login configurations 10870 Login configurations[password]:POP2 password (sent in clear) : POP2 password (sent in clear) : password Login configurations 10870 Login configurations[entry]:POP3 account : POP3 account : entry Login configurations 10870 Login configurations[password]:POP3 password (sent in clear) : POP3 password (sent in clear) : password Login configurations 10870 Login configurations[entry]:IMAP account : IMAP account : entry Login configurations 10870 Login configurations[password]:IMAP password (sent in clear) : IMAP password (sent in clear) : password Login configurations 10870 Login configurations[entry]:SMB account : SMB account : entry Login configurations 10870 Login configurations[password]:SMB password : SMB password : password Login configurations 10870 Login configurations[entry]:SMB domain (optional) : SMB domain (optional) : entry Login configurations 10870 Login configurations[radio]:SMB password type : SMB password type : radio Password;LM Hash;NTLM Hash Login configurations 10870 Login configurations[entry]:Additional SMB account (1) : Additional SMB account (1) : entry Login configurations 10870 Login configurations[password]:Additional SMB password (1) : Additional SMB password (1) : password Login configurations 10870 Login configurations[entry]:Additional SMB domain (optional) (1) : Additional SMB domain (optional) (1) : entry Login configurations 10870 Login configurations[entry]:Additional SMB account (2) : Additional SMB account (2) : entry Login configurations 10870 Login configurations[password]:Additional SMB password (2) : Additional SMB password (2) : password Login configurations 10870 Login configurations[entry]:Additional SMB domain (optional) (2) : Additional SMB domain (optional) (2) : entry Login configurations 10870 Login configurations[entry]:Additional SMB account (3) : Additional SMB account (3) : entry Login configurations 10870 Login configurations[password]:Additional SMB password (3) : Additional SMB password (3) : password Login configurations 10870 Login configurations[entry]:Additional SMB domain (optional) (3) : Additional SMB domain (optional) (3) : entry Login configurations 10870 Login configurations[checkbox]:Never send SMB credentials in clear text Never send SMB credentials in clear text checkbox yes Login configurations 10870 Login configurations[checkbox]:Only use NTLMv2 Only use NTLMv2 checkbox no SMB Registry : Start the Registry Service during the scan 35703 SMB Registry : Start the Registry Service during the scan[checkbox]:Start the registry service during the scan Start the registry service during the scan checkbox no yes SMB Registry : Start the Registry Service during the scan 35703 SMB Registry : Start the Registry Service during the scan[checkbox]:Enable administrative shares during the scan Enable administrative shares during the scan checkbox no yes Check Point GAiA Compliance Checks 62679 Check Point GAiA Compliance Checks[file]:Policy file #1 : Policy file #1 : file Check Point GAiA Compliance Checks 62679 Check Point GAiA Compliance Checks[file]:Policy file #2 : Policy file #2 : file Check Point GAiA Compliance Checks 62679 Check Point GAiA Compliance Checks[file]:Policy file #3 : Policy file #3 : file Check Point GAiA Compliance Checks 62679 Check Point GAiA Compliance Checks[file]:Policy file #4 : Policy file #4 : file Check Point GAiA Compliance Checks 62679 Check Point GAiA Compliance Checks[file]:Policy file #5 : Policy file #5 : file MacOS X Local Security Checks disabled DNS disabled Gain a shell remotely disabled Solaris Local Security Checks disabled Port scanners mixed Web Servers disabled SMTP problems disabled Brute force attacks disabled Service detection disabled CGI abuses : XSS disabled Mandriva Local Security Checks disabled Databases disabled Debian Local Security Checks disabled Denial of Service disabled Default Unix Accounts disabled Settings disabled HP-UX Local Security Checks disabled Backdoors enabled VMware ESX Local Security Checks disabled SCADA disabled General mixed Red Hat Local Security Checks disabled FreeBSD Local Security Checks disabled CGI abuses disabled Windows : User management disabled Netware disabled Peer-To-Peer File Sharing disabled Slackware Local Security Checks disabled SNMP disabled Fedora Local Security Checks disabled Gentoo Local Security Checks disabled Ubuntu Local Security Checks disabled Misc. disabled FTP disabled Firewalls disabled Windows : Microsoft Bulletins disabled Junos Local Security Checks disabled Mobile Devices disabled Windows mixed Policy Compliance disabled SuSE Local Security Checks disabled RPC disabled CentOS Local Security Checks disabled CISCO disabled Scientific Linux Local Security Checks disabled AIX Local Security Checks disabled 59713 Active Inbound Connection From Host Listed in Known Bot Database General enabled 34220 Netstat Portscanner (WMI) Port scanners enabled 58430 Active Outbound Connection to Host Listed in Known Bot Database General enabled 14274 Nessus SNMP Scanner Port scanners enabled 14272 netstat portscanner (SSH) Port scanners enabled 59275 Malicious Process Detection Windows enabled 10180 Ping the remote host Port scanners enabled 64687 Malicious Process Detection: APT1 Software Running Windows enabled 33818 Nmap (XML file importer) Port scanners enabled 52669 Host is Listed in Known Bot Database General enabled 58429 DNS Server Listed in Known Bot Database General enabled 64788 Malicious Process Detection: Malware Signed By Stolen Bit9 Certificate Windows enabled 59641 Malicious Process Detection: Potentially unwanted software Windows enabled 11219 Nessus SYN scanner Port scanners enabled 65548 Malicious Process Detection: User Defined Malware Running Windows enabled