Plaintext Authentication
Caution: Using plaintext credentials is not recommended. Use encrypted authentication methods when possible.
If a secure method of performing credentialed checks is not available, users can force Nessus to try to perform checks over unsecure protocols; use the Plaintext Authentication options.
This menu allows the Nessus scanner to use credentials when testing HTTP, NNTP, FTP, POP2, POP3, IMAP, IPMI, telnet/rsh/rexec, and SNMPv1/v2c.
By supplying credentials, Nessus may have the ability to do more extensive checks to determine vulnerabilities. HTTP credentials supplied will be used for Basic and Digest authentication only.
Credentials for FTP, IPMI, NNTP, POP2, and POP3 require only a username and password.
HTTP
There are four different types of HTTP Authentication methods: Automatic authentication, Basic/Digest authentication, HTTP login form, and HTTP cookies import.
HTTP Global Settings
| Option | Default |
Description |
|---|---|---|
|
Login method |
POST |
Specify if the login action is performed via a GET or POST request. |
|
Re-authenticate delay (seconds) |
0 |
The time delay between authentication attempts. This is useful to avoid triggering brute force lockout mechanisms. |
|
Follow 30x redirections |
0 |
If a 30x redirect code is received from a web server, this directs Nessus to follow the link provided or not. |
|
Invert authenticated regex |
Disabled |
A regex pattern to look for on the login page, that if found, tells Nessus authentication was not successful (e.g., Authentication failed!). |
|
Use authenticated regex on HTTP headers |
Disabled |
Rather than search the body of a response, Nessus can search the HTTP response headers for a given regex pattern to better determine authentication state. |
|
Use authenticated regex on HTTP headers |
Disabled |
The regex searches are case sensitive by default. This instructs Nessus to ignore case. |
Authentication methods
Automatic authentication
Username and Password Required
Basic/Digest authentication
Username and Password Required
HTTP Login Form
The HTTP login page settings provide control over where authenticated testing of a custom web-based application begins.
| Option | Description |
|---|---|
|
Username |
Login user’s name. |
|
Password |
Password of the user specified. |
|
Login page |
The absolute path to the login page of the application, e.g., /login.html. |
|
Login submission page |
The action parameter for the form method. For example, the login form for <form method="POST" name="auth_form" action="/login.php"> would be /login.php. |
|
Login parameters |
Specify the authentication parameters (e.g., login=%USER%&password=%PASS%). If the keywords %USER% and %PASS% are used, they will be substituted with values supplied on the Login configurations drop-down box. This field can be used to provide more than two parameters if required (e.g., a group name or some other piece of information is required for the authentication process). |
|
Check authentication on page |
The absolute path of a protected web page that requires authentication, to better assist Nessus in determining authentication status, e.g., /admin.html. |
|
Regex to verify successful authentication |
A regex pattern to look for on the login page. Simply receiving a 200 response code is not always sufficient to determine session state. Nessus can attempt to match a given string such as Authentication successful! |
HTTP cookies import
To facilitate web application testing, Nessus can import HTTP cookies from another piece of software (e.g., web browser, web proxy, etc.) with the HTTP cookies import settings. A cookie file can be uploaded so that Nessus uses the cookies when attempting to access a web application. The cookie file must be in Netscape format.
NNTP
| Setting | Description | Default |
|---|---|---|
| Username | (Required) The username for the NNTP account that Nessus uses to perform checks on the target system. | - |
| Password | (Required) The password for the NNTP user. | - |
FTP
| Setting | Description | Default |
|---|---|---|
| Username | (Required) The username for the FTP account that Nessus uses to perform checks on the target system. | - |
| Password | (Required) The password for the FTP user. | - |
POP2
| Setting | Description | Default |
|---|---|---|
| Username | (Required) The username for the POP2 account that Nessus uses to perform checks on the target system. | - |
| Password | (Required) The password for the POP2 user. | - |
POP3
| Setting | Description | Default |
|---|---|---|
| Username | (Required) The username for the POP3 account that Nessus uses to perform checks on the target system. | - |
| Password | (Required) The password for the POP3 user. | - |
IMAP
| Setting | Description | Default |
|---|---|---|
| Username | (Required) The username for the IMAP account that Nessus uses to perform checks on the target system. | - |
| Password | (Required) The password for the IMAP user. | - |
IPMI
| Setting | Description | Default |
|---|---|---|
| Username | (Required) The username for the IMPI account that Nessus uses to perform checks on the target system. | - |
|
Password (sent in clear) |
(Required) The password for the IPMI user. | - |
telnet/rsh/rexec
The telnet/rsh/rexec authentication section is also username and password, but there are additional Global Settings for this section that can allow you to perform patch audits using any of these three protocols.
SNMPv1/v2c
SNMPv1/v2c configuration allows you to use community strings for authentication to network devices. You can configure up to four SNMP community strings.
| Setting | Description | Default |
|---|---|---|
| Community string | (Required) The community string Tenable.io uses to authenticate on the host device. | public |
|
|
||
|
UDP Port |
(Required) The TCP ports that SNMPv1/v2c listens on for communications from Nessus. | 161 |
| Additional UDP port #1 | ||
| Additional UDP port #2 | ||
| Additional UDP port #3 | ||