.

Nessus scanner help

<<

manju_salian

User avatar

Jr. Member
Jr. Member

Posts: 89

Joined: Mon Apr 09, 2007 1:31 am

Post Tue Jul 02, 2013 1:46 am

Nessus scanner help

Hi,
I am looking to configure the Nessus scanner to scan for the below vulnerability.

Any local user should have passwordrequired "yes"

C:\Net local user guest /passwordreq:yes.

Kindly suggest for the configuration part on same.

Thnks
<<

UKSecurityGuy

User avatar

Jr. Member
Jr. Member

Posts: 88

Joined: Wed Mar 27, 2013 10:51 am

Post Tue Jul 02, 2013 4:03 am

Re: Nessus scanner help

I'm not entirely clear what you're trying to achieve here, but I assume you mean:

1. You want to audit a Windows machine to ensure that the 'guest' account has a password set? (btw the command is [net user guest | findstr "Password required"])

2. You want to use Nessus to perform this audit?

Is there any particular reason why Nessus is required for this?
<<

manju_salian

User avatar

Jr. Member
Jr. Member

Posts: 89

Joined: Mon Apr 09, 2007 1:31 am

Post Tue Jul 02, 2013 4:45 am

Re: Nessus scanner help

Yeah...i want to audit through Nessus scanner...for the local user accounts like guest

usually through commandline for every local user "password required =yes" should be configured as per the security guidelines of our organization..being an administrator i need to audit through nessus tool across 20K machines.
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Thu Jul 04, 2013 9:01 am

Re: Nessus scanner help

Microsoft Baseline Security Analyzer can probably accomplish this as well. It can be used via cmdline and scripted to run on a schedule job. It can also be dumped to default reports within MBSA or you can dump it to an text file. Not sure if it is delimited since I haven't run it in a while. Back in Nessus you can check if the account is disabled using a credentialed scan. Guest is disabled by default so if you find devices with it enabled, then you probably have a bigger problem on your hands. With the size of your network I would hope there is no legitimate need for that account to be active on local workstations. Here is an article from Tenable on properly setting up a credentialed scan: http://static.tenable.com/documentation ... checks.pdf

Good luck!

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software