Nessus can ne configured to perform safe scans. It will still for
blank root, as and administrator passwords under that config.
So, it depends on your definition of exploit :)
Nessus can also be configured to prrerform brute force attacks using a
hydra plugin/module
You also perform thorough tests/scans.
I have feeling that you are wanting to if nessus and qualys operate
like metasploit, canvas or other exploit frameworks.
I would say no. But nessusbis very flexible and you can customize It
and create your own plugin to do just about anything.
There is plenty of documentation and help online.
Sent from my iPod
On Jul 8, 2008, at 4:02 PM, "Aseem Kumar" <kumaraseem_at_gmail.com> wrote:
> Hey,
>
> Can someone tell me (any weblink , any ebook, or direct answers) as to
> how the VA scans like those of Qualys or Nessus work?
>
> How do they find the vulnerabilities of a system without ever
> exploiting it?
>
> Regards
> Aseem
>
> ---
> ---------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in
> Securing Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ---
> ---------------------------------------------------------------------
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on Jul 08 2008
Intro
