Plugin Types ->
- Remote - Does not attempt/require authentication to the localhost. Instead, it remotely collects information through banner checks, testing for a patch, or exploiting a vulnerability. Some plugins may attempt to sign in to a service, but do not require localhost credentials.
- Local - Authenticates to a target through a service (e.g. SMB, SSH, etc) and extracts information.
- Combined - Collects information via remote and local checks. If local checks are unavailable, the plugin will still gather what it can from the remote checks within the plugin.
- Settings - Defines one or more settings used by other plugins throughout the scan.
- Summary - Summarizes data collected by other plugins.
- Third-Party - Runs a third-party application (e.g. nmap).
- Reputation - Uses a third-party reputation service.
Plugin Categories ->
The plugins below are listed in the order they will run during the scan.
- ACT_INIT - Sets KB values. Will not send network traffic. These plugins always run.
- ACT_SCANNER - Port scanner or pings the target
- ACT_SETTINGS - Sets KB values. May send traffic over the network. Cannot be disabled.
- ACT_GATHER_INFO - Non-intrusive. Generally perform banner grab or send harmless packets to host.
- ACT_ATTACK - Non-intrusive action which would be considered as an attack by many IDSes.
- ACT_MIXED_ATTACK - Non-intrusive if safe checks are enabled. May be intrusive if safe checks are disabled.
- ACT_DESTRUCTIVE_ATTACK - Intrusive. Will be noticeable this attack has been run on target.
- ACT_COMPLIANCE_CHECK - Non-intrusive local configuration check
- ACT_DENIAL - Attempts to crash service
- ACT_KILL_HOST - Attempts to crash host
- ACT_FLOOD - Attempts to flood network
- ACT_END - Executed last
Note: ACT_DESTRUCTIVE_ATTACK, ACT_DENIAL, ACT_KILL_HOST and ACT_FLOOD plugins are disabled by default. To enable them, disable Safe Checks within the scan policy.
Happy Learning !!
No comments:
Post a Comment