How to Limit Nessus plugins to checking a single port or a short list of explicit ports.

Posted on 2006-03-29
Last Modified: 2013-11-18
Some firewalls have a real-time countermeasure blacklisting the source IP of a scan after it hits 3 or so ports.   If I know that 443 or 8080 are open and I want Nessus to check for vulnerabilities on those ports without tripping the blacklist, how can I limit Nessus to 443 and/or 8080.  Limiting the "Scanning" built into Nessus does not seem limit the ports checked by the plugins.  Other than setting up some external outbound packet filtering, is there a way to limit the Nessus plugins to a single port.  
Question by:swbruce21
    LVL 3

    Expert Comment

    Nessus may be a free utility but I imagine that its specific to whatever the software was originally intended to do.  Unless there are particular switches built into the application, you may need to contact the creator of this software.
    LVL 4

    Expert Comment

    I don't have my laptop in front of me... that is my hacking rig....
    but, there is a file in nessus that details the default ports to scan... I believe it is called nessus-services.
    I bet if you edit that file to only include what you want to scan, you would be good to go.
    You could also use the user rules to only allow a certain nessus user to scan certain ports...
    Most people never setup user rules, my self included, so you would have to research the exact rule syntax yourself....
    but for sure nessus can do what you want.

    Author Comment

    I will do a test again but the scan setting only seems to control the preliminary scans, not the plugins.
    LVL 3

    Accepted Solution

    There are 2 portions to a Nessus scan: portscanning and vulnerability checks.

    You can limit ports scanned by going to the Scan Options tab, and entering the desired ports in Port Range (ex: 80,443,8080). To limit vulnerability check to those ports, either choose plugins for services   that run on the selected port or modify the plugins (at your own risk).  


    Author Comment

    I guess there isn't a good answer to this question.   The plugins test ports based on their own hard-wired design,  so there is no simple way to confine all activity to a single port on the target.   ( that's my conclusion at this time - it could be wrong )

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Email attacks are the most efficient and effective way for cyber criminals and hackers to compromise a computer or network. We often find our-self second guessing the authenticity of an email message, for such instances we can follow practical princ…
    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now