Initial commit

skills/security-test-scanner/assets/nessus_scan_policy.xml

@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Nessus Scan Policy for Comprehensive Vulnerability Assessment
+
+  This policy is designed to provide a thorough assessment of web application security,
+  covering OWASP Top 10 vulnerabilities, injection flaws, XSS, CSRF, and authentication/authorization issues.
+
+  Instructions:
+  1. Import this XML file into your Nessus scanner.
+  2. Configure the scan settings, including the target IP address/hostname.
+  3. Review and customize the enabled plugins to suit your specific needs.
+  4. Consider enabling thorough tests for sensitive applications.
+
+  Placeholders:
+  - Replace "[TARGET_HOSTNAME_OR_IP]" with the actual hostname or IP address of your target.
+  - Review the "Settings" section and adjust to your environment.
+  - Examine the "Plugins" section to enable or disable specific vulnerability checks.
+-->
+<Policy>
+  <PolicyName>Security Test Scanner - Comprehensive</PolicyName>
+  <PolicyDescription>Comprehensive vulnerability assessment policy covering OWASP Top 10, injection, XSS, CSRF, and authentication/authorization issues.</PolicyDescription>
+  <Preferences>
+    <ServerPreferences>
+      <AutoUpdate>true</AutoUpdate>
+      <MaxSimultaneousChecks>30</MaxSimultaneousChecks>
+      <ReportVerbosity>2</ReportVerbosity>
+      <ScanLocation>local</ScanLocation>
+      <StopScanOnPluginCrash>true</StopScanOnPluginCrash>
+      <Timeout>30</Timeout>
+    </ServerPreferences>
+    <ScanPreferences>
+      <CredentialedScan>false</CredentialedScan>
+      <ReportParanoia>Normal</ReportParanoia>
+      <ScanType>Thorough</ScanType>
+      <Target>[TARGET_HOSTNAME_OR_IP]</Target>
+      <PluginSet>Web App Tests</PluginSet>
+      <Settings>
+        <!-- Adjust these settings according to your environment -->
+        <item>
+          <name>SYN scan</name>
+          <value>yes</value>
+        </item>
+        <item>
+          <name>Ping before scanning</name>
+          <value>yes</value>
+        </item>
+        <item>
+          <name>Port scan range</name>
+          <value>default</value>
+        </item>
+        <item>
+          <name>Max hosts at once</name>
+          <value>30</value>
+        </item>
+        <item>
+          <name>Max checks per host</name>
+          <value>5</value>
+        </item>
+        <item>
+          <name>Safe checks</name>
+          <value>yes</value>
+        </item>
+        <item>
+          <name>Thorough tests</name>
+          <value>yes</value>
+        </item>
+        <item>
+          <name>Report Verbosity</name>
+          <value>2</value>
+        </item>
+      </Settings>
+    </ScanPreferences>
+  </Preferences>
+  <Plugins>
+    <!--
+      This section lists the enabled plugins. Review and customize based on your requirements.
+
+      Example:
+      <plugin>
+        <id>10180</id>
+        <family>CGI abuses</family>
+        <status>enabled</status>
+      </plugin>
+    -->
+    <!-- OWASP Top 10 -->
+    <plugin>
+      <id>57603</id>
+      <family>Web Servers</family>
+      <status>enabled</status>
+    </plugin>
+    <!-- SQL Injection -->
+    <plugin>
+      <id>22964</id>
+      <family>CGI abuses</family>
+      <status>enabled</status>
+    </plugin>
+    <!-- XSS -->
+    <plugin>
+      <id>57605</id>
+      <family>Web Servers</family>
+      <status>enabled</status>
+    </plugin>
+    <!-- CSRF -->
+    <plugin>
+      <id>58580</id>
+      <family>Web Servers</family>
+      <status>enabled</status>
+    </plugin>
+    <!-- Authentication -->
+    <plugin>
+      <id>11757</id>
+      <family>Authentication</family>
+      <status>enabled</status>
+    </plugin>
+    <!-- Add more plugins here based on your desired coverage -->
+  </Plugins>
+  <Credentials>
+    <!-- Add credentials if required for authenticated scanning -->
+  </Credentials>
+</Policy>