I have encountered strange results while changing only the port list for some targets.
If I use the wizard (immediate scan) to scan a couple of hosts, I get a report with some medium vulnerabilities. If I clone the target that was created by the wizard and just change the port list to scan all TCP and all UDP, I get a report with only "log level" vulnerabilities.
I may be doing something wrong but I can't figure out what.
Here are the details for the target used by the wizard:
Comment: Automatically generated by wizard
Hosts: example.com, example.io
Exclude Hosts:
Reverse Lookup Only: No
Reverse Lookup Unify: No
Maximum number of hosts: 2
Port List: OpenVAS Default
Alive Test: Scan Config Default
Credentials for authenticated checks:
SSH:
SMB:
ESXi:
SNMP:
Here is the target that I modified from a clone of the one above :
Comment: Modified from automatically generated by wizard
Hosts: example.com, example.io
Exclude Hosts:
Reverse Lookup Only: No
Reverse Lookup Unify: No
Maximum number of hosts: 2
Port List: All TCP and UDP
Alive Test: Scan Config Default
Credentials for authenticated checks:
SSH:
SMB:
ESXi:
SNMP:
Here is my All TCP and UDP port list :
Port List: All TCP and UDP
Comment:
Port count: 131070
TCP Port count: 65535
UDP Port count: 65535
Port Ranges (2)
Start End Protocol
1 65535 tcp
1 65535 udp
The score I get for the task created by the wizard is : 6.4 (Medium)
The score I get for the task ran on the cloned target is : 0.0 (Log)
What I am missing ?
AFAICT, I just changed the port list and should, at least, get a score as high as the ones I got with the wizard-created task
How can I create a task that would scan "à la" Wizard using all TCP and UDP ports instead of just the ones used by the Wizard ?
I am using OpenVAS9 in a docker container (mikesplain/openvas) and use GreenBone web-based interface and I had the very same problem on my local Ubuntu 16.04 LTS machine.
