Highest Voted 'openvas' Questions - IT Security Stack Exchange

6

votes

2 answers

False positives in OpenVAS

I recently ran the 1st vulnerability scan in my offices network using OpenVAS. We received a great deal of false positives. Mostly I saw that (at least some) tests are unaware of internal patches in a system. For example we were alerted to these:…

vulnerability-scanners openvas

asked Oct 24 '17 at 16:41

Uberhumus

198
1
7

5

votes

1 answer

What could an attacker do on a server where Source Control Management (SCM) files are accessible?

I'm testing some servers with OpenVAS and I run into some SCM files that are remotely accessible: .git/config .git//info/exclude .git/description .git/HEAD that contains refs/heads/master and .git/refs/heads/master that contains a hash I'm new to…

attacks server git openvas scm

asked Apr 11 '19 at 09:11

EQT_STRIKE

53
4

5

votes

1 answer

Is it possible to invoke OS commands from a NASL script in OpenVAS?

I was wondering if it is possible to run a command like cat, w3m or any other Operating System (Linux) utility from inside a NASL script and use its output. Do you know any examples? I know you can use the tools that OpenVAS uses like nikto, etc…

vulnerability-scanners nessus openvas

asked May 08 '18 at 13:58

MacKinnon360

53
4

4

votes

2 answers

OpenVAS won't generate SCAP Database

To deploy OpenVAS to Virtual machines I've been using Ansible for a while and it worked pretty well. Now today I wanted to deploy it to another machine but the openvas-check-setup script keeps telling me that the setup isn't yet finished because the…

server kali-linux vulnerability-scanners vulnerability-assessment openvas

asked Jun 04 '18 at 22:10

davidb

4,285
3
19
31

4

votes

1 answer

Best practices manual for Alienvault USM?

Is there any best practices manual for Alienvault USM? I found some information about the profiles for the vulnerability scanner but nothing about how often I should launch the scan or which categories for a custom profile are dangerous: Deep -…

vulnerability-scanners scan openvas

asked Aug 24 '16 at 11:40

Blai

43
3

4

votes

1 answer

Metasploit & openvas error (openvas_connect)

I'm using Kali 4.3.0 and trying to run openVAS plugin into the Metasploit. OpenVAS (version 8.0) works properly on port 9392, metasploit is ok too. This is log of error: msf > openvas_connect admin admin 127.0.0.1 9392 ok [*] Connecting to OpenVAS…

metasploit openvas

asked May 16 '16 at 15:34

Sergey Pavlov

41
1
2

4

votes

1 answer

Is this a reasonable approach of continous network monitoring?

I'm currently implementing some mechanisms to continuously monitor our network. Most of this is done through OSSIM but I also extended it by some self written monitoring scripts. Im currently doing the following: Hourly host discovery scans of all…

network nmap monitoring openvas ossim

asked May 12 '16 at 21:13

davidb

4,285
3
19
31

3

votes

2 answers

Why OpenVAS does not find all open ports compared to Nmap?

I recently launched a system discovery scan with OpenVAS to an IP from my net to compare its results to Nmap. As you can see in the image OpenVAS does not find all the ports Nmap does. Both scans were all TCP ports scans. Also, both tools are…

nmap ports openvas

asked Feb 26 '20 at 19:37

Jernimo Domnguez Fernndez-Nez

41
5

2

votes

1 answer

Identify crash-inducing NVT in OpenVAS

I'm currently scanning a network using OpenVAS / Greenbone Security Assistant installed on Kali Linux. During the scan, multiple targets have crashed. This is obviously something I want to investigate. As I'm running the "Full and fast" scan…

penetration-test vulnerability-scanners openvas

asked Feb 25 '21 at 16:33

Niklas

73
7

2

votes

1 answer

scan forwarded ports with OpenVAS/GVM?

I'm currently learning about network security and came across a problem, maybe I'm just missing something obvious but I'll try to explain my environment: I have a Kali Linux VM connected to the WAN Interface (192.168.178.109) of a Pfsense VM, the…

firewalls nmap ports openvas

asked Dec 17 '20 at 00:21

ecisse

23
1
9

2

votes

1 answer

Missing HTTPOnly Cookie Attribute in Laravel 7

I have a Laravel site, I thought I patched this issue already. I got these in my session.php 'secure' => true, 'http_only' => true, But OpenVas still detected that I still need to it. It also listed it 3 times Am I missing anything else ? or…

php http cookies openvas laravel

asked May 28 '20 at 22:22

code-8

125
1
7

2

votes

1 answer

openVAS: uninitialized constant OpenVASOMP::OMPConnectionError

I was searching in many forums regarding this issue like here and here, but they were mentioning using port 9390. I launched OpenVAS on port 9390, but I still get the same error. I am using openVAS in msfconsole on Kali Linux. I load openVAS…

metasploit openvas

asked Jan 17 '19 at 16:30

debugging XD

121
1
4

2

votes

1 answer

OpenVas gets stuck on some scans

We have been using OpenVas to scan our servers for months now. Recently the scans are getting stuck on different %, always below 30%. We did not change anything in my local configuration. I read a post somewhere that I should lower the maximum…

vulnerability audit openvas

asked May 02 '18 at 12:44

lro985

31
1
5

2

votes

1 answer

RRD Performance reporting with GSA/OpenVAS

I'm running Greenbone Security Assistant 7.0.2 (on Kali Linux) and the default performance reporting currently goes a "Fallback Report" which only dumps /proc/meminfo to the screen. A note on the page implies that there's more rich reporting but I…

openvas

asked Feb 16 '18 at 21:20

BenC

121
3

2

votes

1 answer

Openvas : Change in port list has unexpected results

I have encountered strange results while changing only the port list for some targets. If I use the wizard (immediate scan) to scan a couple of hosts, I get a report with some medium vulnerabilities. If I clone the target that was created by the…

openvas

asked Jan 23 '18 at 20:36

MisterV

31
5

Questions tagged [openvas]