OpenVAS ‐ Scans - mluchettii/github-wiki-mluchetti GitHub Wiki

Scans

Configure a scan target

Click on the Configuration dropdown on the navigation bar to the left. Click on Targets and add a new target.

For my network scan, I want to scan every host that's connected to the router gateway, so in this case I use the following address and subnet mask: 192.168.1.81/24, _and naming the scan target 'Network'.

Configure a new scan

Network scan

Click on the Scans dropdown on the navigation bar. Click on Tasks and add a new task.

For my scan, I gave it the name 'First scan' and set 'Network' as the scan target. No other settings were modified. Depending on the amount of hosts on your network, and the amount of resources you allocated to the OpenVAS VM, the scan duration could be moderate to very long.

Immediate scan

Alternatively, one could click the magic wand icon on the top left on the Tasks page and have the application create a new Target and Task for a given IP address and start the scan right away. For this example, I started an immediate scan of my Raspberry Pi located at 192.168.1.14.

Reports

Both scans with the status 'Done'

Network scan report

As a result of this scan of my network, OpenVAS discovered 23 medium-ranked vulnerabilities and 15 low-ranked vulnerabilities.

Clicking on the task takes us to the report that is organized into different tabs.

The Results tab shows the vulnerabilities that were discovered.

Clicking on a vulnerability reveals more information, such as the detection method, impact, and solution. In this case, my PiHole server is being flagged for supporting unencrypted communications over HTTP. The solution would be to enforce secure communications via an encrypted SSL/TLS connection (HTTPS).

The hosts that were discovered.

Application vulnerability information.

Discovered operating systems, although Windows is missing.

CVE detections.

List of TLS certificates.