PluginsScan OptionsScan OptionsGeneral


This page covers all the general scan options. See the screenshot for the main window in section *.

Port range

Ports that will be scanned by the OpenVAS server. You can enter single ports, such as "1-8000" or more complex sets, such as "21,23,25,1024-2048,6000". Put "-1" for no portscan, or put "default" to scan the default ports in the OpenVAS services file.

Consider unscanned ports as closed

To save scanning time, you may ask the OpenVAS server to declare TCP ports it did not scan as closed. This will result in an incomplete audit but it will reduce scanning time and prevent the OpenVAS server from sending packets to ports you did not specify. If this option is disabled, the OpenVAS server will consider ports whose state it does not know as open. Be aware that enabling this option might cause you to miss vulnerabilities in services that available on other ports than the ones you have scanned.

Number of hosts to test at the same time

Maximal number of hosts that the OpenVAS server will test at the same time. Be aware that the OpenVAS server will spawn max_hosts x max_checks processes!

Number of checks to perform at the same time

Maximal number of security checks that will be launched at the same time against each host. Be aware that the OpenVAS server will spawn max_hosts x max_checks processes!

Path to CGIs

It is possible to check for the presence of CGIs in multiple paths like "/cgi-bin", "/cgis", "/home-cgis" and so on. In that case, put all your paths here separated by colons. For instance: "/cgi-bin:/cgi-aws:/cgi".

Do a reverse lookup of the IP before testing it

If this option is set, the OpenVAS server will do a reverse lookup on the IP addresses before it tests them. This may slow down the whole test.

Optimize the test

Security tests may ask the OpenVAS server to be launched if and only if some information gathered by other tests exists in the knowledge base, or if and only if a given port is open. This option speeds up the test, but may cause the OpenVAS server to miss some vulnerabilities. If you are paranoid, disable this option.

Safe checks

Some security checks may harm the target server, by disabling the remote service temporarily or until a reboot. If you enable this option, the OpenVAS server will rely on banners instead of actually performing a security check. You will obtain a less reliable report, but you are less likely to disrupt functionality on the target system by doing a test. From a security point of view, we recommend you disable this option; from a system administrator point of view, we recommend you enable it.

Designate hosts by their MAC address

If you enable this option, the hosts on the local network will be designated by their ethernet MAC address instead of their IP address. This is especially useful if you are using the OpenVAS server in a DHCP network. If unsure, disable this option.

Port Scanner

This is the list of available port scanners. Port scanners are a special category of plugins and therefore presented separately from the other plugins. The list is only available if a connection to an OpenVAS server has been established. You can activate one or more of the scanners. Clicking on an entry shows the details for the respective scanner plugin.

PluginsScan OptionsScan OptionsGeneral