| | | General |
This page covers all the general scan options. See the screenshot for the main window in section *.
Ports that will be scanned by the OpenVAS server. You can enter single ports, such as "1-8000" or more complex sets, such as "21,23,25,1024-2048,6000". Put "-1" for no portscan, or put "default" to scan the default ports in the OpenVAS services file.
To save scanning time, you may ask the OpenVAS server to declare TCP ports it did not scan as closed. This will result in an incomplete audit but it will reduce scanning time and prevent the OpenVAS server from sending packets to ports you did not specify. If this option is disabled, the OpenVAS server will consider ports whose state it does not know as open. Be aware that enabling this option might cause you to miss vulnerabilities in services that available on other ports than the ones you have scanned.
Maximal number of hosts that the OpenVAS server will test at the same time. Be aware that the OpenVAS server will spawn max_hosts x max_checks processes!
Maximal number of security checks that will be launched at the same time against each host. Be aware that the OpenVAS server will spawn max_hosts x max_checks processes!
It is possible to check for the presence of CGIs in multiple paths like "/cgi-bin", "/cgis", "/home-cgis" and so on. In that case, put all your paths here separated by colons. For instance: "/cgi-bin:/cgi-aws:/cgi".
If this option is set, the OpenVAS server will do a reverse lookup on the IP addresses before it tests them. This may slow down the whole test.
Security tests may ask the OpenVAS server to be launched if and only if some information gathered by other tests exists in the knowledge base, or if and only if a given port is open. This option speeds up the test, but may cause the OpenVAS server to miss some vulnerabilities. If you are paranoid, disable this option.
Some security checks may harm the target server, by disabling the remote service temporarily or until a reboot. If you enable this option, the OpenVAS server will rely on banners instead of actually performing a security check. You will obtain a less reliable report, but you are less likely to disrupt functionality on the target system by doing a test. From a security point of view, we recommend you disable this option; from a system administrator point of view, we recommend you enable it.
If you enable this option, the hosts on the local network will be designated by their ethernet MAC address instead of their IP address. This is especially useful if you are using the OpenVAS server in a DHCP network. If unsure, disable this option.
This is the list of available port scanners. Port scanners are a special category of plugins and therefore presented separately from the other plugins. The list is only available if a connection to an OpenVAS server has been established. You can activate one or more of the scanners. Clicking on an entry shows the details for the respective scanner plugin.
| | | General |