[Openvas-discuss] openvas4 scanning vhosts

Thomas Reinke lists at securityspace.com
Tue May 29 19:42:52 CEST 2012


This is a long standing issue, I know this was discussed several years 
back in one of the DEVCONs (3 years ago I believe).  I thought at one
point there was a CR written on this, but I can't seem to find it?

Perhaps someone else that was involved at the time can refresh our
collective memories?

I know that the work involved to make this happen was non-trivial, and
there was a certain level of discussion on how to handle common
scenarios where there are many (sometimes 2,3, sometimes hundreds if
not more) virtual hosts on a single IP.  The issue there was that scans
are IP based, so support for virtual hosts needed to decide how to
handle the many (vhost) to one (IP) mapping, and what kinds of limits
to put around it.

As far as I know, no one ever had significant time/bandwidth to resolve
this issue.

Thomas


On 28/05/12 04:54 PM, Reindl Harald wrote:
> what do you mean with "host records are correct"?
> if you mean matching PTR ->  no, no and again: no
> it is a bgu in openvas that if you configure
> a hostname as target the default vhost is accessed
> due missing host headers from the scanner
>
> Am 28.05.2012 22:31, schrieb Scott Damron:
>> You need take sure the open as server can resolve DNS.  If using internal DNS servers, make sure your host records
>> are correct.
>>
>> On May 28, 2012 2:28 PM, "Juan José Pavlik Salles"<jjpavlik at gmail.com<mailto:jjpavlik at gmail.com>>  wrote:
>>
>>      Hi, is it possible to make openvas scan a server with its hostname instead of its IP address? I've created a
>>      target with its hostname but it doesn't work.
>
>
>
> _______________________________________________
> Openvas-discuss mailing list
> Openvas-discuss at wald.intevation.org
> http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss




More information about the Openvas-discuss mailing list