[Openvas-discuss] External credentialed scans inconsistency

Paul Johnson paulj at cox.net
Sun Aug 30 17:20:37 CEST 2015


I'm teaching a cybersecurity class to High School students and we're using
Kali 2.0/OpenVAS 8/Greenbone in a VMWare Player 6 environment.  We're
updating Kali and OpenVAS to their latest versions.

 

We have Kali running in one VMWare player and a brand new version of Windows
7 with no updates in another VMWare player.

 

We're providing Greenbone with Administrator credentials.

 

Here's the interesting part.  In all cases, OpenVAS is able to see that it
can use an SMB login and lists it as a finding.

 

Sometimes OpenVAS will show anywhere from 155 to 205 high findings (among
other medium and low findings), with 197 high findings being the most
common, most if not all of which are related to updating Windows 7.  Other
times it will only show the SMB login as a finding with less than 12
findings altogether, all of which are related to the firewall not being
turned on.  Some students see the high number of findings most, but not all,
of the time.  Other students see the low number of findings all of the time.

 

In all of these cases the configuration has not changed.  How do I track
down these inconsistencies so that we always see the 205 high findings, or
at least a more repetitive number?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20150830/09f4f860/attachment.html>


More information about the Openvas-discuss mailing list