Scanning and Vulnerabilities

GVM (OpenVAS)

1.     Login to the GVM server then hoover over “Configuration” and choose “Credentials”:



2.     Click on the icon to create a new credential:


Give your credential a name, select the appropriate type from the drop down, then input username and password, then click “Save”:



3.     Hoover over “Configuration” again and this time select “Targets”, then click the icon to add a new target:



Give your target a name, then provide an IP address or subnet in the “Hosts” section (alternatively you can upload a text file). Choose your scan parameters in “Port List” and “Alive Test”

Graphical user interface, text, application, email

Description automatically generated

Under “Credentials for authenticated checks” choose the credentials we saved in the previous step (it will be named “windows” in the example below) then click “Save”:



4.     Hoover over “Scans” and select “Tasks”



5.     Hoover over the task creator icon and click “New Task”



6.     Give your task a name and comment if you desire. Select the target we setup from the previous steps from the drop down (named Win10 Creds in this example), then click “Save”:



7.     Click the start button to the right of your task name to being the scan:



8.     This will take some time. In a real scenario this would be performed after hours or during a maintenance window and can take several hours pending the scope of the assessment.

Once the scan is complete click the date under the “Last Report” to see the findings:





The results tab will show the findings in the order of Highest to lowest based on the score it has.



Other helpful tabs will be the Ports, and CVEs, to drill down further into what remediation actions to take.