This was amazing video and great to learn the basics of OpenVAS! I am currently working on a capstone project and openvas is part of it. Thank you and I subscribed and liked your channel! Will check out more videos as well!
How much is too much nvt per scan?Do I need to check it for every network or there’s some kind of a scale to it?(ex:1-2 not too much on network 3-6 is heavy…)
It looks like Remediation tickets / tasks can be created, but does the system perform the actual remediation ? Can this system do updates / patches to Windows and Linux pc's ?
Bro, how is OpenVAS compared to other vul scanners, such as Nessus? If I had to pick one, would do you recommend, mainly to make myself marketable for an EH job?
When comparing to the free edition of Nessus, openVAS wins by A LOT, however I'm not sure how the enterprise edition of Nessus compares to openVAS, never really tried the enterprise edition.
Hi, just curious what would the performance impact be on the systems being scanned? Any recommendations on how to safely perform vulnerability scanning in a production environment during the work day?
yes, it definitely can affect the performance of the network. If that happens you need to throttle the scan down and try to scan during off-hours. Also, be careful with IDS sending warnings. I had a case where I crashed an exchange server from 50K email warnings! I hope this helps.
@@GetCyber Can confirm. VAS is robust, but "loud" as an artillery piece. It can definitely chocke some production networks and make IPS/IDS go red with alarms. As for the system resources, the target seemed fine and operational to me (I was not running any live resouce checks on it), my pentesting machine, on the other hand,was quite busy during the scan, but it's pretty low-end i5 with 32GB RAM and OS on Samsung 940 EVO M2 SSD. Can't give you numbers,but i hope "it's something" to start with. Cheers!
I've just scanned a linux server, during the scan the CPU (16 vCPUs) utilization where betweenn 50% and 99% (the normal CPU used is 10% avg on this server), so in high-demand environments I'll suggest to perform the scan on non-productive hours
openVAS will not cover most web application vulnerabilities on Layer 7 (Application e.g. HTTP/s) OWASP Zap is a proxy layer 7 vulnerability scanner and web application testing tool. OpenVAS scans more for outdated or misconfigured network vulnerabilities on Layer 3 (Network) , 4 (Transport) and some 5 (FTP, SSH). etc. It does as shown in the video list outdated application software. This is done by scanning the folder structure or detecting the version and comparing it to a recent list.
Dear Dan, I follow all your videos and learning lot of things. Recently, I installed Kali Linux on VirtualBox on Windows 10 machine. Also, I have installed Greenbone GVM as well and verified my GVM installation, by using Everything seems alright. But, during VA Scanning using GVM, no vulnerabilities, like High, Medium, Low were detected. Only it shows some "logs". Could please advice how could be the issue and how to overcome it. Warm regards
OpenVAS seems to go through slumps of CPU/RAM usage so it's hard to tell if it's doing anything at all. Is there a way to see if it's actually making progress?
This was amazing video and great to learn the basics of OpenVAS! I am currently working on a capstone project and openvas is part of it. Thank you and I subscribed and liked your channel! Will check out more videos as well!
Glad it was helpful! Thank you so much!
I found this video very insightful. This and the previous one on OpenVas has helped me finish up a project I handled.
Not for beginner, very high level overview explanation.
This is very useful video and would like to see many videos.
Thank you!
👉🏻 Get your questions answered: tinyurl.com/3kxkmpxy // 🔥 NMAP Basics Tutorial for Kali Linux Beginners ➡ th-cam.com/video/W7076RPIgfQ/w-d-xo.html
Got a 404 in the tinyurl URL :-(
i cannot reach your website i get blocked in the netherlands
Wow; this is all I needed ... you nailed it.
There was a point in the middle where I kinda got lost but at the end it got very interesting !
Thank you for getting me through finals!
Awesome video bro. I plan to use this tool frequently soon.
Good job bro, very clear and concise
Thank you, this is very informative.
Glad it was helpful!
powerful tutorial
Thank you mate
You're welcome!
Thank you very much for this! It was very useful to me.
How much is too much nvt per scan?Do I need to check it for every network or there’s some kind of a scale to it?(ex:1-2 not too much on network 3-6 is heavy…)
Awesome!
thank you very much
It looks like Remediation tickets / tasks can be created, but does the system perform the actual remediation ? Can this system do updates / patches to Windows and Linux pc's ?
14:47 isn't it 80?
its now sudo greenbone-feed-sync to update feed
Can you set up a distributed architecture? A central server in a cloud and on-prem scanners that feed the info to the central server?
Bro, how is OpenVAS compared to other vul scanners, such as Nessus? If I had to pick one, would do you recommend, mainly to make myself marketable for an EH job?
..I also have this doubt!
When comparing to the free edition of Nessus, openVAS wins by A LOT, however I'm not sure how the enterprise edition of Nessus compares to openVAS, never really tried the enterprise edition.
Is the version you are demonstrating community or paid?
very good
Thanks
i want to download NMAP sheet but it is saying that Invalid SSL certificate
unfortunately, Traceroute does not work...it returns all asterisks...what do you recommend?
When I try to make a scan config it says failed to find config. How can I fix this?
Well done, sir.
Thank you kindly!
sir I need your help plz help me
i have face some issue some error
Hi, just curious what would the performance impact be on the systems being scanned? Any recommendations on how to safely perform vulnerability scanning in a production environment during the work day?
yes, it definitely can affect the performance of the network. If that happens you need to throttle the scan down and try to scan during off-hours. Also, be careful with IDS sending warnings. I had a case where I crashed an exchange server from 50K email warnings! I hope this helps.
@@GetCyber Can confirm. VAS is robust, but "loud" as an artillery piece. It can definitely chocke some production networks and make IPS/IDS go red with alarms. As for the system resources, the target seemed fine and operational to me (I was not running any live resouce checks on it), my pentesting machine, on the other hand,was quite busy during the scan, but it's pretty low-end i5 with 32GB RAM and OS on Samsung 940 EVO M2 SSD.
Can't give you numbers,but i hope "it's something" to start with.
Cheers!
I've just scanned a linux server, during the scan the CPU (16 vCPUs) utilization where betweenn 50% and 99% (the normal CPU used is 10% avg on this server), so in high-demand environments I'll suggest to perform the scan on non-productive hours
@@albertomendooza How long did the Linux server scan run? I also just ran a scan, this is at 96% after about 16 hours
Great content. Thanks. One thing I want to know from you is how to download a PDF report where I am getting 0 bytes report.
Easy up on the visual and audio effects on the transitions please.
Yeah this is from a year ago. Thanks!!!
I was trying to get the cheat sheet and the website asked for a username and password.
Story of my life, get halfway through the video and nothing works. There is no process map so no way to scan! 😡
I hope your problem has been solved.
Hi, just curious what are difference of openVAS and OWASP Zap vulnerability scanner ?
openVAS will not cover most web application vulnerabilities on Layer 7 (Application e.g. HTTP/s) OWASP Zap is a proxy layer 7 vulnerability scanner and web application testing tool. OpenVAS scans more for outdated or misconfigured network vulnerabilities on Layer 3 (Network) , 4 (Transport) and some 5 (FTP, SSH). etc. It does as shown in the video list outdated application software. This is done by scanning the folder structure or detecting the version and comparing it to a recent list.
your site is down :(? is there a new link
Isn’t that 80 nvt’s at 4 and 120 at 6?
Dear Dan,
I follow all your videos and learning lot of things.
Recently, I installed Kali Linux on VirtualBox on Windows 10 machine. Also, I have installed Greenbone GVM as well and verified my GVM installation, by using
Everything seems alright. But, during VA Scanning using GVM, no vulnerabilities, like High, Medium, Low were detected. Only it shows some "logs". Could please advice how could be the issue and how to overcome it.
Warm regards
Try this. In the target setup -> Alive Test, set up your config to "Consider Alive." Let me know if that works. Thank you so much for following.
Good tutorials but the link for the script wont open
Sorry I changed my site to getcyber.me
Amazing video! This helped me out a lot, however, your website is no longer working
sorry I changed it to danduran.me. I will edit the descriptions. Thank you so much!
How much RAM did you use in your Kali? Help please
2 is minimum but 4 is recommended. You can use more if you want.
Why would linux system crash when it is 100% utilized? It will be ok.
coooooooooooooooooooooool...
Hi, how to get the password and username
OpenVAS seems to go through slumps of CPU/RAM usage so it's hard to tell if it's doing anything at all. Is there a way to see if it's actually making progress?
tail the logs in real time?
btw, RAM is cheap. 2GB RAM? Year 2005, is that you? :D
bro did "npm install" in the background
openvas getting interrupted at 0% error
Try using "Consider Alive" in the in the drop down when setting up the target. I hope this helps!
u could explain a bit more
LOL Huawei Security Configuration guide @ 6:30.☠☠☠☠☠