This was amazing video and great to learn the basics of OpenVAS! I am currently working on a capstone project and openvas is part of it. Thank you and I subscribed and liked your channel! Will check out more videos as well!
Hi, just curious what would the performance impact be on the systems being scanned? Any recommendations on how to safely perform vulnerability scanning in a production environment during the work day?
yes, it definitely can affect the performance of the network. If that happens you need to throttle the scan down and try to scan during off-hours. Also, be careful with IDS sending warnings. I had a case where I crashed an exchange server from 50K email warnings! I hope this helps.
@@GetCyber Can confirm. VAS is robust, but "loud" as an artillery piece. It can definitely chocke some production networks and make IPS/IDS go red with alarms. As for the system resources, the target seemed fine and operational to me (I was not running any live resouce checks on it), my pentesting machine, on the other hand,was quite busy during the scan, but it's pretty low-end i5 with 32GB RAM and OS on Samsung 940 EVO M2 SSD. Can't give you numbers,but i hope "it's something" to start with. Cheers!
I've just scanned a linux server, during the scan the CPU (16 vCPUs) utilization where betweenn 50% and 99% (the normal CPU used is 10% avg on this server), so in high-demand environments I'll suggest to perform the scan on non-productive hours
Bro, how is OpenVAS compared to other vul scanners, such as Nessus? If I had to pick one, would do you recommend, mainly to make myself marketable for an EH job?
openVAS will not cover most web application vulnerabilities on Layer 7 (Application e.g. HTTP/s) OWASP Zap is a proxy layer 7 vulnerability scanner and web application testing tool. OpenVAS scans more for outdated or misconfigured network vulnerabilities on Layer 3 (Network) , 4 (Transport) and some 5 (FTP, SSH). etc. It does as shown in the video list outdated application software. This is done by scanning the folder structure or detecting the version and comparing it to a recent list.
Dear Dan, I follow all your videos and learning lot of things. Recently, I installed Kali Linux on VirtualBox on Windows 10 machine. Also, I have installed Greenbone GVM as well and verified my GVM installation, by using Everything seems alright. But, during VA Scanning using GVM, no vulnerabilities, like High, Medium, Low were detected. Only it shows some "logs". Could please advice how could be the issue and how to overcome it. Warm regards
OpenVAS seems to go through slumps of CPU/RAM usage so it's hard to tell if it's doing anything at all. Is there a way to see if it's actually making progress?
Thank you for getting me through finals!
There was a point in the middle where I kinda got lost but at the end it got very interesting !
Thank you very much for this! It was very useful to me.
Awesome video bro. I plan to use this tool frequently soon.
Good job bro, very clear and concise
This was amazing video and great to learn the basics of OpenVAS! I am currently working on a capstone project and openvas is part of it. Thank you and I subscribed and liked your channel! Will check out more videos as well!
Glad it was helpful! Thank you so much!
Great content. Thanks. One thing I want to know from you is how to download a PDF report where I am getting 0 bytes report.
Can you set up a distributed architecture? A central server in a cloud and on-prem scanners that feed the info to the central server?
Thank you, this is very informative.
Glad it was helpful!
This is very useful video and would like to see many videos.
Thank you!
Awesome!
Thank you mate
You're welcome!
Well done, sir.
Thank you kindly!
the new feed update script is 'sudo greenbone-feed-sync'
That's great! Thank you for that amazing input!
coooooooooooooooooooooool...
very good
Thanks
unfortunately, Traceroute does not work...it returns all asterisks...what do you recommend?
Hi, just curious what would the performance impact be on the systems being scanned? Any recommendations on how to safely perform vulnerability scanning in a production environment during the work day?
yes, it definitely can affect the performance of the network. If that happens you need to throttle the scan down and try to scan during off-hours. Also, be careful with IDS sending warnings. I had a case where I crashed an exchange server from 50K email warnings! I hope this helps.
@@GetCyber Can confirm. VAS is robust, but "loud" as an artillery piece. It can definitely chocke some production networks and make IPS/IDS go red with alarms. As for the system resources, the target seemed fine and operational to me (I was not running any live resouce checks on it), my pentesting machine, on the other hand,was quite busy during the scan, but it's pretty low-end i5 with 32GB RAM and OS on Samsung 940 EVO M2 SSD.
Can't give you numbers,but i hope "it's something" to start with.
Cheers!
I've just scanned a linux server, during the scan the CPU (16 vCPUs) utilization where betweenn 50% and 99% (the normal CPU used is 10% avg on this server), so in high-demand environments I'll suggest to perform the scan on non-productive hours
@@albertomendooza How long did the Linux server scan run? I also just ran a scan, this is at 96% after about 16 hours
Bro, how is OpenVAS compared to other vul scanners, such as Nessus? If I had to pick one, would do you recommend, mainly to make myself marketable for an EH job?
..I also have this doubt!
Hi, just curious what are difference of openVAS and OWASP Zap vulnerability scanner ?
openVAS will not cover most web application vulnerabilities on Layer 7 (Application e.g. HTTP/s) OWASP Zap is a proxy layer 7 vulnerability scanner and web application testing tool. OpenVAS scans more for outdated or misconfigured network vulnerabilities on Layer 3 (Network) , 4 (Transport) and some 5 (FTP, SSH). etc. It does as shown in the video list outdated application software. This is done by scanning the folder structure or detecting the version and comparing it to a recent list.
Dear Dan,
I follow all your videos and learning lot of things.
Recently, I installed Kali Linux on VirtualBox on Windows 10 machine. Also, I have installed Greenbone GVM as well and verified my GVM installation, by using
Everything seems alright. But, during VA Scanning using GVM, no vulnerabilities, like High, Medium, Low were detected. Only it shows some "logs". Could please advice how could be the issue and how to overcome it.
Warm regards
Try this. In the target setup -> Alive Test, set up your config to "Consider Alive." Let me know if that works. Thank you so much for following.
When I try to make a scan config it says failed to find config. How can I fix this?
sir I need your help plz help me
i have face some issue some error
I was trying to get the cheat sheet and the website asked for a username and password.
Isn’t that 80 nvt’s at 4 and 120 at 6?
How much RAM did you use in your Kali? Help please
2 is minimum but 4 is recommended. You can use more if you want.
Easy up on the visual and audio effects on the transitions please.
Yeah this is from a year ago. Thanks!!!
Amazing video! This helped me out a lot, however, your website is no longer working
sorry I changed it to danduran.me. I will edit the descriptions. Thank you so much!
your site is down :(? is there a new link
OpenVAS seems to go through slumps of CPU/RAM usage so it's hard to tell if it's doing anything at all. Is there a way to see if it's actually making progress?
tail the logs in real time?
btw, RAM is cheap. 2GB RAM? Year 2005, is that you? :D
Good tutorials but the link for the script wont open
Sorry I changed my site to getcyber.me
Hi, how to get the password and username
openvas getting interrupted at 0% error
Try using "Consider Alive" in the in the drop down when setting up the target. I hope this helps!
👉🏻 Get your questions answered: tinyurl.com/3kxkmpxy // 🔥 NMAP Basics Tutorial for Kali Linux Beginners ➡ th-cam.com/video/W7076RPIgfQ/w-d-xo.html
Got a 404 in the tinyurl URL :-(
LOL Huawei Security Configuration guide @ 6:30.☠☠☠☠☠