Network Vulnerability Scanner

Perform External Vulnerability Scans to Determine the State of Your Network Security

Contents of the Report

Here is what you can expect in Scantrics’ OpenVAS Network Vulnerability Scanner report:

Use Cases for Network
Vulnerability Scanner

The OpenVAS Network Vulnerability Scanner covers a wide range of network security assessment tools, allowing network and system administrators to obtain multiple information in just one scan! This includes open ports detection, version-based vulnerability detection, detection of missing security patches, and more.

Quick-And-Easy Infrastructure Penetration Testing

In a penetration testing lifecycle, the first thing penetration testers need to do is to gather as much information as possible about the target system or network. This scanning tool helps penetration testers to execute a network vulnerability scan and gain results faster, thus saving you time and effort when conducting penetration tests.

Produce Audit Reports for External Parties

The report produced by the OpenVAS Network Vulnerability Scanner allows IT service providers to prove to their customers that proper network security measures are in place and that they can focus more on other critical tasks.

Technical Details

How long does Full Scan take?

The more services are running on network devices, the longer Full Scan will take to complete. It can take more than 30 minutes to several hours, depending on the target. More open ports found means that more tests need to be run on the target machine, thus more NVT needs to execute.

What is OpenVAS?

Since 2009, OpenVAS has been a full-spec vulnerability scanner that is maintained and distributed by Greenbone Networks. It is a framework of many services and tools that provide a comprehensive and powerful vulnerability scanning/management solution.

OpenVAS covers lots of capabilities that can be used against the target, such as unauthenticated/authenticated testing, numerous high-level and low-level internet and industrial protocols. It is built from 3 main parts, which are:

A regularly updated feed of NVTs;
A scanner that runs the NVTs;
And an SQLite 3 database for storing the test configuration.

OpenVAS implements each penetration test in a plugin called NVT, which is written in Nessus Attack Scripting Language (NASL). With more than 57 thousand active plugins, various internal vulnerabilities can be detected in any number of services.

What are NVTs?

The term NVT itself refers to Network Vulnerability Tests. The tests are conducted using plugins that are developed in NASL code, which is a legacy from the Nessus scanner.

Each NVT is an individual test that can assess a vulnerability. The NVTs are usually updated on a weekly basis. Some of the NVTs might be updated as the new vulnerabilities are discovered.

What is the purpose of the OpenVAS Network Vulnerability Scanner?

Every organization builds its own network perimeter to isolate its internal network from the outside world. However, some services used for hosting require exposure to the public to access, such as HTTP, FTP, VPN, and so on.

This means that some holes need to be “poked” in the network to allow external parties to access various resources of the organization. By exposing different services to the public, there’s a risk that an attacker may find security vulnerabilities in your services and attempt to exploit them.

The OpenVAS Network Vulnerability Scanner is designed to help network and system administrators to map all the services exposed to the public and identify any vulnerabilities that exist in the version of software stack used by each service.

What scans are performed by the OpenVAS Network Vulnerability Scanner?

The OpenVAS Network Vulnerability Scanner has two type of scans, which are Quick Scan and Full Scan.

Quick Scan performs a simple and fast scan to the target system by running Nmap in order to identify open ports and services:

From the information gathered via Nmap, the tool then matches the data with the vulnerability database to find out if the specific version of software running in the service has any known vulnerabilities or not.
Suitable for users who need a quick report, but information can be inaccurate as it only depends on the software version reported by the service.

Full Scan is performed using the OpenVAS scanning engine, the most advanced open source vulnerability scanner:

Thousands of vulnerabilities can be detected in various networks services, including HTTP, SSH, RDP, SMTP, and more.
Scan for a list of ports containing the most common 6000 ports (TCP and UDP)
Since OpenVAS performs detection by contacting each of the network service and sending crafted packets to manipulate the target and respond differently, Full Scan is more reliable than Quick Scan.

How it works?

A person without any experience in using/configuring OpenVAS might experience difficulties in installing the program. However, our customized OpenVAS scanner allows users to run network assessments with simplicity and with the same capability of OpenVAS itself.

There are several parameters that needs to be inputted before the user can run the OpenVAS Network Vulnerability Scanner:

Target

An object the user needs to define which can be a single IP address or hostname.

Scan Type

Quick Scan is a very fast scan type that only scans the most common vulnerabilities, while Full Scan is an in-depth scan to assess the network which usually take more than 30 minutes (based on the complexity of the infrastructure).

Ports to scan (Common, Range, List)

The user can define the ports parameters by choosing the most common ports, specifying the range, or specifying the custom list of ports.

Protocol Type

The user needs to specify which network protocol to scan between TCP or UDP.

Check Alive

The user has the option to enable/disable the host discovery check that will be useful if the network device blocks the ICMP protocol.