Scribd
Upload
93 views13 pages

OpenVAS 9 Custom Scan Configurations

This document discusses creating a custom scan configuration in OpenVAS to scan for vulnerabilities specifically in printer devices. It recommends optimizing the scan to include only relevant NVTs and excludes those unrelated to printers. The tutorial creates a new "Printer" scan configuration and enables NVTs targeting services commonly found on printers like FTP, Telnet, SSH, SNMP and web servers.

Uploaded by

RESISKOM21M.FATHURRAHMAN
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
93 views13 pages

OpenVAS 9 Custom Scan Configurations

This document discusses creating a custom scan configuration in OpenVAS to scan for vulnerabilities specifically in printer devices. It recommends optimizing the scan to include only relevant NVTs and excludes those unrelated to printers. The tutorial creates a new "Printer" scan configuration and enables NVTs targeting services commonly found on printers like FTP, Telnet, SSH, SNMP and web servers.

Uploaded by

RESISKOM21M.FATHURRAHMAN
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

TRENDING

CVE-2019-19781: Citrix ADC RCE vulnerability

      

Hacking Tutorials

NAVIGATE 

Home » Scanning Tutorials » Vulnerability Scanning with OpenVAS 9 part 4: Custom scan con gurations
Vulnerability Scanning with OpenVAS 9 part 4: Custom scan 8

con gurations

BY HACKING TUTORIALS ON NOVEMBER 1, 2018 SCANNING TUTORIALS

For all scans so far, we’ve only used the default scan con gurations such as host discovery, system discovery
and Full & fast. But what if we don’t want to run all NVTs on a given target (list) and only test for a few speci c
vulnerabilities? In this case we can create our own custom scan con guration and select only the NVTs that we
want to test for. Please note that this is totally optional and I’d recommend against creating your own scanning
con gurations in most cases. The ‘Full and Fast’ and the ‘Full and Fast Ultimate’ are both fast and intelligent.
These types of scans do not test SMB vulnerabilities on FTP ports while slow scans might test every single NVT
on every single port. In the next section we will create a custom scan con guration that will only test for
vulnerabilities present on printer devices.

Vulnerability Scanning with OpenVAS 9 – Tutorials


Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
Vulnerability Scanning with OpenVAS 9 part 4: Custom scan con gurations

Custom scan con guration for printers

In this section we will create a custom scanning con guration to test enterprise printers and multifunctional (MFP) for
vulnerabilities. The reason we’re going to create a custom scan con guration is that printers are commonly overlooked targets
when it comes to security and vulnerabilities. Successfully exploiting vulnerabilities on these devices cannot only allow an
attacker to get access to sensitive data but also to gain a beachhead on the network. Many enterprise printers also
authenticate against the company’s domain controller using Lightweight Directory Access Protocol (LDAP). In most cases it is
unlikely that devices authenticate with an administrator account but it might provide attackers with access to a domain
account.

When targeting printers, it is important to optimize the scanning con guration as much as possible and only scan for NVTs
that target printers. Many printers have a fragile network stack and cannot handle large scanning loads which might even
crash the target. We will exclude NVTs that don’t have anything to do with printers such as NVTs targeting equipment from
speci c manufacturers or NVTs that target local vulnerabilities.

Creating the custom scan con g

First, we will create a new scan con g and name it ‘Printer’. We can choose to copy an existing scan con g and disable NVTs
that we do not want to use but as we’re targeting printers here, it’s better to start with an empty scan con g and enable the
few NVTs that apply to printer devices.

Next we can edit the scan con g to locate NVTs:


Scroll down to the global variable setting: Exclude printers from scan and click the ‘edit’ icon:

Enable ‘Exclude printers from scan’:


Next, we create a new scan task and select the printers target list as target and the newly created scan con g ‘Printers’ (The

screenshot below displays ‘Full and Fast Printers‘, make sure to select the newly created scan con g here):
Tip 1: When you’ve selected single NVTs do not click the NVT family checkbox as this will add all NVTs from the speci c
family.

Tip 2: In this demonstration we’ve only added NVTs that speci cally target printers. As most modern printers run
di erent a lot of di erent services and servers, it is recommended to also enable NVTs that target FTP, Telnet, SSH,
SNMP and web servers.

Tip 3: Generally, I’d recommend against the route of selecting individual NVTs unless it’s just a handful of NVTs as for
printers.

From here you can simply run a scan and select the newly created scan con guration.

SHARE.       

 PREVIOUS ARTICLE NEXT ARTICLE 

Vulnerability Scanning with OpenVAS 9 part 3: CVE-2019-19781: Citrix ADC RCE vulnerability
Scanning the Network

RELATED POSTS
BY HACKING TUTORIALS – JULY 19, 2018  10

Vulnerability Scanning with OpenVAS 9 part 3: Scanning


the Network

BY HACKING TUTORIALS – MAY 9, 2018 9

Vulnerability Scanning with OpenVAS 9 part 2:


Vulnerability Scanning

BY HACKING TUTORIALS – APRIL 18, 2018 0

Vulnerability Scanning with OpenVAS 9 part 1:


Installation & Setup

8 COMMENTS
STARNIGHT_CYBER on DECEMBER 13, 2018 2:49 AM

Will we have part 5 ?

REPLY 

HACKING TUTORIALS on DECEMBER 13, 2018 9:31 AM

What would you like to see in part 5?

REPLY 

STARNIGHT_CYBER on DECEMBER 24, 2018 2:18 PM

any more tricks ?

REPLY 

STACY on JUNE 17, 2019 8:58 PM

I’d LOVE to see a part 5 where Metasploit is fed the results of the scans automatically to test them.

REPLY 

RB on JANUARY 23, 2019 1:08 AM

Thank you for the past tutorials, they where enlightening. There are some inconsistencies with this tutorial
though. In the section ‘Creating the custom scan con g’ you mention to call the scan con g ‘Printer’ and make it
an empty scan con g but later in that section you state:

“Next, we create a new scan task and select the printers target list as target and the newly created scan con g ‘Full
and Fast Printers’:”

I believe you should change the beginning of the section to state the latter name and state to select ‘Full and Fast’
as the base.

REPLY 

HACKING TUTORIALS on JANUARY 23, 2019 8:58 AM

Hi, Thank you for your feedback and great to hear that you liked the tutorial!

You’re right, the scan con guration to select should be the one that was created earlier in the tutorial (Printers),
i have updated this.

REPLY 

RB on JANUARY 23, 2019 1:19 AM

To exclude printers, the family is ‘Settings’ and the con g NVT is ‘Global variable setting’.
REPLY 

DWAYNE PARSON on JULY 3, 2019 6:20 PM

So we’re running OpenVas. Manually scanning once a moth. Want to schedule for once a week automated, but
don’t have the feature. Where is it?

REPLY 

LEAVE A REPLY

Your Comment

Your Name

Your Email

Your Website

Notify me of follow-up comments by email.

Notify me of new posts by email.

POST COMMENT

TOP TUTORIALS

BY HACKING TUTORIALS – NOVEMBER 15, 2016 2


Hacking with Netcat part 2: Bind and reverse shells
BY HACKING TUTORIALS – MAY 1, 2016  15
Metasploit commands

BY HACKING TUTORIALS – JUNE 13, 2015  16


Installing VPN on Kali Linux

BY HACKING TUTORIALS – JULY 16, 2015  15


The Top 10 Wi Hacking Tools in Kali Linux

BY HACKING TUTORIALS – JUNE 3, 2015  22


How to hack a WordPress website with WPScan

BY HACKING TUTORIALS – JULY 29, 2016 3


Exploiting VSFTPD v2.3.4 on Metasploitable 2

SUBSCRIBE

Enter your email address to subscribe to Hacking Tutorials and receive noti cations of new tutorials by email.

Join 17,662 other subscribers

Email Address

Subscribe

RECENT TUTORIALS

CVE-2019-19781: Citrix ADC RCE vulnerability

Vulnerability Scanning with OpenVAS 9 part 4: Custom scan con gurations

Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network

Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning

Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup


VIRTUAL HACKING LABS

CATEGORIES

Digital Forensics

Exploit tutorials

General Tutorials

Hacking Books

Hacking Courses

Malware Analysis Tutorials

Metasploit Tutorials

Networking

Scanning Tutorials

Web Applications

Wi Hacking Tutorials

DOWNLOADS
directory_scanner.py (23801 downloads)

PEiD Userdb (12190 downloads)

[Link] (25277 downloads)

wi _jammer.py (31145 downloads)

RECENT TUTORIALS

CVE-2019-19781: Citrix ADC RCE vulnerability

Vulnerability Scanning with OpenVAS 9 part 4: Custom scan con gurations

Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network

Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning

Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup

The Best Hacking Books 2018

POPULAR TUTORIALS

BY HACKING TUTORIALS – SEPTEMBER 1, 2016  115


Review: Offensive Security Certi ed Professional (OSCP)

BY HACKING TUTORIALS – APRIL 18, 2017  38


Exploiting Eternalblue for shell with Empire & Msfconsole

BY HACKING TUTORIALS – MARCH 17, 2016  37


Installing VPN on Kali Linux 2016 Rolling

FEATURED DOWNLOADS

directory_scanner.py (23801 downloads)


PEiD Userdb (12190 downloads)

[Link] (25277 downloads)

wi _jammer.py (31145 downloads)

© Hacking Tutorials 2019

You might also like