# OpenVAS Greenbone external credentialed scan



## paulj1x (Jun 7, 2015)

I have Kali 2.0, OpenVAS 8, OpenVAS Manager v 6.0.1, OpenVAS Scanner 5.0.1 (DB rev 146), Greenbone, that I’ve downloaded from the Kali VMWare page, running in one VMWare Player and a Windows 7 target in a second VMWare Player and I’m trying to do an external credentialed scan.
I disabled the Firewall in the Windows 7 target and set up an Administrator account with no password to make sure I had an obvious vulnerability which would only be seen by a credentialed scan. I also enabled the Guest account.
I can ping the Windows 7 target from Kali Linux so I know there’s a connection.
I then went to Scan Management -> Purple Wand -> Advanced Task Wizard to create a number of tasks with the above credential selected under SMB credential. I also created and downloaded an autogenerated credential which I copied over and ran as Administrator on the Windows 7 target. I tried all combinations of SMB credential, autogenerated SMB credential, Full and Very Fast, Full and Very Fast Ultimate, Full and Very Deep, and Full and Very Deep Ultimate.
The credentialed scans created the exact same number of vulnerabilities as a non-credentialed scans except that it said that it was able to login to the remote host using the SMB protocol (“SMB log in”) and found “Microsoft Windows SMB Accessible Shares” but it did not pick up on the admin account without a password or Guest account. The only vulnerabilities it found were only related to the Firewall being turned off, so it appears to me that while it can login, it is not really doing a credentialed scan. At best it had a log of 12 findings, I would expect to see maybe 45 findings like I used to see when I was doing Nessus PCI scans.


----------



## hal8000 (Dec 23, 2006)

Vmware is not linux, but an emulator running on a windows 7 host.
Running any linux distro on an emulator will not behave like the real thing, running
Vmware on a windows host with NTFS / FAT32 filesystem will also be subjected to
fragmention of the host system.

Having said all that, never used OpenVAS, so from Kali perform a scan using nessus against your target windows 7 machine.
If you see more than 12 log entries you have proved that nessus is better at highlighting 
potential security risks. However remember that vmware is emulating the software and hardware environment, so can not be expected to match or perform like a real system all
the time.


----------

