Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Centos 5.8, 6.5 Linux Mint 13 & 16, OpenSuse 12
Posts: 112
Rep:
Scan a website with OpenVAS?
Dear Experts,
I have a working Back Track 5 RC2 system. My OpenVAS is working fine.
I am able to scan remote host. But this is not my requirement. I have to scan a web site for vulnerability.
Be aware Laws may require you to obtain authorization prior to scanning remote addresses. Also be aware sustained, active probing for vulnerabilities may have an adverse effect on the site slash host. Informing the client, and in some cases the provider, may be prudent. As to your question check out which plugins OpenVAS provides and what their purpose is. Should be at least two you could use.
Distribution: Centos 5.8, 6.5 Linux Mint 13 & 16, OpenSuse 12
Posts: 112
Original Poster
Rep:
Quote:
Originally Posted by unSpawn
Be aware Laws may require you to obtain authorization prior to scanning remote addresses. Also be aware sustained, active probing for vulnerabilities may have an adverse effect on the site slash host. Informing the client, and in some cases the provider, may be prudent. As to your question check out which plugins OpenVAS provides and what their purpose is. Should be at least two you could use.
Thanks for the reply. This is our official web site to be scanned for vulnerabilities. I am not getting the way, that where can i give url of the web site for scanning.
Once you have your OpenVAS server setup and your client is connected create a new task (Task > New) then create the scope (Scope > New) within that task.. Once you have your scope setup there will be multiple options on the right window, one of which is target selection. Enter your sites IP or FQDN there.. figure out which plugins you want to use and your desired options then execute the scan (Scope > Execute)... Hope that helps!
Distribution: Centos 5.8, 6.5 Linux Mint 13 & 16, OpenSuse 12
Posts: 112
Original Poster
Rep:
Quote:
Originally Posted by J0hnny_b14z3r
Once you have your OpenVAS server setup and your client is connected create a new task (Task > New) then create the scope (Scope > New) within that task.. Once you have your scope setup there will be multiple options on the right window, one of which is target selection. Enter your sites IP or FQDN there.. figure out which plugins you want to use and your desired options then execute the scan (Scope > Execute)... Hope that helps!
Thanks for the answer to my question. If i want to scan a url (web site - Authenticated Access)then what will be the way.
Ah, so you're new to OpenVAS and looking for simple instructions. Well, it comes with documentation to read and this thread therefore isn't related to Linux Security at all.
Moving to the Newbie forum.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.