Hi. OpenVAS use nmap starting scannings.
Clone/Fork plugins nmap -> firewall bypass Reference NMAP: http://nmap.org/nsedoc/scripts/firewall-bypass.html http://pentestlab.wordpress.com/2012/04/02/nmap-techniques-for-avoiding-firewalls/ http://resources.infosecinstitute.com/nmap-evade-firewall-scripting/ http://www.opensourceforu.com/2011/02/advanced-nmap-scanning-firewalls/ http://insecurety.net/?p=42 Some Plugins Fork (by firebits) https://github.com/firebitsbr/OpenVAS-Plugins-hardening @firebitsbr 2014-10-16 12:14 GMT-03:00 Nick <[email protected]>: > Hello, > > I am a new user of OpenVAS. So far I have successfully used it to do an > external vulnerability test of my server. However, our firewall blocks many > of the ports (as it should). > > I would like to perform an "internal vulnerability test", simulating an > attacker that is within the local network, behind the firewall. But I would > prefer to not actually run OpenVAS within the network, if possible, because > of our server/network configuration. > > I am hoping that there is a way that I can operate OpenVAS through a SSH > tunnel, so I could open up a SSH tunnel to a machine within the network and > run the scans through that tunnel, which would accomplish the same thing as > if OpenVAS were actually running on that machine. > > I set up a SSH credentialed scan within OpenVAS, thinking this would do > what I would like, but it is performing the scan from outside the firewall > again, just like before. So either I'm doing it wrong or this is not the > proper way of accomplishing my goal. > > Can anyone give me a pointer of how to go about doing this? Thanks, > > Nick > > > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
