Good Morning / Day / Evening! So I've used OpenVAS for a little over a year now, but haven't found a lot of documentation except for the plethora of information here on the mailing list. With that said, I have always used OpenVAS for OS package-level vulnerability scanning (e.g. OpenSSH, OpenSSL, nginx / apache, bash, etc), but I need to have a way to start doing good Web Vulnerability scans that attempt fuzzing, XSS, SQL Injection, as well as other standard OWASP web application pen tests. I'm not having a lot of luck figuring out how to do this in OpenVAS 7 (which was installed from atomic repo on CentOS 6.6). I see a couple of posts from last week regarding Wapiti, Arachni, and Nikto, but I am unfamiliar with OpenVAS from cli, and have always used GSA. If someone could point me to more in-depth documentation for using it from the command-line, specifically to successfully schedule / scan web applications, I would be extremely grateful. I am a Linux engineer and have no fear of the terminal. :) On my own note, I've ran both Wapiti and Nikto stand-alone, from my local linux machine not having anything to do with OpenVAS, and was not very impressed. It looks like Nikto may not be maintained any longer. The updated database is a couple of years old and runs in under 5s (unless I am doing something wrong).
To make a short point longer, I'm looking at Acunetix, but not sure about a budget for something if we can do it adequately with OpenVAS which has been in our prod environment for 15 months now. I would really love to understand the scanner and manager better. Thanks in advance, Izz P.S. My apologies if this turns up as a double post, my primary email alias is different than what was in the list subscription. Izz Noland Sr. Systems Engineer [wepa_logo-solid]<https://www.wepanow.com/> [email-icons_03][email protected]<mailto:[email protected]> [email-icons_06]Toll Free 800.675.7639 [email-icons_05]100 Gilbert Drive | Alabaster, Alabama 35007
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
