autheticated scan requires usually supported platform. at this moment only major linux distributions are supported.
Eero 5.3.2017 1.33 ip. "Reindl Harald" <[email protected]> kirjoitti: > > > Am 05.03.2017 um 11:58 schrieb Vito Logrillo: > >> Hi All, >> sorry for my noob question, but i'm trying to understand how security >> scans work. My target is a custom linux distribution on an IoT system: i >> can set-up an SSH connection but i can't download any package in a >> simple way. >> 1. To perform an authenticated scan, an agent or a software should be >> downloaded on the target machine? Or a shell script? >> 2. Which are the benefits? It can check all installed packages? Even if >> they are not active? >> > > the benefit is that it can also check services where the ports are not > reachable from the network > > depending on what service and the complete setup a vunerability on > whatever is running can become very quickly a remote exploit - simple > example: you allow users to upload php-scripts on your webserver - from > that moment on your services on 127.0.0.1 are no longer isloated until you > disable a lot of php functionality > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
