Thanks for your reply, but i'm trying to figure out how an authenticated scan works: Should i download and install a software? Or a bash script?Or something else? Thanks
2017-03-05 12:42 GMT+01:00 Eero Volotinen <[email protected]>: > autheticated scan requires usually supported platform. at this moment only > major linux distributions are supported. > > Eero > > 5.3.2017 1.33 ip. "Reindl Harald" <[email protected]> kirjoitti: > >> >> >> Am 05.03.2017 um 11:58 schrieb Vito Logrillo: >> >>> Hi All, >>> sorry for my noob question, but i'm trying to understand how security >>> scans work. My target is a custom linux distribution on an IoT system: i >>> can set-up an SSH connection but i can't download any package in a >>> simple way. >>> 1. To perform an authenticated scan, an agent or a software should be >>> downloaded on the target machine? Or a shell script? >>> 2. Which are the benefits? It can check all installed packages? Even if >>> they are not active? >>> >> >> the benefit is that it can also check services where the ports are not >> reachable from the network >> >> depending on what service and the complete setup a vunerability on >> whatever is running can become very quickly a remote exploit - simple >> example: you allow users to upload php-scripts on your webserver - from >> that moment on your services on 127.0.0.1 are no longer isloated until you >> disable a lot of php functionality >> _______________________________________________ >> Openvas-discuss mailing list >> [email protected] >> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/o >> penvas-discuss >> > > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
