So an SSH connection is enough?No download on a target machine? If it runs locals commands and they are supported by target machine, it is enough? Where can i find the commands used? Last question: on web interface in "Target->Credentials->New Credential" i can't setup the SSH port...it works only on port 22? Thank you
2017-03-05 16:10 GMT+01:00 Eero Volotinen <[email protected]>: > it just logs server via ssh and runs local commands. > > -- > Eero > > 2017-03-05 17:06 GMT+02:00 Vito Logrillo <[email protected]>: > >> Thanks for your reply, >> but i'm trying to figure out how an authenticated scan works: Should i >> download and install a software? Or a bash script?Or something else? >> Thanks >> >> 2017-03-05 12:42 GMT+01:00 Eero Volotinen <[email protected]>: >> >>> autheticated scan requires usually supported platform. at this moment >>> only major linux distributions are supported. >>> >>> Eero >>> >>> 5.3.2017 1.33 ip. "Reindl Harald" <[email protected]> kirjoitti: >>> >>>> >>>> >>>> Am 05.03.2017 um 11:58 schrieb Vito Logrillo: >>>> >>>>> Hi All, >>>>> sorry for my noob question, but i'm trying to understand how security >>>>> scans work. My target is a custom linux distribution on an IoT system: >>>>> i >>>>> can set-up an SSH connection but i can't download any package in a >>>>> simple way. >>>>> 1. To perform an authenticated scan, an agent or a software should be >>>>> downloaded on the target machine? Or a shell script? >>>>> 2. Which are the benefits? It can check all installed packages? Even if >>>>> they are not active? >>>>> >>>> >>>> the benefit is that it can also check services where the ports are not >>>> reachable from the network >>>> >>>> depending on what service and the complete setup a vunerability on >>>> whatever is running can become very quickly a remote exploit - simple >>>> example: you allow users to upload php-scripts on your webserver - from >>>> that moment on your services on 127.0.0.1 are no longer isloated until you >>>> disable a lot of php functionality >>>> _______________________________________________ >>>> Openvas-discuss mailing list >>>> [email protected] >>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/o >>>> penvas-discuss >>>> >>> >>> _______________________________________________ >>> Openvas-discuss mailing list >>> [email protected] >>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/o >>> penvas-discuss >>> >> >> >> _______________________________________________ >> Openvas-discuss mailing list >> [email protected] >> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/o >> penvas-discuss >> > >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
