It seems like you are clueless about what a vulnerability scanning setup is like. You can install OpenVAS where you want. In you Windows 10 by using dual boot or VM software, in your CentOS machine, or inside your clients network. About credentials you don't necessarly need them for vulnerability testing unless you wan't to perform credentialed scans.
About the Greenbone page i doubt the page credentials give you access to an OpenVAS instance. The precision and performance of your scan will depend on the network connection between your OpenVAS installation machine and your scan target. For example if you have OpenVAS on your CentOS machine and scan one of your clients machines you will be testing it's external exposure to vulnerabilities. If you want to test internal exposure you will need an OpenVAS instance inside the client's network to reach its internal interfaces. The quality of the connection will play a part in the precision and performance of the scanner. The better the connection faster the scan will be and it increases the probability of better results. In terms of access the scan can use credentials or not. If you don't have credentials the results will be based on the behaviour of the target responses. With credentials the scanner can access the machine from a user perspective and have access to more detailed information (OS version, installed software, etc.) and this will increase the scanner precision (better results with less false positives). These credentials don't need to be root and probably shouldn't be. The choices you make about the options i presented later should consider the objectives of the scan and the level of access given. Also keep in mind that the scans have an impact on the network and target machine performance so schedule the scans wisely to minimize impact. Fabio Em 25/09/2017 07:35, "David B" <dave.feth...@gmail.com> escreveu: > I have watched the video about setting up - /gos-3.1 > > I have some pretty basic questions ... > > I am based in London, UK using a pc running windows 10 and I use > a dedicated linux server in the US which runs CentOS Linux 6.9 > > I would like to check the vulnerability of this US server and also > check vulnerabilities of other servers for my clients. > > I am new to this and I am not sure what I am doing !! > > Obviously I can login to my own server which is running WebMin and > VirtualMin so I don't need to use Putty. ( Although I can follow your > instructions on the video ) I can just use the command shell > > However - if I want to check the vulnerability of a clients server do I > need there root login details ? > > That can't be right ? > > I think I am missing something ... am I supposed to set up the OpenVAS on > my linux server ( the one in the US ) ? Is that for checking only itself or > for checking client IPs ? > > Why do I need to install it on my server - if there is an online login on > the GreenBone.net site ? > > Do I need to install the OPENVAS under a virtual server and then run it > from a url address ? > > I am someone can give me some guidance. > Many thanks. > Dave > > Thanks > David Bird > > _______________________________________________ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >
_______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
