English | Deutsch
Home »

OpenVAS Change Request #49: Introduce new phase for network scans

Status: Voted +9. Implemented it SVN revision 9365 and 9366.

Purpose

To make scanning large networks more effective and to simplify integration of network based external tools.

References

Rationale

Please note: This change request draws heavily from Change Request #26 and intends to make the proposal more specific. Many thanks to Vlatko Kosturjak for the initial Change Request.

Currently, OpenVAS is a host oriented vulnerability scanner. That means that it forks for each IP tested and for each NVT. In some cases it would be more effective in terms of memory usage and scan speed to launch an NVT a single time against a group of hosts or an entire network. Launching nmap is one of the cases.

NVTs always belong to one category (e.g. "ACT_INIT", "ACT_ATTACK", "ACT_END") which correlates with the phase of the scan in which the NVT is run.

Effects

Advantages

Disadvantages

Design and Implementation

To enable openvas-scanner to collect information on the network level, a new scan phase for certain NVTs (e.g. port scanners) should be introduced to allow them to gather information on this level. This scan phase will have the following special properties:

History