I would like to ask you some information: one of my goals is to create digital twins of a scanned network.
The precise objective would be this:
perform vulnerability scans with OpenVAS and obtain the report in xml/json etc…
From this output I would like to create a digital twin of the network just scanned, and then subsequently carry out a penetration test in this digital twin without stressing the real, original network
I would like to ask you if you have any advice, I know that I have to use artificial intelligence models etc… but I would like to know if you already have any knowledge in this area, if you have any references and advice!
Thank you for your availability and I hope you can help me!
I don’t think this is a reliable way to conduct a penetration test because while the OpenVAS scan will broadly capture which services are accessible to test, an unauthenticated scan will not always capture their configuration settings or which plugins are running, an authenticated scan won’t either - at least not to the granular detail you would want for a pentest.
For penetrating testing production systems that I don’t want to impact directly, I have always cloned the server to be tested (or asked the client to do it) and then removed any sensitive data from the server and made it accessible on another IP/hostname/domain.