Hello,
I have a question regarding the full & fast scan.
In the documentation it says that it uses previous scans to perform better.
I have launched a discovery scan beforehand, but in the openvas.log file we saw that nmap.nasl was running.
I might be wrong but information gathered in the previous port scan is meant as the port scan is run at the beginning of the scan with this scan configuration. At least that’s my understanding how a scan with full and fast works.
There is never any data shared across multiple scans in the current software / scanner stack. The text is referencing to a port scan which has been started and running in the very same scan.
Yes, not sharing any data across any scan is the case for all scan configs.
But AFAICT this text is only part of the “Full and Fast” scan config description because e.g. “Full and Very Deep” is also using a port scanner but doesn’t depend on it’s result and might still launch VTs against some default ports of an application.
For example if port 10000/tcp (for Webmin) wasn’t found to be open during a port scan a scan (e.g. because the port wasn’t included in the uses port list) then:
“Full and Fast” won’t detect the application because the port isn’t tested
“Full and Very Deep” could detect it because the product detection doesn’t rely on the information gathered in the previous port scan and the port is still tested (because it is defined as the default port for this application in the product detection)