I am using the GOS (Trial) 21.04.2 on Oracle VirtualBox 6.1.22.
To see baseline results, I tested the scanner on a Metasploitable 2 machine (linux). I used the default admin credentials first, then I made a new user with admin credentials and found the same results for each.
There were no Mid or High severity level vulnerabilities. Only TCP timestamps low vulnerability was found, (and a few log-level vulnerabilities).
I was expecting to find many more vulnerabilities, at least some of which would be Mid or High level. I have seen more severe results of a Metasploitable 2 scan previously from other greenbone users.
All feeds are currently up to date, and there are results in all 6 categories of the SecInfo dropdown.
Can somebody please tell me how to get more accurate scan results?
Hello GratefulAna, welcome to the Greenbone Community!
A full vulnerability scan of a Metasploitable 2 should indeed show a large number of vulnerabilities. I was not able to reproduce this problem on my GSM TRIAL 21.04.2 however, so we will have to investigate this step by step.
First, to check for some basic things:
Which scan config did you use? For a vulnerability scan, “Full and fast” should be used. The discovery configs just gather basic information about a system.
Which port list did you use? “All IANA assigned TCP” is recommended for starters. Other port lists may not include the ports required for some essential vulnerability tests.