The goal is to create a scan that:
- Identifies the host name
- Identifies OS version (usually Windows)
- Checks only for a specific (SMB) Vulnerability
- Is really fast
Q: I partly meet my goal: host names and OS are not resolved. So I get the ip’s, get the vulnerability (or not), but host names and OS are not resolved.
I have managed to do this by doing the following
Created a scan target for the /24 subnet
I have configured on the “Port List” only TCP port 445 to be checked (for speed, not to check all TCP ports)
I have “cloned” the "system discovery " scan config and included the 2 vulnerability related NVT’s for the vulnerability I need to check. That works well.
I then create a new task, using the scan target and the scan config.
Result is that I get the report that the host has the vulnerability but not the OS and host name.
Any ideas what more should I enable?