I have a GVM Greenbone community edition installed via Docker. I want to scan using credentials, but to log in and scan a web application. In targets, I see that there is only an SSH Credentials field. How do I use credentials to authenticate to a website?
@piresand In practice, you can’t authenticate to websites. There is no standardized way to authenticate to them, like there is with SSH.
Eero
Additionally our software is not a generic web application scanner. You need to use a different application for this purpose.
Related quote from the existing documentation as an additional supportive reference for this info:
Information about web application scanning
The vulnerability scanner of the Greenbone Enterprise Appliance scans hosts, specified by a domain name or an IP address. A website URL, however, consists of more parts than just a domain name or an IP address. Since the appliance’s scanner does not process the other parts of a URL, it cannot automatically analyze and test the structure of a website. It is therefore not a Web Application Security Scanner (WASS) or an HTTP scanner.
However, if a host is scanned on which a web application is running, and if both a known vulnerability exists and a suitable vulnerability test for it is included in the feed, the appliance may still detect the vulnerability.
This topic was automatically closed after 90 days. New replies are no longer allowed.