How to decrease scan time?

Scans take veeery long (more than 72 hours) time and stuck on ~85-99%. I suspect that Greenbone just trying to bruteforce ssh/http/smb…
My scan config:

  • Full and fast
  • only 1-65535/tcp
  • 5 IP’s

I changed Scanner Preferences through web GUI:
open_sock_max_attempts: 5 → 2
plugins_timeout: 320 → 160
scanner_plugins_timeout: 36000 → 18000
timeout_retry: 3 → 2

But scan time the same.
How can i decrease scan time? Maybe minimalizing bruteforcing time or disable it (Disable brute force checks/Disable default account checks), changing timeout settings?

Hi SapKorZun, the scan should never take 72 hours for just 5 IPs.

  • How many resources have you assigned to your containers and/or host?
    The documentation recommends 4 CPU cores, 8 GB of RAM and 60 GB storage.
  • Are you sure that you entered only 5 IPs instead of an IP range?
  • Is your host alive detection set to “Consider alive”? If yes, that could increase scan time dramatically.

Concerning your question, you can disable brute force checks. In order to do that, go to Configuration > Scan Configs > Clone the config you’re using and edit it > Remove the checkmark from “Brute Force Attacks” > Save. Make sure to use the cloned config instead of your old one after that.

2 Likes

Thanks for reply!

  • cores: 8, space: used 14G of 63G, RAM: used 952Mb of 7.8Gb
  • i entered certain 5 IP’s, column IPs shows excatly “5”
  • Target option “Alive Test” shows “Scan Config Default”

After disabling bruteforce scan time looks good!
But it’s not welcome to turn off bruteforce at all.
Can i make bruteforcing less “brute”?
Can i choose a smaller dictionary for bruteforcing?
Is there a difference between “Timeout” and “timeout” in SSH bruteforce config and why param “Seconds to wait between probes” is empty?

I checked the config on my system and it looks the same. Since my scan time is fine, I guess it’s not a configuration issue.

Unfortunately, I don’t know the difference between those two timeout options and I’m also not aware of any possibility to choose another dictionary for bruteforcing. Maybe @cfi can help :slight_smile:

1 Like

You can specify your own dictionary via the VT “Options for Brute Force NVTs” (OID: 1.3.6.1.4.1.25623.1.0.103697) which can be found in the “Settings” family.

This looks like a display issue in one or more of the GVM components involved

AFAICT it was just left empty on purpose by the developer creating that VT back then in 2011 (or somewhere in between) and if you want to specify an own timeout you can do that via this setting.

2 Likes

If @SapKorZun is using the latest version of openvas-scanner built from source or community docker image, I’m afraid that there is actually an issue in the scanner that make the scan hanged or take too long to finish, as I mentioned here: Building openvas-scanner from latest source, scan is hanged - #11 by panajo1017. This issue is hard to reproduce because there is no abnormal clue in the logs and not every scan is hanged (subject to the target), I just noticed when I updated the scanner version.

1 Like