In this, I am scanning 192.168.0.1/24 subnet using OpenVAS Default scanner with Full and Fast scan config, maximum concurrently NVT = 4, maximum concurrently host = 5. The CPU is almost 100% on 8 cores all the time. Although the network only has about 15 machines, the scan takes up to 4 hours.
I want to ask is that normal thing? Has anyone ever encountered this problem before? What can I do to fix it?
I configured maximum concurrently NVT = 4, maximum concurrently host = 2 and the CPU load is lower now (but still high, around 70%). And as you said before, it takes a lot of time to finish scanning. In my test case, the target network has only 15 machines so I think it may take a few days to finish scanning a larger network.
I have checked the Greenbone product comparison and found that some products can support scanning thousands of target. I wonder will these products scan for so long? If not, do you know what is the different? Do they use very strong hardware or do they use a different software than the free version?
Long scanning times can often be tweaked with the right settings of your scan depending on your environment.
E.g. check what “alive tests” are best for your targets, are there (local) firewalls between which could interfere, what port ranges suites you best, which checks take long on certain targets etc. just to give you some pointers.
If you have a host that takes 4h to scan (because of timeouts or other reasons), you can add a lot of additional hosts with no such drawbacks to the target and the scan duration of the task will still be 4h.