I am writing to seek for advices on tuning the OpenVAS software for better performance.
The OpenVAS version I am using is 9, and most of the target systems run Linux.
The scanning environment is roughly like this :
the firewalls of the OpenVAS host and the target systems are configured to allow all packets from each other;
only one target system is scanned at a time;
in each scan, all ports (TCP 1-65535, UDP 1-65535) are scanned, and the scan mode is “Full and very deep ultimate”.
With these settings, it is found that each scan takes very long to complete (12-14 hrs). The progress bar looks frozen at “1%” for many hours.
If the scans are repeated with the “scanner_plugins_timeout” value reduced from the default “36000” to “9000”, then the scans can run faster (6-7 hrs to complete) and the results show no significant
I would like to ask : is there an “optimal” choice for the timeout value which can shorten the run time without sacrificing the scan quality ?
You only see no significant difference within your result because you’re using this scan config:
This scan config has the following two settings set to no:
unscanned_closed : This parameter defines if TCP ports that were not scanned should be treated like closed ports.
unscanned_closed_udp : This parameter defines if UDP ports that were not scanned should be treated as closed ports.
This basically means that your current scan configuration is (as soon as the Port scanner got terminated) only checking the default ports defined within the existing vulnerability tests (some HTTP ones would e.g. only check for port 80/tcp).
Instead of trying to modify the scanner_plugins_timeout you could re-think the following:
Please read into UDP port scanning on resources like the following:
Basically scanning all 65k UDP ports could takes hours or even a day depending on the network and/or target.
Unfortunately no specific recommendation can be given as those are highly depending on your network and target environment. Personally i’m using the following setting to have a middle ground between scan speed and scan coverage:
Scan-Config: Full and Fast + unscanned_closed_udp set to no
Port-List: All TCP without any UDP ports