I’m new to openvas. I’m using the community edition for test reasons and have a problem with the os-detection. I’m using openvas in kali linux in a VM on top of VMWare Workstation. I scanned different networks (about 100 Hosts) and I’m getting in many cases (80%) the OS “HP JetDirect” (cpe:/h:hp:jetdirect).
I’ve seen, that for this “ICMP based OS fingerprinting / detection.” (220.127.116.11.4.1.25618.104.22.168002) is responsible.
So I’ve duplicated the “System Discovery” Scan-Config and have disabled the ICMP product detection. I’ve also activated some other OS-Detections. But when I’m now using the new scan config I’m getting the same results. For this I’ve deleted all old data before a new scan with the new config.
In this context I’ve the following questions:
Why is the OS-Detection in my case so inaccurate (with nmap I’m getting a much better result). What I’m doing wrong?
Why is the ICMP based OS fingerprinting used in my new scan config. I’ve disabled this kind of detection.
I can understand that some detections may bee wrong. But in my case most of them are wrong.
Does this have any effects of further scans? For example I have started an old Windows Server 2008 VM and hopped this one will get identified as out of support or something like this? Also I have an old switch running with default credentials and some other issues which I hopped should be recognized. Is this a consequence of the faulty OS-detection? Or are the informations from the system discovery not taken for further scans?
Maybe, the high number of wrong OS-Detection is based on a faulty network driver or a problem with VMware NAT-mode. As I said before, I was surprised by the number of wrong OS-detections. I couldn’t image that a well-known software like openvas wouldn’t be able to detect the OS but tools like nmap, which seems to be used by openvas, are making a good job. So I’ve tested different Scan Configurations. Some with Credential some with different kinds of OS-detection. It results were very strange. Sometimes I got different results by doing the same thing and always clearing collected data before.
My VM is sometimes not able to reach another system in the network, when I’m starting a scan. Maybe it happens when a high number of connections are open at the same time. At this point it’s not even possible to open a connection to a webserver with curl.
I changed the interface mode to bridged and - surprise surprise – it works like a charm.