Reports shows wrongly correlated results when vhosts are involved


I am scanning a range of hosts, where a lot of them are behind the same IP (vhosts and/or loadbalanced). If I extract a report (regardless of what kind) it just shows a single hostname for each unique IP - none of the others.

My target list contains a mixture of IPs and hostnames (where a lot of them are vhosts, behind the same IP).

I figured it might be taking the first hit from the asset list and stamping the vulnerability related to the IP with that. I then tried to remove the IP > hostname mapping for a specific IP and run a scan again - the issue remains.

Tried both with and without expand_vhosts - but the issue when extracting the report, remains.

I then figured that it might only be doing it for duplicate entries, but I verified that it correlated results for two different websites as well. I am not the only one looking at the results, and I need to be able to extract reports that shows coverage of the agreed upon scope for the scan - regardless if there might be duplicates. Now I can’t see whether all the hosts from my target list where actually scanned - at least not from the report. Then I have to search the report on the platform, filter on the hostname, go the the relevant asset IP and check the associated hostnames.

Do any of you guys have a suggestion on how I can get all the hosts (including vhosts) I defined in my target list, present in the report? (if they have vulnerabilities, of course).

1 Like

Hi @kr0gh and welcome to the forum :slight_smile:

I’ll take a look and ask around to see if something is weird or if it’s normal behavior.




Hi DeeAnn,

Thank you - if I need to elaborate on something, please let me know.


Hi DeeAnn,

Did you have time to look into this? :slight_smile:


Hi @kr0gh, still looking but I had forgotten to ask which version and platform you are running. :slightly_smiling_face:

(Quick second followup to add in the template):

Here’s a template that’ll help us see what your setup is like:

GVM versions

gsad: (‘gsad --version’)
gvmd: (‘gvmd --version’)
openvas-scanner: (‘openvas --version’, in older GVM versions < 11: ‘openvassd --version’)


Operating system:
Kernel: (‘uname -a’)
Installation method / source:

(edit to add for anyone reading, this topic continued internally)

Hi again DeeAnn,

Thank you for your quick response.

Requested information here:

GVM versions
gsad = 21.4.2
gvmd = 21.4.3
openvas-scanner = 21.4.2
gvm-libs 21.4.2

Operating system: Kali Linux
Kernel: Linux x 5.10.0-kali9-amd64 #1 SMP Debian 5.10.46-4kali1 (2021-08-09) x86_64 GNU/Linux
Installation method: Kali default repository