Vulnerability scanning a very vulnerable machine at risk of crashing


I need to scan some very vulnerable machines that are at risk of crashing. I used Openvas a lot in the past but never had to scan this type of computer. We really can’t afford to crash them.

I looked at the documentation and except for the discovery scans, there doesn’t seem to be a “safe” vulnerability scan. I think my best option right now would be to use the empty template and adjust the NVT’s so that the most hardcore scans are left out. Am I right?

Thanks for reading, have a great day!

Hello and welcome to this community portal.

This question / inquiry will be difficult to answer because no one knows / can estimate when or in which situation the target in question would crash.

For example i have seen services crashing just by getting port scanned or systems completely failing (hard reset required) if receiving a Heartbleed related request.

A general advice is to start as slow / as possible, this could include changing some of the following settings:

  • the Timing policy of the VT Nmap (NASL wrapper) (OID: to e.g. Normal or lower
  • the time_between_request scanner preference to some higher value (Note: This might increase scan time)
  • the Maximum concurrently executed NVTs per host to 1 (Note: This might increase scan time)
  • the Enable CGI scanning of the VT Global variable settings (OID: to no to disable HTTP based VTs (which are usually putting a high load on the target)
  • make sure that the safe_checks scanner preference in the used scan configuration is set to yes
  • a smaller port list like e.g. All IANA assigned TCP

Disclaimer: While this might lower the probability of a system crashing (due to e.g. less load on the target) there is no guarantee that a crash still happens.

If the scan is successful and the target didn’t crash you can start to change the settings described above step by step back to their defaults to see how the target behaves.

More reading about these topics are available here: