October 20, 2022, 5:57pm
I need to scan some very vulnerable machines that are at risk of crashing. I used Openvas a lot in the past but never had to scan this type of computer. We really can’t afford to crash them.
I looked at the documentation and except for the discovery scans, there doesn’t seem to be a “safe” vulnerability scan. I think my best option right now would be to use the empty template and adjust the NVT’s so that the most hardcore scans are left out. Am I right?
Thanks for reading, have a great day!
October 21, 2022, 8:00am
Hello and welcome to this community portal.
This question / inquiry will be difficult to answer because no one knows / can estimate when or in which situation the target in question would crash.
For example i have seen services crashing just by getting port scanned or systems completely failing (hard reset required) if receiving a Heartbleed related request.
A general advice is to start as slow / as possible, this could include changing some of the following settings:
Timing policy of the VT
Nmap (NASL wrapper) (OID: 220.127.116.11.4.1.25618.104.22.16859) to e.g.
Normal or lower
time_between_request scanner preference to some higher value (Note: This might increase scan time)
Maximum concurrently executed NVTs per host to
1 (Note: This might increase scan time)
Enable CGI scanning of the VT
Global variable settings (OID: 22.214.171.124.4.1.256126.96.36.19988) to
no to disable HTTP based VTs (which are usually putting a high load on the target)
make sure that the
safe_checks scanner preference in the used scan configuration is set to
a smaller port list like e.g.
All IANA assigned TCP
Disclaimer: While this
might lower the probability of a system crashing (due to e.g. less load on the target) there is no guarantee that a crash still happens.
If the scan is successful and the target didn’t crash you can start to change the settings described above step by step back to their defaults to see how the target behaves.
More reading about these topics are available here: