• Subscribe to the low volume list for updates.

OpenVAS Scheduled Scanning

Use this automated version of the hosted OpenVAS Vulnerability Scanner to monitor your Internet facing systems, and be alerted to changes on your servers, firewall or border routers.

Vulnerability Scans can be scheduled for weekly or monthly testing. Reports can be issued via email after every scan or only if a change is detected in the results.

Schedule OpenVAS Vulnerability Scans
Login for access to Scheduled OpenVAS Scanning
Detect network vulnerabilities with regular scanning

MEMBERSHIP BENEFITS
  • Regular security vulnerability scanning
  • Detailed reporting for risk assessment and re-mediation
  • Vulnerability Alerts on detected changes in results
  • Custom scans; Full Scan, Web Server, WordPress & Joomla
  • Access to 27 Vulnerability Scanners and OSINT Tools
  • Trusted Open Source Tools

Additional Information

Selecting Your Targets

Using this automated Vulnerability Scanner you are able to scan a single IP address 192.123.x.x, a hostname scanme.nmap.org or a range of IP addresses 192.168.0.0/24. It is also possible to schedule a list of targets in one hit using the bulk add option as noted below.

If you wish to target a range of IP addresses you may use the format 192.168.1.1-50 or in CIDR 192.168.1.0/24. This can be up to a full /24 net block. 254 IP addresses are the maximum amount that can be scanned on one scan profile.
Warning: Please ensure any subnets do not overlap onto targets you do not have permission to scan.

Adding targets in bulk
Multiple targets can be added by submitting a list of targets. All targets from list will have scan properties as selected in the form. It is not possible to add both IPv4 and IPv6 targets as a list (create two lists). Note that adding multiple targets with different labels is possible by having the list contain comma separated values.

Example csv for adding a list of targets

192.168.1.1,target1-label
192.168.1.2,target2-label
192.168.1.3
192.168.1.4,target4-label

Hosts Not Listed in Report

If the report shows missing hosts listed under the summary, this indicates the targets have not been found to be alive during discovery. This usually means the target is not responding to ICMP with no common TCP ports open or it is behind an Intrusion Prevention System / Firewall that has blocked the scanners source IP address after detecting the scan.

It is recommended to allow ICMP from our servers so that host discovery is successful. If icmp (ping) is blocked the following TCP ports will be tested to determine if the host is alive (21,22,23,25,53,80,110,111,135,139,143,443,445,993,995,1723,3306,3389,5900,8080,137,587,3128,8081).

Vulnerability Testing from behind a firewall or intrusion prevention device can be unreliable with timeouts, slow scanning (rate limiting) and varied results being reported. The configuration used is a balance between the need for getting an accurate picture of the attack surface with the performance requirements of Internet based scanning.

If testing behind CloudFlare or other Internet based firewalls you should be aware that results may be inaccurate or varied and scans may take a long time to complete due to rate limiting.

Determining the number of available Scans

The number of IP addresses that can be scanned is based on a monthly quota. If you wish to scan a full Class C net block, then this can be performed every month or a smaller block of 64 addresses could be scanned every week (64 x 4 weeks in month = 256 monthly).

Time of Scheduled Scans

The scans can be scheduled for any hour during the day. Port scans are then queued on that hour, and will run in sequence. If you scheduled 20 scans for 13:00 UTC they will not all run simultaneously right on 13:00, they will be queued at 13:00 and run as scan servers are available.

Viewing Results and Status

The status is determined by comparing two most recent OpenVAS scans. The scans can be initiated manually through the web interface or launched as part of a scheduled scan operation. The comparison of the results is performed by comparing csv of the results and determining if there is a difference in the discovered vulnerabilities or CVSS score.

No Change This indicates the previous two scans are identical.
  Changed   This indicates there is a difference in results of the previous two scans.
   No Data    There is not enough data to determine the status (results not available for comparison). See below for more.
   Running    An OpenVAS scan is currently running, progress will be indicated in the table above.
   Queued    The scan is currently queued to run when the next available server is available.
     Error      There was a problem running the scan, try again or contact support if this continues

Results are delivered to the user in an email with attached HTML report from OpenVAS. If a user chooses to receive results every time then an email is dispatched following the completion of the scan, otherwise emails are only sent if a change is detected in the scan results. All results are also able to be viewed through the web interface.

Why is the profile showing "no data"?

After adding a new scan profile the scan will show No Data until a scan has completed. You will also not see any results when you click on the scan details button.

To run an initial scan after adding a new profile, click the RUN NOW button to force a scan to run immediately. This will populate the scan profile and allow the (change / no change) comparison to take place once a scheduled scan does run.

Warning about Security Monitoring

A vulnerability scan is an intrusive scan that will create a large amount of noise on the network against the targeted system. It is important you understand that this scan will take place regularly and that any security monitoring in place is aware of the source IP addresses of our scanners (Server IP List). Security teams must be aware that this testing is being configured against a system that they are responsible for, otherwise they may detect the scanning as an attack against the organisation.