Boreas: how does it work?

Can someone eleborate a bit more about Boreas?

In topic Use boreas as alive scanner - #3 by tux I read Boreas is only used when test_alive_hosts_only = yes and you only gain performance by using this option.

I thought Boreas was a replacement for nmap ans was faster overall, even with “Consider Alive”.

When I run a scan on the same hardware for a single host with both nmap and Boreas, I don’t see a difference in speed.

I was wondering if someone can tell me more about Boreas :smile:

Hi @PBSH,

Boreas replaced the old alive test method, a nasl script which uses nmap. You will not see a difference when you scan a single host, but a big difference for large networks. Boreas will take always at least 5 seconds.
The main difference is that with the old classic method via host_alive_detection.nasl, the host scan must be started, the script is launched, and once the it is detected alive, the scan continue. Otherwise, the host scan finishes.
With boreas, the scanner detects first all alive hosts (quite faster than parsing and running a script) and only starts a host scan for those host which were found alive.
Also, boreas runs in parallel with the scanner. While the scanner already scans the first alive hosts found by boreas, boreas continues testing for other alive hosts in the target list.

Best regards,

4 Likes

That’s pretty neat. Thank you!

@jjnicola
Does test_alive_hosts_only needs to be set to yes in openvas.conf to use Boreas?

What happens if you use alive test Consider alive together with test_alive_hosts_only set to yes in openvas.conf? Will dead hosts be scanned to or only the alive ones?

I know this is an open-source community so don’t feel pressured, but I was wondering if you have some time to eleborate a bit more on this @jjnicola