Kind of new to GB, but have a long history in various IT areas.
I am trying to get a CVE scan functioning on GCE.
Here is a quick layout of what I’ve done:
• Created VM on Hyper-V.
• Performed initial setup.
• Opened port TCP 873 for Community Feed.
• Waited a long time (note that it is mentioned a few times in here to be patient. Yeah, be patient. Come back tomorrow kind of patient. Data needs to be pulled, then built into databases - you don’t see this happening nor any kind of feedback)
• Created a target (lets call it Server1)
• Created a Task (Full and Very Deep)
• Performed the scan
• Reviewed the report
This is pretty darn helpful… but where I’m struggling is performing a CVE scan. My understanding is that I must have the data from a normal ‘full and fast’ or other ‘FULL and whatever’ scan to run a CVE scan.
I’ve created a separate task & set it for CVE scanning against Server1, but when I launch the task, it completes the moment it has started and there are no results.
I can view the CVEs under SecInfo & they are there…
Is there some troubleshooting I can perform to get this working properly?
I’ve run the ‘Full and Fast’ scans against a few of our internal and public facing IPs & came back with a report I am happy with (not a CVE report) - I was exploring the options I suppose & wanted to see all the angles.
Would like to express my thanks to Lukas, cfi, and of course any who may happen read this & work on these tools.
and shows all vulnerabilities listed there. If there is e.g. a current Apache HTTP Server 2.4.39 detected the CVE scanner currently won’t return any results as seen here: