How does OpenVAS identify the manufacturer and type of equipment that will be scanned (router, switch, balancer or firewall) and with this information does it perform the appropriate vulnerability tests?
The scanner performs different activities to detect and identify on what is running on the scan target. This highly depends on the exposed services and protocols running on them or in case of authenticated scans what software is installed and available for that user. So sometimes it’s as simple as reading reading a banner, sometimes a special file or calling protocol specific functions etc.
And yes, based on this detection phase further vulnerability tests will be launched.
2 Likes
With SSH access to devices, is any SNMP OID read to identify the manufacturer and model?
Someone? needed to address this issue
Depending if there is a detection VTS present for a device.
There are SSH and SNMP based detection VTS for many kind of devices. If any you have deployed is missing feel free to share information so this might get added.
In general credentials can be provided for both SSH and SNMP to perform authenticated scans and in case of SNMP common default community strings will be checked if enabled and will be used later on if found.
1 Like