I am new to GVM and am trialing it with a potential idea of us moving from Nessus.
We tend to be scanning hardware devices on LAN that are so called “Smart devices” which tend to have old, out of date software on them and I would love to get some help with scanning setup.
When I use NMAP with the following command
nmap -sS -sU -T4 -A -v 10.104.10.102
I can sniff the following UDP service.
PORT STATE SERVICE VERSION 47808/udp open bacnet | bacnet-info: | Vendor ID: Unknown Vendor Number (1002) | Vendor Name: Maco Lighting | Object-identifier: 572244 | Firmware: vx01.07.13.01 | Application Software: 1.6 | Object Name: zencontrol AC/LCM/RCM - Unnasigned - Test 1 - 572244 | Model Name: zencontrol AC/LCM/RCM
When I use the All IANA assigned TCP and UDP scan with some changed I found here on the forum I cannot see the same service. I get zero results.
I have turned off silent checks.
I have tried to create a check for a full sweep of the UDP port range however I feel that timed out and just said there were no ports open.
I have made a port list with just the 47808 port in it and then the service is discovered.
I’m after some pointers etc that I can try to enable me to find all exposed ports and test them against vulnerabilities.