So I am having a bit of confusion.
I’ve been doing VA scans, and at some point I found out that my results are very… Little. Sure, less vulnerabilities are good, but… I was expecting more.
What I meant was, I was expecting to see several vulnerabilities, however the completed scan only highlighted a few.
The host, from netstat, shows way more ports than the Openvas could report.
And I did the default full and fast scans, you can be sure I wasn’t playing with the scan config.
And I also did nmap on the host, which did show a pretty good reflection of the netstat.
But one could also argue perhaps, those ports aren’t a security issue so it wasn’t in the report.
Can anyone shed some light on this?