Validating the scanning engine

Forgive what is possibly a silly question but I’m struggling to validate the new engine as all of my prior issues have been downgraded to a zero CVSS score. Ive scanned numerous hosts now returning nothing but 0 info issues.
What would be the easiest way to validate that the engine is in fact working? Ive got nothing left to scan to prove it and am a little worried. I realize i probably shouldn’t be but i need to get a positive result to prove this somehow.
Any suggestions?

Hi rjc,

Metasploitable might work for this as a target.

1 Like

For whatever its worth i did this, setup the metsploitable VM, and ran the scan, and it still returned nothing but informational results.
31 of them, but all level 0 issues.

for example:
Service Detection with ‘GET’ Request
Risk: Info
Application: unknown
Port: 8787
Protocol: tcp
Script ID: 17975

Vulnerability Detection Result:
A Distributed Ruby (dRuby/DRb) service seems to be running on this port.

CVSS Base Vector:

This plugin performs service detection.
This plugin is a complement of find_service.nasl. It sends a ‘GET’ request
to the remaining unknown services and tries to identify them.

CVSS Base Score:
Family name:
Service detection

Im at a loss at this point, ive scanned virtually everything i have access to and no matter what i do everything comes back with zero level issues even when i know that doesn’t seem right.
My confidence is low that this is working correctly but I’m not sure how to resolve it.

Have you tried the GSM Trial ? It seems that your setup is not correct.

1 Like

Dont know how it could be but ill look into that next, thank you for the suggestion.