Forgive what is possibly a silly question but I’m struggling to validate the new engine as all of my prior issues have been downgraded to a zero CVSS score. Ive scanned numerous hosts now returning nothing but 0 info issues.
What would be the easiest way to validate that the engine is in fact working? Ive got nothing left to scan to prove it and am a little worried. I realize i probably shouldn’t be but i need to get a positive result to prove this somehow.
Any suggestions?
Hi rjc,
Metasploitable might work for this as a target.
1 Like
For whatever its worth i did this, setup the metsploitable VM, and ran the scan, and it still returned nothing but informational results.
31 of them, but all level 0 issues.
for example:
Service Detection with ‘GET’ Request
Risk: Info
Application: unknown
Port: 8787
Protocol: tcp
Script ID: 17975
Vulnerability Detection Result:
A Distributed Ruby (dRuby/DRb) service seems to be running on this port.
CVSS Base Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:N
Summary:
This plugin performs service detection.
This plugin is a complement of find_service.nasl. It sends a ‘GET’ request
to the remaining unknown services and tries to identify them.
CVSS Base Score:
0.0
Family name:
Service detection
Category:
infos
Created:
2005-11-03T13:08:04Z
Modified:
2021-06-18T12:11:02Z
Im at a loss at this point, ive scanned virtually everything i have access to and no matter what i do everything comes back with zero level issues even when i know that doesn’t seem right.
My confidence is low that this is working correctly but I’m not sure how to resolve it.
Have you tried the GSM Trial ? It seems that your setup is not correct.
1 Like
Dont know how it could be but ill look into that next, thank you for the suggestion.