Conficker Search InvasiveInvasive search for conficker and MS08-673com switch2hubFake IP (alive and on same subnet as scanner):entry3com switch2hubNetwork interface on OpenVAS box (used for scanning):entry3com switch2hubNumber of packets:entry1000000Availability of scanner helper toolsPerform tool checkcheckboxyesCPE-based Policy CheckSingle CPEentrycpe:/CPE-based Policy CheckCPE ListfileCPE-based Policy CheckSeverityradioHighMediumLowCPE-based Policy CheckSeverity uponradiopresentmissingCompliance TestsLaunch GSHB (10. EL)checkboxnoCompliance TestsVerbose GSHB resultscheckboxnoGlobal variable settingsEnable CGI scanningcheckboxyesGlobal variable settingsEnable experimental scriptscheckboxnoGlobal variable settingsThorough tests (slow)checkboxnoGlobal variable settingsDebug levelentry0Global variable settingsHTTP User-AgententryMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)Global variable settingsLog verbosityradioNormalQuietVerboseDebugGlobal variable settingsNetwork typeradioMixed (use RFC 1918)Private LAN Public WAN (Internet)Global variable settingsReport paranoiaradioNormalAvoid false alarmsParanoid (more false alarms)Global variable settingsReport verbosityradioNormalQuietVerboseGreenbone LSC AgentKB file to importfileGrundschutzhandbuch, 10. ELBerichtformatradioTextTabellarischText und TabellarischHTTP NIDS evasionCGI.pm semicolon separatorcheckboxnoHTTP NIDS evasionDos/Windows syntaxcheckboxnoHTTP NIDS evasionDouble slashescheckboxnoHTTP NIDS evasionHTTP/0.9 requestscheckboxnoHTTP NIDS evasionNull methodcheckboxnoHTTP NIDS evasionParameter hidingcheckboxnoHTTP NIDS evasionPremature request endingcheckboxnoHTTP NIDS evasionRandom case sensitivity (Nikto only)checkboxnoHTTP NIDS evasionSelf-reference directoriescheckboxnoHTTP NIDS evasionTAB separatorcheckboxnoHTTP NIDS evasionUse HTTP HEAD instead of GETcheckboxnoHTTP NIDS evasionForce protocol string :entryHTTP NIDS evasionHTTP User-AgententryHTTP NIDS evasionAbsolute URI hostradiononehost namehost IPrandom namerandom IPHTTP NIDS evasionAbsolute URI typeradiononefilegopherhttpHTTP NIDS evasionReverse traversalradiononeBasicLong URLHTTP NIDS evasionURL encodingradiononeHexUTF-16 (double byte) UTF-16 (MS %u)Incorrect UTF-8HTTP login pageLogin form :entryHTTP login pageLogin form fields :entryuser=%USER%&pass=%PASS%HTTP login pageLogin page :entry/LDAPsearchBuffersizeentry500LDAPsearchTimeout valueentry3Login configurationsNever send SMB credentials in clear textcheckboxyesLogin configurationsOnly use NTLMv2checkboxnoLogin configurationsFTP account :entryanonymousLogin configurationsFTP writeable directory :entry/incomingLogin configurationsHTTP account :entryLogin configurationsIMAP account :entryLogin configurationsNNTP account :entryLogin configurationsPOP2 account :entryLogin configurationsPOP3 account :entryLogin configurationsFTP password (sent in clear) :passwordLogin configurationsHTTP password (sent in clear) :passwordLogin configurationsIMAP password (sent in clear) :passwordLogin configurationsNNTP password (sent in clear) :passwordLogin configurationsPOP2 password (sent in clear) :passwordLogin configurationsPOP3 password (sent in clear) :passwordMisc information on News serverLocal distributioncheckboxyesMisc information on News serverNo archivecheckboxnoMisc information on News serverFrom address :entryOpenVAS <listme@listme.dsbl.org>Misc information on News serverMax crosspost :entry7Misc information on News serverTest group name regex :entryf[a-z]\.tests?NIDS evasionSend fake RST when establishing a TCP connectioncheckboxnoNIDS evasionTCP evasion techniqueradiononesplitinjectionshort ttlNikto (NASL wrapper)Force scan even without 404scheckboxnoNmap (NASL wrapper)Do not randomize the order in which ports are scannedcheckboxnoNmap (NASL wrapper)Do not scan targets not in the filecheckboxnoNmap (NASL wrapper)Fragment IP packets (bypasses firewalls)checkboxnoNmap (NASL wrapper)Get Identd infocheckboxnoNmap (NASL wrapper)Identify the remote OScheckboxnoNmap (NASL wrapper)RPC port scancheckboxnoNmap (NASL wrapper)Run dangerous port scans even if safe checks are setcheckboxnoNmap (NASL wrapper)Service scancheckboxnoNmap (NASL wrapper)UDP port scancheckboxnoNmap (NASL wrapper)Use hidden option to identify the remote OScheckboxnoNmap (NASL wrapper)Host Timeout (ms) :entryNmap (NASL wrapper)Initial RTT timeout (ms) :entryNmap (NASL wrapper)Max RTT Timeout (ms) :entryNmap (NASL wrapper)Min RTT Timeout (ms) :entryNmap (NASL wrapper)Minimum wait between probes (ms)entryNmap (NASL wrapper)Ports scanned in parallel (max)entryNmap (NASL wrapper)Ports scanned in parallel (min)entryNmap (NASL wrapper)Source port :entryNmap (NASL wrapper)File containing grepable results :fileNmap (NASL wrapper)TCP scanning technique :radioconnect()SYN scanFIN scanXmas Tree scanNull scanNmap (NASL wrapper)Timing policy :radioAuto (openvas specific!)NormalInsaneAggressivePoliteSneakyParanoidCustomPassword cracking (NASL wrappers common options)Add accounts found by other plugins to login filecheckboxyesPassword cracking (NASL wrappers common options)Exit as soon as an account is foundcheckboxnoPassword cracking (NASL wrappers common options)Try empty passwordscheckboxnoPassword cracking (NASL wrappers common options)Try login as passwordcheckboxnoPassword cracking (NASL wrappers common options)Number of parallel tasks :entry16Password cracking (NASL wrappers common options)Timeout (in seconds) :entry30Password cracking (NASL wrappers common options)Logins file :filePassword cracking (NASL wrappers common options)Passwords file :filePing HostMark unrechable Hosts as dead (not scanning)checkboxyesPing HostReport about unrechable HostscheckboxnoSLAD RunAnalyse SNMP-Traps collected by snmptrapd (Linux only)checkboxnoSLAD RunAnalyse Syslog-Files for security incidents (Linux only)checkboxnoSLAD RunExecute ChkRootKit to find installed rootkits (Linux only)checkboxnoSLAD RunExecute ClamAV to search for virus-infected files (Linux only)checkboxnoSLAD RunExecute John-the-Ripper to find weak user passwordscheckboxnoSLAD RunExecute LSOF to retrieve a list of open files (Linux only)checkboxnoSLAD RunExecute Tiger for various checks (Linux only)checkboxnoSLAD RunExecute Tripwire HIDS to check system's file integrity (Linux only)checkboxnoSLAD RunExecute ovaldi for scanning OVAL described issuescheckboxnoSLAD RunExecute ssh vulnkey to detect unsecure SSH RSA and DSA keys from broken Debian OpenSSL pkt (Linux only)checkboxnoSLAD RunFetch Snort-Events from the Snort MYSQL Database (Linux only)checkboxnoSLAD Runfetch hardware MB sensors (Linux only)checkboxnoSLAD RunClamAV levelradioMove infected files to quarantineRemove infected filesMove infected files to quarantine exclude archives (.zip, .tgz, etc)Remove infected files exclude archives (.zip, .tgz, etc)SLAD Runjohn levelradioFast-CrackDictionary Mode (slow)Full-Crack (very slow)SLAD Runovaldi report formatradioTextHTMLSLAD Runsyslogwatch levelradioAnalyse SysLogs low detailAnalyse SysLogs medium detailAnalyse SysLogs high detailSLAD Runtiger levelradioChecks user and passwd on local systemCheck Filesystem PermissionsCheck Systems Configuration and applicationsCheck running System and ProcessesPerform all Tiger checks on systemSMB AuthorizationSMB domain (optional):entrySMB AuthorizationSMB login:entrySMB AuthorizationSMB password:passwordSMTP settingsFrom address :entrynobody@example.comSMTP settingsThird party domain :entryexample.comSMTP settingsTo address :entrypostmaster@[AUTO_REPLACED_IP]SSH AuthorizationUse per-target login informationcheckboxnoSSH AuthorizationSSH login name:entrysshovasSSH AuthorizationSSH private key:fileSSH AuthorizationSSH public key:fileSSH AuthorizationSSH key passphrase:passwordSSH AuthorizationSSH password (unsafe!):passwordSSH AuthorizationKeys:sshlogin-ServicesNetwork connection timeout :entry5ServicesNetwork read/write timeout :entry5ServicesNumber of connections done in parallel :entry6ServicesWrapped service read timeout :entry2ServicesCA file :fileServicesSSL certificate :fileServicesSSL private key :fileServicesPEM password :passwordServicesTest SSL based servicesradioKnown SSL portsAllNoneWeb mirroringNumber of pages to mirror :entry200Web mirroringStart page :entry/amap (NASL wrapper)Quickercheckboxnoamap (NASL wrapper)RPC (disabled in safe_checks)checkboxyesamap (NASL wrapper)SSL (disabled in safe_checks)checkboxyesamap (NASL wrapper)UDP scan (disabled in safe_checks)checkboxnoamap (NASL wrapper)Connection retriesentryamap (NASL wrapper)Connection timeoutentryamap (NASL wrapper)Parallel tasksentryamap (NASL wrapper)Read timeoutentryamap (NASL wrapper)File containing machine readable results :fileamap (NASL wrapper)ModeradioMap applicationsJust grab bannersPort scan onlyauto_enable_dependenciesyescgi_path/cgi-bin:/scriptschecks_read_timeout5ike-scan (NASL wrapper)Enable Aggressive Modecheckboxyesike-scan (NASL wrapper)Enable Main Modecheckboxnoike-scan (NASL wrapper)Enable fingerprint using Aggressive Modecheckboxnoike-scan (NASL wrapper)Enable fingerprint using Main Modecheckboxnoike-scan (NASL wrapper)Authentication methodsentry1,2,3,4,5,6,7,8,64221,65001ike-scan (NASL wrapper)Destination port numberentry500ike-scan (NASL wrapper)Diffie-Hellman groupsentry1,2,3,4,5ike-scan (NASL wrapper)Encryption algorithmsentry1,2,3,4,5,6,7/128,7/196,7/256,8ike-scan (NASL wrapper)Group namesentryvpnike-scan (NASL wrapper)Hash algorithmsentry1,2,3,4,5,6ike-scan (NASL wrapper)Maximum retryentry3ike-scan (NASL wrapper)Maximum timeoutentryike-scan (NASL wrapper)Source port numberentry500kb_dont_replay_attacksnokb_dont_replay_denialsnokb_dont_replay_info_gatheringnokb_dont_replay_scannersnokb_max_age864000kb_restorenolog_whole_attacknomax_checks4max_hosts20non_simult_ports139, 445only_test_hosts_whose_kb_we_dont_havenoonly_test_hosts_whose_kb_we_havenooptimize_testyesplugins_timeout320pnscan (NASL wrapper)Pnscan Concurrent worker threadsentrypnscan (NASL wrapper)Pnscan Timeoutentryport_rangedefaultportbunny (NASL wrapper)Wait longer for triggers to returncheckboxnosafe_checksnosave_knowledge_baseyessilent_dependenciesyesslice_network_addressesnosnmpwalk 'scanner'Community name :entrypublicsnmpwalk 'scanner'Number of retries :entrysnmpwalk 'scanner'TCP/UDP port :entrysnmpwalk 'scanner'Timeout between retries :entrysnmpwalk 'scanner'SNMP protocol :radio12csnmpwalk 'scanner'SNMP transport layer :radioudptcpstrobe (NASL wrapper)Disable usage of getpeernamecheckboxnostrobe (NASL wrapper)Strobe local port to bind outgoing requestsentrystrobe (NASL wrapper)Strobe number of sockets in parallelentrystrobe (NASL wrapper)Strobe timeoutentryuse_mac_addrnow3af (NASL wrapper)Profileentryfull_auditConficker Search Invasive121.3.6.1.4.1.25623.1.0.900056Conficker Search Invasive121.3.6.1.4.1.25623.1.0.900091