UH OpenVAS Scanner

The University of Hawaii Information Technology Services hosts a vulnerability scanner that can be used to scan any system on the University of Hawaii network. Batch scanning is restricted to authorized individuals for their areas of purview. Please "Request Access" for subnets you are responsible for. The vulnerability scanner helps identify known vulnerabilities and misconfigurations on common servers and workstations. It may not identify ALL of the vulnerabilities on the system and will sometimes report false positives. Read the report carefully and verify any of the reported vulnerabilities. Once you fix the reported vulnerability, run the scanner again to verify that it has been fixed.

The OpenVAS scanner has been updated! Visit https://openvas.hawaii.edu to try it out.

NOTE: Scans and reports will automatically be deleted every 30 days. Download reports when viewing them if you want to keep them.

Self-Scan Walkthrough

  1. Login to the OpenVAS interface using your UH Credentials
  2. Click on "Scan this computer" in the sidebar
  3. Verify that the page displays your correct public IP Address. NOTE: The scanner will only work on systems that have a public IP and will not correctly scan if your system only has a private IP.
  4. Press the "Start Scan Now" button
  5. Click on "View Results" in the sidebar to monitor the progress of your scan.

Batch Scan Walkthrough

  1. Login to the OpenVAS interface using your UH Credentials
  2. Click on "Request Access" in the sidebar
  3. Fill out the following information and submit:
    • IP addresses you want to scan. Only list public IP addresses. You can either list each server's IP individually or use a subnet mask if you are responsible for an entire network.
    • Your Department Name
    • Your Position Title
    • Your Phone Number
    • Your Supervisor's Name
    • Your Supervisor's Phone Number
  4. Wait for InfoSec to approve your request. You will receive an email if your request is approved
  5. Click on "Submit Batch Scan" in the sidebar
  6. Your authorized scan targets will appear in the left column. You can use the left column to select servers or entire subnets to scan, or use the right column to list individual servers you want to scan. If you only need to scan a few select IPs, it is best to type them out.
  7. Click on the "Enable Scheduling" checkbox to choose a time for the scan to start. Change the "Recurrence" box if you want this scan to recur in the future (Monthly, Quarterly, Bi-Annually, or Yearly).
  8. Press the "Scan these targets" button to submit the scan request.

Viewing Scan Progress and Results

  1. Click on "View results" in the sidebar
  2. Scans will be sorted into three tables: Running, Scheduled, and Finished, determined by the status of the scan.
  3. The table is broken down into 10 columns:
    • Created: Date the scan was created
    • Next Run: If scheduled, the date and time the scan will run
    • Status: Current status of the scan (Done, Scheduled, Running)
    • Progress: Completion percentage of the scan
    • Severity: Highest vulnerability severity reported for the scan
    • H in a red box: Number of high-severity vulnerabilities reported
    • M in a gold box: Number of medium-severity vulnerabilities reported
    • L in a blue box: Number of low-severity vulnerabilities reported
    • Log: Number of log/informational details reported
    • Targets: List of IPs scanned
  4. Additionally, there are several action buttons appended to each entry (some tables have more functionality than others):
    • Magnifying Glass: View the scan report
    • X: Delete the scan and the report
    • Play Button: Start a scheduled scan or restart a stopped scan
    • Stop Button: Stop a running scan. Note: Stopped scans cannot be resumed, only restarted

Downloading Scan Results

  1. Once the scan has completed and appears in the Finished Scans table, click on the Magnifying Glass next to the report you would like to download
  2. At the top of the report page, look for "Download Report:"
  3. Select the format you would like your report in. Click on txt if you would like a text file report

    NOTE: Scans and reports will automatically be deleted every 30 days. Download reports when viewing them if you want to keep them.

Please rate the quality of this answer: Poor Fair Okay Good Excellent
Not the answer you were looking for? Try different keyword combinations and if you still can’t find your answer, please contact us.
Article ID: 1772
Created: Wed, 05 Sep 2018 8:50am
Modified: Mon, 19 Aug 2019 3:53pm