I am using Openvas vulnerability scanner in my pentesting. I followed Hackersploit video and waited quite few minutes for it to get started. But, when it starts it shows requested and after a refresh it shows me scanning is done and the host is considered to be dead. However if i do same site scan with Owasp ZAP then it shows me multiple vulnerabilities. Can anyone tell me whats is this?
@D4rkhunt3r It sounds like you got flagged during the scan with OpenVas. I tend to lean more toward Owasp Zap. Automated scanners tend to get false positives, which is a down side but they do save tons of time.
flag means reported of got blocked by the waf?
@MoNsTeR if this is the case then why is OWASP-ZAP not being blocked by the waf and only openvas is getting blocked?
@Rootsec Many factors can contribute. How many connections it is making at once. The user-agents being used and its rotation. Passive or aggressive scanning. If it was running through Tor or not. It is hard to pin point the issue without knowing all the info.
1 Like
can we remain anonymous while performing a vuln scan of a remote website using OWASP-ZAP if we use tor and proxychains together? I mean that’s not a browser based tool thats why.
@Rootsec I am going to do an extensive write up on this subject this weekend. Since it seems to be a popular subject.
How will i get to know about this write-up? Will you upload a link to it?